Summer Special Sale - Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 575363r9

Welcome To DumpsPedia

312-50 Sample Questions Answers

Questions 4

A penetration tester is attempting to scan an internal corporate network from the internet without alerting the border sensor. Which is the most efficient technique should the tester consider using?

Options:

A.

Spoofing an IP address

B.

Tunneling scan over SSH

C.

Tunneling over high port numbers

D.

Scanning using fragmented IP packets

Buy Now
Questions 5

What results will the following command yield: 'NMAP -sS -O -p 123-153 192.168.100.3'?

Options:

A.

A stealth scan, opening port 123 and 153

B.

A stealth scan, checking open ports 123 to 153

C.

A stealth scan, checking all open ports excluding ports 123 to 153

D.

A stealth scan, determine operating system, and scanning ports 123 to 153

Buy Now
Questions 6

After gaining access to the password hashes used to protect access to a web based application, knowledge of which cryptographic algorithms would be useful to gain access to the application?

Options:

A.

SHA1

B.

Diffie-Helman

C.

RSA

D.

AES

Buy Now
Questions 7

A botnet can be managed through which of the following?

Options:

A.

IRC

B.

E-Mail

C.

Linkedin and Facebook

D.

A vulnerable FTP server

Buy Now
Questions 8

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

Options:

A.

Cavity virus

B.

Polymorphic virus

C.

Tunneling virus

D.

Stealth virus

Buy Now
Questions 9

What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256 bit key to share sensitive data?

Options:

A.

Due to the key size, the time it will take to encrypt and decrypt the message hinders efficient communication.

B.

To get messaging programs to function with this algorithm requires complex configurations.

C.

It has been proven to be a weak cipher; therefore, should not be trusted to protect sensitive data.

D.

It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message.

Buy Now
Questions 10

An IT security engineer notices that the company’s web server is currently being hacked. What should the engineer do next?

Options:

A.

Unplug the network connection on the company’s web server.

B.

Determine the origin of the attack and launch a counterattack.

C.

Record as much information as possible from the attack.

D.

Perform a system restart on the company’s web server.

Buy Now
Questions 11

Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?

Options:

A.

The root CA is the recovery agent used to encrypt data when a user's certificate is lost.

B.

The root CA stores the user's hash value for safekeeping.

C.

The CA is the trusted root that issues certificates.

D.

The root CA is used to encrypt email messages to prevent unintended disclosure of data.

Buy Now
Questions 12

Which element of Public Key Infrastructure (PKI) verifies the applicant?

Options:

A.

Certificate authority

B.

Validation authority

C.

Registration authority

D.

Verification authority

Buy Now
Questions 13

Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network’s IDS?

Options:

A.

Timing options to slow the speed that the port scan is conducted

B.

Fingerprinting to identify which operating systems are running on the network

C.

ICMP ping sweep to determine which hosts on the network are not available

D.

Traceroute to control the path of the packets sent during the scan

Buy Now
Questions 14

Which of the following levels of algorithms does Public Key Infrastructure (PKI) use?

Options:

A.

RSA 1024 bit strength

B.

AES 1024 bit strength

C.

RSA 512 bit strength

D.

AES 512 bit strength

Buy Now
Questions 15

When comparing the testing methodologies of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) the main difference is

Options:

A.

OWASP is for web applications and OSSTMM does not include web applications.

B.

OSSTMM is gray box testing and OWASP is black box testing.

C.

OWASP addresses controls and OSSTMM does not.

D.

OSSTMM addresses controls and OWASP does not.

Buy Now
Questions 16

Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection?

Options:

A.

NMAP -PN -A -O -sS 192.168.2.0/24

B.

NMAP -P0 -A -O -p1-65535 192.168.0/24

C.

NMAP -P0 -A -sT -p0-65535 192.168.0/16

D.

NMAP -PN -O -sS -p 1-1024 192.168.0/8

Buy Now
Questions 17

Smart cards use which protocol to transfer the certificate in a secure manner?

Options:

A.

Extensible Authentication Protocol (EAP)

B.

Point to Point Protocol (PPP)

C.

Point to Point Tunneling Protocol (PPTP)

D.

