312-50V10 Exam Questions
937 real 312-50V10 exam questions with expert-verified answers and explanations. Page 11 of 19.
- Question #506Sniffing
Which of the following BEST describes how Address Resolution Protocol (ARP) works?
ARP protocolMAC address resolutionlayer 2 networkingbroadcast request - Question #507Social Engineering
Which of the following is a form of penetration testing that relies heavily on human interaction and often involves tricking people into breaking normal security procedures?
social engineeringhuman interactionpenetration testingsecurity awareness - Question #508Evading IDS, Firewalls, and Honeypots
What tool and process are you going to use in order to remain undetected by an IDS while pivoting and passing traffic over a server you've compromised and gained root access to?
CryptcatIDS evasionencrypted tunnelingtraffic obfuscation - Question #509System Hacking
You've just gained root access to a Centos 6 server after days of trying. What tool should you use to maintain access?
maintaining accesspersistenceuser account creationpost-exploitation - Question #510Malware Threats
What type of malware is it that restricts access to a computer system that it infects and demands that the user pay a certain amount of money, cryptocurrency, etc. to the operators...
ransomwaremalware classificationcryptocurrency extortionaccess restriction - Question #511Hacking Wireless Networks
The following are types of Bluetooth attack EXCEPT_____?
Bluetooth attacksBluejackingBluesnarfingwireless attack types - Question #512Hacking Web Applications
Which of the following is the BEST approach to prevent Cross-site Scripting (XSS) flaws?
XSS preventioninput validationoutput encodingweb application security - Question #513Sniffing
A possibly malicious sequence of packets that were sent to a web server has been captured by an Intrusion Detection System (IDS) and was saved to a PCAP file. As a network administ...
protocol analyzerPCAP analysisnetwork forensicspacket inspection - Question #514Hacking Web Applications
Which of the following is the BEST way to protect Personally Identifiable Information (PII) from being exploited due to vulnerabilities of varying web applications?
PII protectionencrypted communicationsweb application securitydata privacy - Question #515Sniffing
This configuration allows NIC to pass all traffic it receives to the Central Processing Unit (CPU), instead of passing only the frames that the controller is intended to receive. S...
promiscuous modeNIC configurationpacket capturenetwork sniffing - Question #516Cryptography
Which of the following is designed to verify and authenticate individuals taking part in a data exchange within an enterprise?
PKIdigital certificatesenterprise authenticationidentity verification - Question #517Vulnerability Analysis
A software tester is randomly generating invalid inputs in an attempt to crash the program. Which of the following is a software testing technique used to determine if a software p...
fuzzinginvalid input testingvulnerability testingsoftware security - Question #518Enumeration
What would you type on the Windows command line in order to launch the Computer Management Console provided that you are logged in as an admin?
Windows commandsComputer Management ConsoleMMCsystem administration - Question #519Hacking Wireless Networks
Which of the following is a wireless network detector that is commonly found on Linux?
Kismetwireless network detectionLinux toolswar driving - Question #520Cryptography
Which specific element of security testing is being assured by using hash?
hashingdata integritycryptographic propertiessecurity assurance - Question #521Information Security and Ethical Hacking Fundamentals
Which of the following is a restriction being enforced in "white box testing?"
white box testingpenetration testing typessecurity testing methodologies - Question #522Vulnerability Analysis
Which of the following is a vulnerability in GNU's bash shell (discovered in September of 2014) that gives attackers access to run remote commands on a vulnerable system?
Shellshockbash vulnerabilityremote code executionCVE-2014 - Question #523Cryptography
When security and confidentiality of data within the same LAN is of utmost priority, which IPSec mode should you implement?
IPSecESP transport modedata confidentialityVPN protocols - Question #524Scanning Networks
Jack was attempting to fingerprint all machines in the network using the following Nmap syntax: invictus@victim_server:~$ nmap -T4 -0 10.10.0.0/24 TCP/IP fingerprinting (for OS sca...
NmapOS fingerprintingroot privilegesnetwork scanning - Question #525Hacking Web Applications
While performing online banking using a Web browser, Kyle receives an email that contains an image of a well-crafted art. Upon clicking the image, a new tab on the web browser open...
CSRFcross-site request forgeryweb browser exploitationsession abuse - Question #526Hacking Web Applications
A hacker was able to easily gain access to a website. He was able to log in via the frontend user login form of the website using default or commonly used credentials. This exploit...
default credentialsdatabase hardeningauthentication weaknessessoftware design flaws - Question #527Information Security and Ethical Hacking Fundamentals
Supposed you are the Chief Network Engineer of a certain Telco. Your company is planning for a big business expansion and it requires that your network authenticate users connectin...
