312-50V10 Exam Questions
937 real 312-50V10 exam questions with expert-verified answers and explanations. Page 16 of 19.
- Question #759Scanning Networks
You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet 10.1.4.0/23. Which of the following IP addresses could be leased as a result of the...
subnettingCIDR /23DHCP configurationIP address ranges - Question #760Vulnerability Analysis
Your company was hired by a small healthcare provider to perform a technician assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-base...
Nessusvulnerability scanningWindows assessmentscan tools - Question #761Sniffing
You are analyzing a traffic on the network with Wireshark. You want to routinely run a cron job which will run the capture against a specific set of IPs. - 192.168.8.0/24. What com...
tsharkpacket capturenetwork filteringsubnet capture - Question #762Social Engineering
Initiating an attack against targeted business and organizations, threat actors compromise a carefully selected website by inserting an exploit resulting in malware infection. The...
watering hole attackzero-day exploitstargeted malwaredrive-by download - Question #763Malware Threats
What kind of detection techniques is being used in antivirus softwares that identifies malware by collecting data from multiple protected systems and instead of analyzing files loc...
cloud-based detectionantivirusmalware detectioncollective intelligence - Question #764Information Security and Ethical Hacking Fundamentals
Which of these options is the most secure procedure for storing backup tapes?
backup securityoffsite storagephysical securitydata protection - Question #765Information Security and Ethical Hacking Fundamentals
Which security strategy requires using several, varying methods to protect IT systems against attacks?
defense in depthlayered securitysecurity strategymulti-layer protection - Question #766Scanning Networks
Which utility will tell you in real time which ports are listening or in another state?
TCPViewport monitoringreal-time connectionsnetwork state - Question #767Information Security and Ethical Hacking Fundamentals
Which of the following statements regarding ethical hacking is incorrect?
ethical hacking principlespenetration testing ethicsauthorized testingexploit tools - Question #768Cryptography
A common cryptographical tool is the use of XOR. XOR the following binary values: 10110001 00111010
XOR operationbinary arithmeticcryptographic primitivesbitwise operations - Question #769Cloud Computing
Why containers are less secure that virtual machine?
container securityvirtual machineshypervisor isolationCPU starvation - Question #770Information Security and Ethical Hacking Fundamentals
Which of the following is a component of a risk assessment?
risk assessmentadministrative safeguardssecurity controlscompliance - Question #771Cryptography
Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?
PKIdigital certificatesidentity authenticationpublic key infrastructure - Question #772Malware Threats
You are monitoring the network of your organizations. You notice that: 1. There are huge outbound connections from your Internal Network to External IPs 2. On further investigation...
command and controlmalware remediationblacklisted IPsfirewall response - Question #773Footprinting and Reconnaissance
Peter is surfing the internet looking for information about DX Company. Which hacking process is Peter doing?
footprintingpassive reconnaissanceOSINTinformation gathering - Question #774Cryptography
Jim's company regularly performs backups of their critical servers. But the company cannot afford to send backup tapes to an off-site vendor for long-term storage and archiving. In...
backup encryptiondata in transittape securityphysical protection - Question #775Sniffing
A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencryp...
Wiresharkdisplay filterFTP port 21unencrypted protocols - Question #776Cryptography
What is the known plaintext attack used against DES which gives the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more sec...
meet-in-the-middle attackDESdouble encryptioncryptanalysis - Question #777Evading IDS, Firewalls, and Honeypots
What is the minimum number of network connections in a multihomed firewall?
multihomed firewallnetwork interfacesfirewall architecturenetwork connections - Question #778Hacking Web Servers
Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?
Niktoweb server scanningCGI testingvulnerability scanning - Question #779Evading IDS, Firewalls, and Honeypots
Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, small sized packets to the target computer, making it very difficult for an IDS to dete...
session splicingIDS evasionWhiskerpacket fragmentation - Question #780Sniffing
DHCP snooping is a great solution to prevent rogue DHCP servers on your network. Which security feature on switchers leverages the DHCP snooping database to help prevent man-in-the...
Dynamic ARP InspectionDHCP snoopingARP spoofingman-in-the-middle prevention - Question #781Cryptography
Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP does not encrypt email, leaving the information in the message vulnerable to being read by a...