Layer 2 Tunneling Protocol (L2TP)

Buy Now
Questions 18

What is the broadcast address for the subnet 190.86.168.0/22?

Options:

A.

190.86.168.255

B.

190.86.255.255

C.

190.86.171.255

D.

190.86.169.255

Buy Now
Questions 19

Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process. Which of the following is the correct bit size of the Diffie-Hellman (DH) group 5?

Options:

A.

768 bit key

B.

1025 bit key

C.

1536 bit key

D.

2048 bit key

Buy Now
Questions 20

On a Linux device, which of the following commands will start the Nessus client in the background so that the Nessus server can be configured?

Options:

A.

nessus +

B.

nessus *s

C.

nessus &

D.

nessus -d

Buy Now
Questions 21

Which tool can be used to silently copy files from USB devices?

Options:

A.

USB Grabber

B.

USB Dumper

C.

USB Sniffer

D.

USB Snoopy

Buy Now
Questions 22

A hacker searches in Google for filetype:pcf to find Cisco VPN config files. Those files may contain connectivity passwords that can be decoded with which of the following?

Options:

A.

Cupp

B.

Nessus

C.

Cain and Abel

D.

John The Ripper Pro

Buy Now
Questions 23

A recently hired network security associate at a local bank was given the responsibility to perform daily scans of the internal network to look for unauthorized devices. The employee decides to write a script that will scan the network for unauthorized devices every morning at 5:00 am.

Which of the following programming languages would most likely be used?

Options:

A.

PHP

B.

C#

C.

Python

D.

ASP.NET

Buy Now
Questions 24

Which of the following parameters enables NMAP's operating system detection feature?

Options:

A.

NMAP -sV

B.

NMAP -oS

C.

NMAP -sR

D.

NMAP -O

Buy Now
Questions 25

A computer technician is using a new version of a word processing software package when it is discovered that a special sequence of characters causes the entire computer to crash. The technician researches the bug and discovers that no one else experienced the problem. What is the appropriate next step?

Options:

A.

Ignore the problem completely and let someone else deal with it.

B.

Create a document that will crash the computer when opened and send it to friends.

C.

Find an underground bulletin board and attempt to sell the bug to the highest bidder.

D.

Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.

Buy Now
Questions 26

A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take?

Options:

A.

Threaten to publish the penetration test results if not paid.

B.

Follow proper legal procedures against the company to request payment.

C.

Tell other customers of the financial problems with payments from this company.

D.

Exploit some of the vulnerabilities found on the company webserver to deface it.

Buy Now
Questions 27

Which initial procedure should an ethical hacker perform after being brought into an organization?

Options:

A.

Begin security testing.

B.

Turn over deliverables.

C.

Sign a formal contract with non-disclosure.

D.

Assess what the organization is trying to protect.

Buy Now
Questions 28

A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back end database.

In order for the tester to see if SQL injection is possible, what is the first character that the tester should use to attempt breaking a valid SQL request?

Options:

A.

Semicolon

B.

Single quote

C.

Exclamation mark

D.

Double quote

Buy Now
Questions 29

What is a successful method for protecting a router from potential smurf attacks?

Options:

A.

Placing the router in broadcast mode

B.

Enabling port forwarding on the router

C.

Installing the router outside of the network's firewall

D.

Disabling the router from accepting broadcast ping messages

Buy Now
Questions 30

What is the best defense against privilege escalation vulnerability?

Options:

A.

Patch systems regularly and upgrade interactive login privileges at the system administrator level.

B.

Run administrator and applications on least privileges and use a content registry for tracking.

C.

Run services with least privileged accounts and implement multi-factor authentication and authorization.

D.

Review user roles and administrator privileges for maximum utilization of automation services.

Buy Now
Questions 31

An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker's next step be before starting work on this job?

Options:

A.

Start by foot printing the network and mapping out a plan of attack.

B.

Ask the employer for authorization to perform the work outside the company.

C.

Begin the reconnaissance phase with passive information gathering and then move into active information gathering.

D.

Use social engineering techniques on the friend's employees to help identify areas that may be susceptible to attack.