RADIUSAAA protocolsnetwork access controlauthentication - Question #528Cryptography
Which type of cryptography does SSL, IKE and PGP belongs to?
public key cryptographySSLPGPIKE - Question #529Evading IDS, Firewalls, and Honeypots
A recent security audit revealed that there were indeed several occasions that the company's network was breached. After investigating, you discover that your IDS is not configured...
false negativeIDS alertsintrusion detectionIDS configuration - Question #530Evading IDS, Firewalls, and Honeypots
Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?
dual-homedIDS/IPS hardwareproxy servernetwork security devices - Question #531Malware Threats
Which of the following is an application that requires a host application for replication?
virusmalware typeshost-dependent replicationmalware classification - Question #532Information Security and Ethical Hacking Fundamentals
Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?
backup verificationtape backupdata recoverybusiness continuity - Question #533Malware Threats
Which of the following describes the characteristics of a Boot Sector Virus?
boot sector virusMBRvirus characteristicsmalware types - Question #534Hacking Web Applications
Which statement is TRUE regarding network firewalls preventing Web Application attacks?
network firewall limitationsweb application attacksHTTP/HTTPS portsfirewall bypass - Question #535Hacking Wireless Networks
Bluetooth uses which digital modulation technique to exchange information between paired devices?
BluetoothPSKdigital modulationwireless protocols - Question #536Information Security and Ethical Hacking Fundamentals
In order to show improvement of security over time, what must be developed?
security metricssecurity improvementsecurity managementperformance measurement - Question #537Footprinting and Reconnaissance
Passive reconnaissance involves collecting information through which of the following?
passive reconnaissanceOSINTpublicly accessible sourcesinformation gathering - Question #538System Hacking
The following is a sample of output from a penetration tester's machine targeting a machine with the IP address of 192.168.1.106: What is most likely taking place?
brute forceremote service attackpassword crackingpenetration testing - Question #539Hacking Web Applications
Which statement best describes a server type under an N-tier architecture?
N-tier architectureserver rolesweb application designtier architecture - Question #540System Hacking
If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this sec...
trap doorbackdoorSDLCsoftware security - Question #541Denial of Service
Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/ IP specifications?
ping of deathDoS attack typesoversized packetsTCP/IP vulnerabilities - Question #542Scanning Networks
Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network's IDS?
NMAP timingIDS evasionport scanningscan speed - Question #543Information Security and Ethical Hacking Fundamentals
When comparing the testing methodologies of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) the main difference is
OWASPOSSTMMsecurity testing methodologycontrols - Question #544Hacking Web Applications
Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?
WebGoatOWASPvulnerable web applicationsecurity training - Question #545Information Security and Ethical Hacking Fundamentals
What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?
OSSTMMcompliance typessecurity methodologylegislative compliance - Question #546Cryptography
Which of the following algorithms provides better protection against brute force attacks by using a 160-bit message digest?
SHA-1message digesthash functionsbrute force resistance - Question #547Cryptography
Which cipher encrypts the plain text digit (bit or byte) one by one?
stream cipherencryption typesbit-by-bit encryptioncipher classification - Question #548Evading IDS, Firewalls, and Honeypots
Which of the following types of firewall inspects only header information in network traffic?
packet filterfirewall typesheader inspectionnetwork filtering - Question #549Evading IDS, Firewalls, and Honeypots
During a penetration test, the tester conducts an ACK scan using NMAP against the external interface of the DMZ firewall. NMAP reports that port 80 is unfiltered. Based on this res...
ACK scanstateless inspectionNMAPfirewall analysis - Question #550Evading IDS, Firewalls, and Honeypots
Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results? TCP p...
Firewalkfirewall traversalTTL exceededport filtering analysis - Question #551Cryptography
Which of the following is an example of an asymmetric encryption implementation?
asymmetric encryptionPGPpublic key cryptographyencryption algorithms - Question #552Cryptography
A hacker was able to sniff packets on a company's wireless network. The following information was discovered: The Key 10110010 01001011 The Cyphertext 01100101 01011010 Using the E...
XOR operationstream cipherciphertext decryptionwireless sniffing - Question #553Cryptography
Which of the following cryptography attack methods is usually performed without the use of a computer?
rubber hose attackcryptanalysis methodscoercionnon-technical attacks - Question #554Information Security and Ethical Hacking Fundamentals
Which of the following is a strong post designed to stop a car?
bollardphysical security controlsperimeter securityvehicle barriers - Question #555Information Security and Ethical Hacking Fundamentals
A Network Administrator was recently promoted to Chief Security Officer at a local university. One of employee's new responsibilities is to manage the implementation of an RFID car...
segregation of dutiesaccess controlRFIDsecurity governance