STARTTLSSMTPTLS encryptionemail security - Question #782Footprinting and Reconnaissance
Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatt...
phishingsocial engineering prepopen-source intelligencereconnaissance - Question #783Information Security and Ethical Hacking Fundamentals
Your business has decided to add credit card numbers to the data it backs up to tape. Which of the following represents the best practice your business should observe?
data backupencryption at restcredit card securityrisk management - Question #784Hacking Web Servers
When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two cr...
Nmap scripting engineHTTP methodsweb server enumerationPUT DELETE detection - Question #785Information Security and Ethical Hacking Fundamentals
Suppose your company has just passed a security risk assessment exercise. The results display that the risk of the breach in the main company application is 50%. Security staff has...
risk assessmentrisk acceptancerisk thresholdsecurity controls - Question #786Footprinting and Reconnaissance
Which of the following Linux commands will resolve a domain name into IP address?
DNS resolutionhost commandLinux CLIdomain-to-IP - Question #787Sniffing
Which of the following is a command line packet analyzer similar to GUI-based Wireshark?
tcpdumppacket captureCLI toolsnetwork analysis - Question #788Cryptography
User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive em...
OSI modelpresentation layerPKI encryptionasymmetric cryptography - Question #789Information Security and Ethical Hacking Fundamentals
Which of the following steps for risk assessment methodology refers to vulnerability identification?
risk assessmentvulnerability identificationrisk methodologyIT system flaws - Question #790Sniffing
An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network's external DMZ. The packet...
protocol analyzerPCAP analysisIDS alertsfalse positive investigation - Question #791Social Engineering
CompanyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the...
email spoofingemail gateway bypasssender forgeryemail security - Question #792Cryptography
Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?
IPseclayer 3 encryptionend-to-end encryptionFTP security - Question #793Cryptography
What is one of the advantages of using both symmetric and asymmetric cryptogrsphy in SSL/TLS?
SSL/TLShybrid cryptographyasymmetric vs symmetricsession key exchange - Question #794Cryptography
In the field of cryptanalysis, what is meant by a "rubber-hose" attack?
rubber-hose attackcryptanalysiscoercionside-channel attack - Question #795Sniffing
You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. Y...
Wireshark filterssyslogsnortpacket capture analysis - Question #796Scanning Networks
Which of the following tools can be used for passive OS fingerprinting?
passive OS fingerprintingtcpdumptraffic analysisOS detection - Question #797Vulnerability Analysis
Why is a penetration test considered to be more thorough than vulnerability scan?
penetration testingvulnerability scanningactive exploitationsecurity assessment - Question #798Hacking Wireless Networks
Which of the following tools is used to detect wireless LANs using the 802.11 a/b/g/n WLAN standards on a linux platform?
Kismetwireless detection802.11Linux wireless tools - Question #799Sniffing
Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?
tcptracePCAP analysispacket capture toolstraffic analysis - Question #800Evading IDS, Firewalls, and Honeypots
To reach a bank web site, the traffic from workstations must pass through a firewall. You have been asked to review the firewall configuration to ensure that workstations in networ...
firewall rulesACL configurationHTTPS port 443network access control - Question #801Malware Threats
Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?
stealth virustunneling virusantivirus evasioninterrupt hooking - Question #802Information Security and Ethical Hacking Fundamentals
A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by comp...
DMZnetwork segmentationsecurity architecturedata breach response - Question #803Cryptography
What is the main security service a cryptographic hash provide?
cryptographic hashintegritycollision resistancecomputational infeasibility - Question #804Vulnerability Analysis
When a security analyst prepares for the formal security assessment, what of the following should be done in order to determine inconsistencies in the secure assets database and ve...
security baselinevulnerability scanningcompliance assessmentasset inventory - Question #805Information Security and Ethical Hacking Fundamentals
These hackers have limited or no training and know how to use only basic techniques or tools. What kind of hackers are we talking about?
hacker typesscript kiddiesthreat actorshacker classification - Question #806Cryptography
How is the public key distributed in an orderly, controlled fashion so that the users can be sure of the sender's identity?
PKIdigital certificatespublic key distributionkey management - Question #807Evading IDS, Firewalls, and Honeypots
The network team has well-established procedures to follow for creating new rules on the firewall. This includes having approval from a manager prior to implementing any new rules....
firewall ruleschange managementsecurity policyrollback procedures - Question #808Information Security and Ethical Hacking Fundamentals
The Payment Card Industry Data Security Standard (PCI DSS) con ai s six different categories of control objectives. Each objective contains one or more requirements, which must be...
PCI DSSaccess controlcomplianceunique user identification