Buy Now
Questions 32

A consultant has been hired by the V.P. of a large financial organization to assess the company's security posture. During the security testing, the consultant comes across child pornography on the V.P.'s computer. What is the consultant's obligation to the financial organization?

Options:

A.

Say nothing and continue with the security testing.

B.

Stop work immediately and contact the authorities.

C.

Delete the pornography, say nothing, and continue security testing.

D.

Bring the discovery to the financial organization's human resource department.

Buy Now
Questions 33

A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response?

Options:

A.

Say no; the friend is not the owner of the account.

B.

Say yes; the friend needs help to gather evidence.

C.

Say yes; do the job for free.

D.

Say no; make sure that the friend knows the risk she’s asking the CEH to take.

Buy Now
Questions 34

Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?

Options:

A.

Truecrypt

B.

Sub7

C.

Nessus

D.

Clamwin

Buy Now
Questions 35

Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy of financial reports?

Options:

A.

Sarbanes-Oxley Act (SOX)

B.

Gramm-Leach-Bliley Act (GLBA)

C.

Fair and Accurate Credit Transactions Act (FACTA)

D.

Federal Information Security Management Act (FISMA)

Buy Now
Questions 36

How can a policy help improve an employee's security awareness?

Options:

A.

By implementing written security procedures, enabling employee security training, and promoting the benefits of security

B.

By using informal networks of communication, establishing secret passing procedures, and immediately terminating employees

C.

By sharing security secrets with employees, enabling employees to share secrets, and establishing a consultative help line

D.

By decreasing an employee's vacation time, addressing ad-hoc employment clauses, and ensuring that managers know employee strengths

Buy Now
Questions 37

Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion?

Options:

A.

Regulatory compliance

B.

Peer review

C.

Change management

D.

Penetration testing

Buy Now
Questions 38

Which of the following guidelines or standards is associated with the credit card industry?

Options:

A.

Control Objectives for Information and Related Technology (COBIT)

B.

Sarbanes-Oxley Act (SOX)

C.

Health Insurance Portability and Accountability Act (HIPAA)

D.

Payment Card Industry Data Security Standards (PCI DSS)

Buy Now
Questions 39

Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design, and implementation?

Options:

A.

Penetration testing

B.

Social engineering

C.

Vulnerability scanning

D.

Access control list reviews

Buy Now
Questions 40

When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?

Options:

A.

At least once a year and after any significant upgrade or modification

B.

At least once every three years or after any significant upgrade or modification

C.

At least twice a year or after any significant upgrade or modification

D.

At least once every two years and after any significant upgrade or modification

Buy Now
Questions 41

Which type of security document is written with specific step-by-step details?

Options:

A.

Process

B.

Procedure

C.

Policy

D.

Paradigm

Buy Now
Questions 42

How do employers protect assets with security policies pertaining to employee surveillance activities?

Options:

A.

Employers promote monitoring activities of employees as long as the employees demonstrate trustworthiness.

B.

Employers use informal verbal communication channels to explain employee monitoring activities to employees.

C.

Employers use network surveillance to monitor employee email traffic, network access, and to record employee keystrokes.

D.

Employers provide employees written statements that clearly discuss the boundaries of monitoring activities and consequences.

Buy Now
Questions 43

International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining

Options:

A.

guidelines and practices for security controls.

B.

financial soundness and business viability metrics.

C.

standard best practice for configuration management.

D.

contract agreement writing standards.

Buy Now
Questions 44

Which of the following problems can be solved by using Wireshark?

Options:

A.

Tracking version changes of source code

B.

Checking creation dates on all webpages on a server

C.

Resetting the administrator password on multiple systems

D.

Troubleshooting communication resets between two systems

Buy Now
Questions 45

What is the correct PCAP filter to capture all TCP traffic going to or from host 192.168.0.125 on port 25?

Options:

A.

tcp.src == 25 and ip.host == 192.168.0.125

B.

host 192.168.0.125:25

C.

port 25 and host 192.168.0.125

D.

tcp.port == 25 and ip.host == 192.168.0.125

Buy Now
Questions 46

Fingerprinting VPN firewalls is possible with which of the following tools?

Options:

A.

Angry IP

B.

Nikto

C.

