312-50V10 Exam Questions
937 real 312-50V10 exam questions with expert-verified answers and explanations. Page 12 of 19.
- Question #556Footprinting and Reconnaissance
A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, r...
passive reconnaissanceOSINTfootprinting techniquesdumpster diving - Question #557Scanning Networks
An NMAP scan of a server shows port 69 is open. What risk could this pose?
port 69TFTPunauthenticated accessopen port risks - Question #558Information Security and Ethical Hacking Fundamentals
What information should an IT system analysis provide to the risk assessor?
risk assessmentsecurity architectureIT system analysisinformation security management - Question #559Information Security and Ethical Hacking Fundamentals
Which of the following is a preventive control?
preventive controlssmart card authenticationsecurity controls classificationaccess control - Question #560Evading IDS, Firewalls, and Honeypots
An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network's external DMZ. The packet...
protocol analyzerPCAP analysisIDS false positivepacket inspection - Question #561SQL Injection
An attacker gains access to a Web server's database and displays the contents of the table that holds all of the names, passwords, and other user information. The attacker did this...
SQL injectioninput validationweb application securitydatabase exposure - Question #562Information Security and Ethical Hacking Fundamentals
Which of the following is a protocol specifically designed for transporting event messages?
SYSLOGevent logginglog transport protocolsnetwork protocols - Question #563Scanning Networks
Which of the following security operations is used for determining the attack surface of an organization?
attack surfacenetwork scanningDMZsecurity operations - Question #564Information Security and Ethical Hacking Fundamentals
The security concept of "separation of duties" is most similar to the operation of which type of security device?
separation of dutiesfirewallsecurity principlesaccess control - Question #565Information Security and Ethical Hacking Fundamentals
The "black box testing" methodology enforces which kind of restriction?
black box testingpenetration testingtesting methodologysecurity assessment - Question #566Information Security and Ethical Hacking Fundamentals
The "gray box testing" methodology enforces what kind of restriction?
gray box testingpenetration testingtesting methodologysecurity assessment - Question #567Information Security and Ethical Hacking Fundamentals
Which of the following lists are valid data-gathering activities associated with a risk assessment?
risk assessmentthreat identificationvulnerability identificationcontrol analysis - Question #568Information Security and Ethical Hacking Fundamentals
A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior...
black box testingrules of engagementexternal penetration testDMZ assessment - Question #569Information Security and Ethical Hacking Fundamentals
Which of the following is a detective control?
detective controlsaudit trailsecurity control typesmonitoring - Question #570Information Security and Ethical Hacking Fundamentals
Which of the following is a component of a risk assessment?
risk assessmentadministrative safeguardssecurity managementrisk components - Question #571Information Security and Ethical Hacking Fundamentals
Risks = Threats x Vulnerabilities is referred to as the:
risk equationthreat assessmentvulnerabilityrisk management - Question #572Evading IDS, Firewalls, and Honeypots
Which of the following is designed to identify malicious attempts to penetrate systems?
intrusion detection systemIDSmalicious activity detectionnetwork security - Question #573Hacking Web Servers
Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?
Niktoweb server scanningCGI testingvulnerability scanner - Question #574Sniffing
Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?
tcptracepacket capture analysisnetwork traffic analysistcpdump - Question #575Hacking Wireless Networks
Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?
Kismetwireless LAN detection802.11WLAN scanning - Question #576Vulnerability Analysis
Windows file servers commonly hold sensitive files, databases, passwords and more. Which of the following choices would be a common vulnerability that usually exposes them?
missing patchespatch managementWindows server securitycommon vulnerabilities - Question #577Evading IDS, Firewalls, and Honeypots
While conducting a penetration test, the tester determines that there is a firewall between the tester's machine and the target machine. The firewall is only monitoring TCP handsha...
circuit-level gatewayfirewall typesTCP handshakingOSI session layer - Question #578Evading IDS, Firewalls, and Honeypots
A company firewall engineer has configured a new DMZ to allow public systems to be located away from the internal network. The engineer has three security zones set: Untrust (Inter...
firewall rulesRDP access controlDMZ configurationleast privilege firewall policy - Question #579Evading IDS, Firewalls, and Honeypots
A circuit level gateway works at which of the following layers of the OSI Model?
circuit-level gatewayOSI modelfirewall typesnetwork layers - Question #580Cryptography
Which of the following is a symmetric cryptographic standard?
symmetric encryption3DEScryptographic standardsencryption algorithms - Question #581Cryptography
Which property ensures that a hash function will not produce the same hashed value for two different messages?