Ike-scan

D.

Arp-scan

Buy Now
Questions 47

When using Wireshark to acquire packet capture on a network, which device would enable the capture of all traffic on the wire?

Options:

A.

Network tap

B.

Layer 3 switch

C.

Network bridge

D.

Application firewall

Buy Now
Questions 48

At a Windows Server command prompt, which command could be used to list the running services?

Options:

A.

Sc query type= running

B.

Sc query \\servername

C.

Sc query

D.

Sc config

Buy Now
Questions 49

Which of the following is a strong post designed to stop a car?

Options:

A.

Gate

B.

Fence

C.

Bollard

D.

Reinforced rebar

Buy Now
Questions 50

While performing data validation of web content, a security technician is required to restrict malicious input. Which of the following processes is an efficient way of restricting malicious input?

Options:

A.

Validate web content input for query strings.

B.

Validate web content input with scanning tools.

C.

Validate web content input for type, length, and range.

D.

Validate web content input for extraneous queries.

Buy Now
Questions 51

A hacker was able to sniff packets on a company's wireless network. The following information was discovered:

Using the Exlcusive OR, what was the original message?

Options:

A.

00101000 11101110

B.

11010111 00010001

C.

00001101 10100100

D.

11110010 01011011

Buy Now
Questions 52

Which of the following types of firewall inspects only header information in network traffic?

Options:

A.

Packet filter

B.

Stateful inspection

C.

Circuit-level gateway

D.

Application-level gateway

Buy Now
Questions 53

Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP?

Options:

A.

Metasploit scripting engine

B.

Nessus scripting engine

C.

NMAP scripting engine

D.

SAINT scripting engine

Buy Now
Questions 54

Which of the following techniques does a vulnerability scanner use in order to detect a vulnerability on a target service?

Options:

A.

Port scanning

B.

Banner grabbing

C.

Injecting arbitrary data

D.

Analyzing service response

Buy Now
Questions 55

A company firewall engineer has configured a new DMZ to allow public systems to be located away from the internal network. The engineer has three security zones set:

The engineer wants to configure remote desktop access from a fixed IP on the remote network to a remote desktop server in the DMZ. Which rule would best fit this requirement?

Options:

A.

Permit 217.77.88.0/24 11.12.13.0/24 RDP 3389

B.

Permit 217.77.88.12 11.12.13.50 RDP 3389

C.

Permit 217.77.88.12 11.12.13.0/24 RDP 3389

D.

Permit 217.77.88.0/24 11.12.13.50 RDP 3389

Buy Now
Questions 56

A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed like an electrician and waits in the lobby for an employee to pass through the main access gate, then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform?

Options:

A.

Man trap

B.

Tailgating

C.

Shoulder surfing

D.

Social engineering

Buy Now
Questions 57

The network administrator for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronically over the Internet. Customers visiting the site will need to encrypt the data with HTTPS. Which type of certificate is used to encrypt and decrypt the data?

Options:

A.

Asymmetric

B.

Confidential

C.

Symmetric

D.

Non-confidential

Buy Now
Questions 58

WPA2 uses AES for wireless data encryption at which of the following encryption levels?

Options:

A.

64 bit and CCMP

B.

128 bit and CRC

C.

128 bit and CCMP

D.

128 bit and TKIP

Buy Now
Questions 59

The precaution of prohibiting employees from bringing personal computing devices into a facility is what type of security control?

Options:

A.

Physical

B.

Procedural

C.

Technical

D.

Compliance

Buy Now
Questions 60

A pentester gains access to a Windows application server and needs to determine the settings of the built-in Windows firewall. Which command would be used?

Options:

A.

Netsh firewall show config

B.

WMIC firewall show config

C.

Net firewall show config

D.

Ipconfig firewall show config

Buy Now
Questions 61

Which of the following is a symmetric cryptographic standard?

Options:

A.

DSA

B.

PKI

C.

RSA

D.

3DES

Buy Now
Questions 62

When creating a security program, which approach would be used if senior management is supporting and enforcing the security policy?

Options:

A.

A bottom-up approach

B.

A top-down approach

C.

A senior creation approach

D.

An IT assurance approach

Buy Now
Questions 63

What is the most secure way to mitigate the theft of corporate information from a laptop that was left in a hotel room?

Options:

A.

Set a BIOS password.

B.

Encrypt the data on the hard drive.

C.

Use a strong logon password to the operating system.

D.

Back up everything on the laptop and store the backup in a safe place.

Buy Now
Questions 64

What is the name of the international standard that establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for evaluation?

Options:

A.

Blue Book

B.

ISO 26029

C.

Common Criteria

D.

The Wassenaar Agreement

Buy Now
Questions 65

Which of the following scanning tools is specifically designed to find potential exploits in Microsoft Windows products?

Options:

A.

Microsoft Security Baseline Analyzer

B.

Retina

C.

Core Impact

D.

Microsoft Baseline Security Analyzer

Buy Now
Questions 66

Which type of access control is used on a router or firewall to limit network activity?

Options:

A.

Mandatory

B.

Discretionary

C.

Rule-based

D.

Role-based

Buy Now
Questions 67

A security consultant decides to use multiple layers of anti-virus defense, such as end user desktop anti-virus and E-mail gateway. This approach can be used to mitigate which kind of attack?

Options:

A.

Forensic attack

B.

ARP spoofing attack

C.

Social engineering attack

D.

Scanning attack

Buy Now
Questions 68

What is the main advantage that a network-based IDS/IPS system has over a host-based solution?

Options:

A.

They do not use host system resources.

B.

They are placed at the boundary, allowing them to inspect all traffic.

C.

They are easier to install and configure.

D.

They will not interfere with user interfaces.

Buy Now
Questions 69

Which type of antenna is used in wireless communication?

Options:

A.

Omnidirectional

B.

Parabolic

C.

Uni-directional

D.

Bi-directional

Buy Now
Questions 70

Which of the following conditions must be given to allow a tester to exploit a Cross-Site Request Forgery (CSRF) vulnerable web application?

Options:

A.

The victim user must open the malicious link with an Internet Explorer prior to version 8.

B.

The session cookies generated by the application do not have the HttpOnly flag set.

C.

The victim user must open the malicious link with a Firefox prior to version 3.

D.

The web application should not use random tokens.

Buy Now
Questions 71

Which results will be returned with the following Google search query?

site:target.com -site:Marketing.target.com accounting

Options:

A.

Results matching all words in the query

B.

Results matching “accounting” in domain target.com but not on the site Marketing.target.com

C.

Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting

D.

Results for matches on target.com and Marketing.target.com that include the word “accounting”

Buy Now
Questions 72

Which of the following lists are valid data-gathering activities associated with a risk assessment?

Options:

A.

Threat identification, vulnerability identification, control analysis

B.

Threat identification, response identification, mitigation identification

C.

Attack profile, defense profile, loss profile

D.

System profile, vulnerability identification, security determination

Buy Now
Questions 73

When utilizing technical assessment methods to assess the security posture of a network, which of the following techniques would be most effective in determining whether end-user security training would be beneficial?

Options:

A.

Vulnerability scanning

B.

Social engineering

C.

Application security testing

D.

Network sniffing

Buy Now
Questions 74

Which security control role does encryption meet?

Options:

A.

Preventative

B.

Detective

C.

Offensive

D.

Defensive

Buy Now
Questions 75

A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?

Options:

A.

Perform a vulnerability scan of the system.

B.

Determine the impact of enabling the audit feature.

C.

Perform a cost/benefit analysis of the audit feature.

D.

Allocate funds for staffing of audit log review.

Buy Now
Questions 76

The following is a sample of output from a penetration tester's machine targeting a machine with the IP address of 192.168.1.106:

What is most likely taking place?

Options:

A.

Ping sweep of the 192.168.1.106 network

B.

Remote service brute force attempt

C.

Port scan of 192.168.1.106

D.

Denial of service attack on 192.168.1.106

Buy Now
Questions 77

What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response?

Options:

A.

Passive

B.

Reflective

C.

Active

D.

Distributive

Buy Now
Questions 78

A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed?

Options:

A.

white box

B.

grey box

C.

red box

D.

black box

Buy Now
Questions 79

Which of the following is a detective control?