hash functionscollision resistancecryptographic propertiesintegrity - Question #582Hacking Web Servers
How can telnet be used to fingerprint a web server?
banner grabbingweb server fingerprintingtelnetHTTP - Question #583Information Security and Ethical Hacking Fundamentals
Low humidity in a data center can cause which of the following problems?
physical securitydata centerenvironmental controlsstatic electricity - Question #584Social Engineering
A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed lik...
tailgatingphysical securityaccess controlpenetration testing - Question #585Hacking Web Applications
While performing data validation of web content, a security technician is required to restrict malicious input. Which of the following processes is an efficient way of restricting...
input validationweb securitydata sanitizationinjection prevention - Question #586Information Security and Ethical Hacking Fundamentals
A covert channel is a channel that
covert channelinformation securitysecurity policydata exfiltration - Question #587Information Security and Ethical Hacking Fundamentals
Least privilege is a security concept that requires that a user is
least privilegeaccess controlsecurity principlesauthorization - Question #588Information Security and Ethical Hacking Fundamentals
If the final set of security controls does not eliminate all risk in a system, what could be done next?
risk managementresidual risksecurity controlsrisk acceptance - Question #589System Hacking
What is one thing a tester can do to ensure that the software is trusted and is not changing or tampering with critical data on the back end of a system it is loaded on?
software integrityinterrupt analysistamper detectionsystem security - Question #590Information Security and Ethical Hacking Fundamentals
Which of the following examples best represents a logical or technical control?
security controlslogical controlstechnical controlssecurity tokens - Question #591Information Security and Ethical Hacking Fundamentals
It is an entity or event with the potential to adversely impact a system through unauthorized access, destruction, disclosure, denial of service or modification of data. Which of t...
threat definitionsecurity terminologyrisk conceptsunauthorized access - Question #592Social Engineering
Initiating an attack against targeted businesses and organizations, threat actors compromise a carefully selected website by inserting an exploit resulting in malware infection. Th...
watering hole attackzero-day exploitstargeted attacksdrive-by download - Question #593Enumeration
You have successfully gained access to your client's internal network and successfully comprised a Linux server which is part of the internal IP network. You want to know which Mic...
SMBport 445file sharingWindows networking - Question #594Hacking Wireless Networks
It is a short-range wireless communication technology intended to replace the cables connecting portable of fixed devices while maintaining high levels of security. It allows mobil...
Bluetoothshort-range wirelesswireless protocolswireless security - Question #595Evading IDS, Firewalls, and Honeypots
You have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible Intrusion Detection Syste...
Cryptcatencrypted tunnelingIDS evasionpivoting - Question #596Malware Threats
It is a kind of malware (malicious software) that criminals install on your computer so they can lock it from a remote location. This malware generates a pop-up window, webpage, or...
ransomwaremalware typesextortionremote lockout - Question #597Scanning Networks
Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection?
NMAPOS fingerprintingICMP bypassTCP port scanning - Question #598Information Security and Ethical Hacking Fundamentals
While checking the settings on the internet browser, a technician finds that the proxy server settings have been checked and a computer is trying to use itself as a proxy server. W...
loopback addressproxy settings127.0.0.1network configuration - Question #599Scanning Networks
A company has five different subnets: 192.168.1.0, 192.168.2.0, 192.168.3.0, 192.168.4.0 and 192.168.5.0. How can NMAP be used to scan these adjacent Class C networks?
NMAPsubnet scanningmultiple networksCIDR notation - Question #600Evading IDS, Firewalls, and Honeypots
A penetration tester is attempting to scan an internal corporate network from the internet without alerting the border sensor. Which is the most efficient technique should the test...
SSH tunnelingstealth scanningIDS evasionborder sensor - Question #601Scanning Networks
A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use?
Nmapport scanningIP protocol scan-sO switch - Question #602Scanning Networks
ICMP ping and ping sweeps are used to check for active systems and to check
ICMPping sweepfirewall traversalactive host discovery - Question #603Scanning Networks
Which command line switch would be used in NMAP to perform operating system detection?
NmapOS detection-O switchfingerprinting - Question #604Footprinting and Reconnaissance
A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into t...
nslookupDNS queryNS recordsinteractive mode - Question #605Footprinting and Reconnaissance
A hacker searches in Google for filetype:pcf to find Cisco VPN config files. Those files may contain connectivity passwords that can be decoded with which of the following?
Google hackingVPN config filesCain and Abelpassword decoding