Options:

A.

Smart card authentication

B.

Security policy

C.

Audit trail

D.

Continuity of operations plan

Buy Now
Questions 80

Passive reconnaissance involves collecting information through which of the following?

Options:

A.

Social engineering

B.

Network traffic sniffing

C.

Man in the middle attacks

D.

Publicly accessible sources

Buy Now
Questions 81

What is one thing a tester can do to ensure that the software is trusted and is not changing or tampering with critical data on the back end of a system it is loaded on?

Options:

A.

Proper testing

B.

Secure coding principles

C.

Systems security and architecture review

D.

Analysis of interrupts within the software

Buy Now
Questions 82

Which of the following is a preventive control?

Options:

A.

Smart card authentication

B.

Security policy

C.

Audit trail

D.

Continuity of operations plan

Buy Now
Questions 83

What information should an IT system analysis provide to the risk assessor?

Options:

A.

Management buy-in

B.

Threat statement

C.

Security architecture

D.

Impact analysis

Buy Now
Questions 84

A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching what times the bank employees come into work and leave from work, searching the bank's job postings (paying special attention to IT related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in?

Options:

A.

Information reporting

B.

Vulnerability assessment

C.

Active information gathering

D.

Passive information gathering

Buy Now
Questions 85

The following is part of a log file taken from the machine on the network with the IP address of 192.168.1.106:

What type of activity has been logged?

Options:

A.

Port scan targeting 192.168.1.103

B.

Teardrop attack targeting 192.168.1.106

C.

Denial of service attack targeting 192.168.1.103

D.

Port scan targeting 192.168.1.106

Buy Now
Questions 86

John the Ripper is a technical assessment tool used to test the weakness of which of the following?

Options:

A.

Usernames

B.

File permissions

C.

Firewall rulesets

D.

Passwords

Buy Now
Questions 87

An NMAP scan of a server shows port 25 is open. What risk could this pose?

Options:

A.

Open printer sharing

B.

Web portal data leak

C.

Clear text authentication

D.

Active mail relay

Buy Now
Questions 88

A covert channel is a channel that

Options:

A.

transfers information over, within a computer system, or network that is outside of the security policy.

B.

transfers information over, within a computer system, or network that is within the security policy.

C.

transfers information via a communication path within a computer system, or network for transfer of data.

D.

transfers information over, within a computer system, or network that is encrypted.

Buy Now
Questions 89

Least privilege is a security concept that requires that a user is

Options:

A.

limited to those functions required to do the job.

B.

given root or administrative privileges.

C.

trusted to keep all data and access to that data under their sole control.

D.

given privileges equal to everyone else in the department.

Buy Now
Questions 90

If the final set of security controls does not eliminate all risk in a system, what could be done next?

Options:

A.

Continue to apply controls until there is zero risk.

B.

Ignore any remaining risk.

C.

If the residual risk is low enough, it can be accepted.

D.

Remove current controls since they are not completely effective.

Buy Now
Questions 91

A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer decides to start by using netcat to port 80.

The engineer receives this output:

Which of the following is an example of what the engineer performed?

Options:

A.

Cross-site scripting

B.

Banner grabbing

C.

SQL injection

D.

Whois database query

Buy Now
Questions 92

Which of the following is a component of a risk assessment?

Options:

A.

Physical security

B.

Administrative safeguards

C.

DMZ

D.

Logical interface

Buy Now
Questions 93

Seth is starting a penetration test from inside the network. He hasn't been given any information about the network. What type of test is he conducting?

Options:

A.

Internal Whitebox

B.

External, Whitebox

C.

Internal, Blackbox

D.

External, Blackbox

Buy Now
Questions 94

Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP XMAS scan is used to identify listening ports on the targeted system.

If a scanned port is open, what happens?

Options:

A.

The port will ignore the packets.

B.

The port will send an RST.

C.

The port will send an ACK.

D.

The port will send a SYN.

Buy Now
Questions 95

Windows LAN Manager (LM) hashes are known to be weak.

Which of the following are known weaknesses of LM? (Choose three.)

Options:

A.

Converts passwords to uppercase.

B.

Hashes are sent in clear text over the network.

C.

Makes use of only 32-bit encryption.

D.

Effective length is 7 characters.

Buy Now
Questions 96

Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?

Options:

A.

Nikto

B.

Snort

C.

John the Ripper

D.

Dsniff

Buy Now
Questions 97

Due to a slowdown of normal network operations, IT department decided to monitor internet traffic for all of the employees. From a legal stand point, what would be troublesome to take this kind of measure?

Options:

A.

All of the employees would stop normal work activities

B.

IT department would be telling employees who the boss is

C.

Not informing the employees that they are going to be monitored could be an invasion of privacy.

D.

The network could still experience traffic slow down.

Buy Now
Questions 98

Name two software tools used for OS guessing? (Choose two.)

Options:

A.

Nmap

B.

Snadboy

C.

Queso

D.

UserInfo

E.

NetBus

Buy Now
Questions 99

You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerprint all machines in the network using the nmap syntax below, it is not going through.

What seems to be wrong?

Options:

A.

OS Scan requires root privileges.

B.

The nmap syntax is wrong.

C.

This is a common behavior for a corrupted nmap application.

D.

The outgoing TCP/IP fingerprinting is blocked by the host firewall.

Buy Now
Questions 100

Which of the following is the greatest threat posed by backups?

Options:

A.

A backup is the source of Malware or illicit information.

B.

A backup is unavailable during disaster recovery.

C.

A backup is incomplete because no verification was performed.

D.

An un-encrypted backup can be misplaced or stolen.

Buy Now
Questions 101

Knowing the nature of backup tapes, which of the following is the MOST RECOMMENDED way of storing backup tapes?

Options:

A.

In a cool dry environment

B.

Inside the data center for faster retrieval in a fireproof safe

C.

In a climate controlled facility offsite

D.

On a different floor in the same building

Buy Now
Questions 102

Using Windows CMD, how would an attacker list all the shares to which the current user context has access?

Options:

A.

NET USE

B.

NET CONFIG

C.

NET FILE

D.

NET VIEW

Buy Now
Questions 103

Destination unreachable administratively prohibited messages can inform the hacker to what?

Options:

A.

That a circuit level proxy has been installed and is filtering traffic

B.

That his/her scans are being blocked by a honeypot or jail

C.

That the packets are being malformed by the scanning software

D.

That a router or other packet-filtering device is blocking traffic

E.

That the network is functioning normally

Buy Now
Questions 104

Which of the following is considered the best way to protect Personally Identifiable Information (PII) from Web application vulnerabilities?

Options:

A.

Use cryptographic storage to store all PII

B.

Use encrypted communications protocols to transmit PII

C.

Use full disk encryption on all hard drives to protect PII

D.

Use a security token to log into all Web applications that use PII

Buy Now
Questions 105

The practical realities facing organizations today make risk response strategies essential. Which of the following is NOT one of the five basic responses to risk?

Options:

A.

Accept

B.

Mitigate

C.

Delegate

D.

Avoid

Buy Now
Questions 106

A software tester is randomly generating invalid inputs in an attempt to crash the program. Which of the following is a software testing technique used to determine if a software program properly handles a wide range of invalid input?

Options:

A.

Mutating

B.

Randomizing

C.

Fuzzing

D.

Bounding

Buy Now
Questions 107

Susan has attached to her company's network. She has managed to synchronize her boss's sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory.

What kind of attack is Susan carrying on?

Options:

A.

A sniffing attack

B.

A spoofing attack

C.

A man in the middle attack

D.

A denial of service attack

Buy Now
Questions 108

What does the following command in netcat do?

nc -l -u -p55555 < /etc/passwd

Options:

A.

logs the incoming connections to /etc/passwd file

B.

loads the /etc/passwd file to the UDP port 55555

C.

grabs the /etc/passwd file when connected to UDP port 55555

D.

deletes the /etc/passwd file when connected to the UDP port 55555

Buy Now
Questions 109

LM hash is a compromised password hashing function. Which of the following parameters describe LM Hash:?

I – The maximum password length is 14 characters.

II – There are no distinctions between uppercase and lowercase.

III – It’s a simple algorithm, so 10,000,000 hashes can be generated per second.

Options:

A.

I

B.

I, II, and III

C.

II

D.

I and II

Buy Now
Questions 110

If there is an Intrusion Detection System (IDS) in intranet, which port scanning technique cannot be used?

Options:

A.

Spoof Scan

B.

TCP Connect scan

C.

TCP SYN

D.

Idle Scan

Buy Now
Questions 111

You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles.

You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems.

In other words, you are trying to penetrate an otherwise impenetrable system.

How would you proceed?

Options:

A.

Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network

B.

Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information

C.

Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000 or more "zombies" and "bots"

D.

Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques

Buy Now
Questions 112

What network security concept requires multiple layers of security controls to be placed throughout an IT infrastructure, which improves the security posture of an organization to defend against malicious attacks or potential vulnerabilities?

Options:

A.

Security through obscurity

B.

Host-Based Intrusion Detection System

C.

Defense in depth

D.

Network-Based Intrusion Detection System

Buy Now
Questions 113

Which of the following is designed to identify malicious attempts to penetrate systems?

Options:

A.

Intrusion Detection System

B.

Firewall

C.

Proxy

D.

Router

Buy Now
Questions 114

Sandra has been actively scanning the client network on which she is doing a vulnerability assessment test.

While conducting a port scan she notices open ports in the range of 135 to 139.

What protocol is most likely to be listening on those ports?

Options:

A.

Finger

B.

FTP

C.

Samba

D.

SMB

Buy Now
Questions 115

In the context of Windows Security, what is a 'null' user?

Options:

A.

A user that has no skills

B.

An account that has been suspended by the admin

C.

A pseudo account that has no username and password

D.

A pseudo account that was created for security administration purpose

Buy Now
Questions 116

Bluetooth uses which digital modulation technique to exchange information between paired devices?

Options:

A.

PSK (phase-shift keying)

B.

FSK (frequency-shift keying)

C.

ASK (amplitude-shift keying)

D.

QAM (quadrature amplitude modulation)

Buy Now
Questions 117

Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?

Options:

A.

Restore a random file.

B.

Perform a full restore.

C.

Read the first 512 bytes of the tape.

D.

Read the last 512 bytes of the tape.

Buy Now
Questions 118

Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?

Options:

A.

Fast processor to help with network traffic analysis

B.

They must be dual-homed

C.

Similar RAM requirements

D.

Fast network interface cards

Buy Now
Questions 119

Which of the following programs is usually targeted at Microsoft Office products?

Options:

A.

Polymorphic virus

B.

Multipart virus

C.

Macro virus

D.

Stealth virus

Buy Now
Questions 120

A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?

Options:

A.

Paros Proxy

B.

BBProxy

C.

BBCrack

D.

Blooover

Buy Now
Questions 121

Which of the following is an application that requires a host application for replication?

Options:

A.

Micro

B.

Worm

C.

Trojan

D.

Virus

Buy Now
Questions 122

Which of the following describes the characteristics of a Boot Sector Virus?

Options:

A.

Moves the MBR to another location on the RAM and copies itself to the original location of the MBR

B.

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR

C.

Modifies directory table entries so that directory entries point to the virus code instead of the actual program

D.

Overwrites the original MBR and only executes the new virus code

Buy Now
Questions 123

In order to show improvement of security over time, what must be developed?

Options:

A.

Reports

B.

Testing tools

C.

Metrics

D.

Taxonomy of vulnerabilities

Buy Now
Questions 124

Which statement is TRUE regarding network firewalls preventing Web Application attacks?

Options:

A.

Network firewalls can prevent attacks because they can detect malicious HTTP traffic.

B.

Network firewalls cannot prevent attacks because ports 80 and 443 must be opened.

C.

Network firewalls can prevent attacks if they are properly configured.

D.

Network firewalls cannot prevent attacks because they are too complex to configure.

Buy Now
Exam Code: 312-50
Exam Name: Certified Ethical Hacker Exam
Last Update: Jul 18, 2024
Questions: 614
$64  $159.99
$48  $119.99
$40  $99.99
buy now 312-50