312-50V10 Exam Questions
937 real 312-50V10 exam questions with expert-verified answers and explanations. Page 6 of 19.
- Question #254Sniffing
The network administrator contacts you and tells you that she noticed the temperature on the internal wireless router increases by more than 20% during weekend hours when the offic...
Wiresharknetwork traffic analysispacket capturewireless monitoring - Question #255Information Security and Ethical Hacking Fundamentals
Which of the following is considered an acceptable option when managing a risk?
risk managementrisk mitigationrisk acceptancesecurity governance - Question #256Cryptography
Which security control role does encryption meet?
encryptionsecurity controlspreventative controldata protection - Question #257Evading IDS, Firewalls, and Honeypots
Which type of access control is used on a router or firewall to limit network activity?
rule-based access controlfirewall ACLnetwork access controlpacket filtering - Question #258Enumeration
At a Windows Server command prompt, which command could be used to list the running services?
Windows enumerationsc queryservice enumerationWindows commands - Question #259Malware Threats
A security consultant decides to use multiple layers of anti-virus defense, such as end user desktop anti- virus and E-mail gateway. This approach can be used to mitigate which kin...
defense in depthantivirus layersmalware preventionsocial engineering defense - Question #260Vulnerability Analysis
Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP?
NMAP scripting engineNSEvulnerability scanningSMB HTTP FTP scanning - Question #261Vulnerability Analysis
Which of the following scanning tools is specifically designed to find potential exploits in Microsoft Windows products?
vulnerability scannerMBSAWindows securityscanning tools - Question #262Information Security and Ethical Hacking Fundamentals
When creating a security program, which approach would be used if senior management is supporting and enforcing the security policy?
security policytop-down approachmanagement supportsecurity program - Question #263Information Security and Ethical Hacking Fundamentals
Which of the following processes evaluates the adherence of an organization to its stated security policy?
security auditingsecurity policycompliancerisk assessment - Question #264Information Security and Ethical Hacking Fundamentals
A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The company accepting bids wants proof of work so the consultant prints...
ethical hackingconfidentialityprofessional ethicspenetration testing - Question #265Information Security and Ethical Hacking Fundamentals
Which type of scan is used on the eye to measure the layer of blood vessels?
biometricsretinal scanauthenticationphysical security - Question #266Information Security and Ethical Hacking Fundamentals
What is the main reason the use of a stored biometric is vulnerable to an attack?
biometricsstored credentialsidentity theftauthentication attack - Question #267Hacking Wireless Networks
During a wireless penetration test, a tester detects an access point using WPA2 encryption. Which of the following attacks should be used to obtain the key?
WPA2wireless handshake capturepassword cracking802.11i - Question #268Hacking Wireless Networks
Which type of antenna is used in wireless communication?
wireless antennaomnidirectionalwireless communicationRF propagation - Question #269Information Security and Ethical Hacking Fundamentals
What is the name of the international standard that establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for e...
Common Criteriasecurity standardsIT product evaluationcertification - Question #270System Hacking
One way to defeat a multi-level security solution is to leak data via
covert channeldata exfiltrationmulti-level securitysecurity bypass - Question #271Hacking Web Applications
Which of the following conditions must be given to allow a tester to exploit a Cross-Site Request Forgery (CSRF) vulnerable web application?
CSRFanti-CSRF tokensweb application securitysession management - Question #272SQL Injection
What is the main difference between a "Normal" SQL Injection and a "Blind" SQL Injection vulnerability?
blind SQL injectionerror-based injectionSQL injection typesinformation disclosure - Question #273SQL Injection
During a penetration test, a tester finds a target that is running MS SQL 2000 with default credentials. The tester assumes that the service is running with Local System account. H...
xp_cmdshellMS SQL Serverstored proceduresOS command execution - Question #274Information Security and Ethical Hacking Fundamentals
The precaution of prohibiting employees from bringing personal computing devices into a facility is what type of security control?
security controlsprocedural controlphysical security policyBYOD - Question #275System Hacking
A pentester gains access to a Windows application server and needs to determine the settings of the built- in Windows firewall. Which command would be used?
Windows firewallnetshfirewall enumerationpost-exploitation - Question #276Information Security and Ethical Hacking Fundamentals
In the software security development life cycle process, threat modeling occurs in which phase?
threat modelingSDLCsecure designsoftware security - Question #277Evading IDS, Firewalls, and Honeypots
A network administrator received an administrative alert at 3:00 a.m. from the intrusion detection system. The alert was generated because a large number of packets were coming int...
IDSfalse positiveintrusion detectionalert classification - Question #278Vulnerability Analysis
Which of the following techniques does a vulnerability scanner use in order to detect a vulnerability on a target service?
vulnerability scannerservice response analysisdetection techniquesbanner grabbing - Question #279Vulnerability Analysis
Which of the following business challenges could be solved by using a vulnerability scanner?
vulnerability scannercompliance testingsecurity assessmentbusiness use case - Question #280Information Security and Ethical Hacking Fundamentals
A security policy will be more accepted by employees if it is consistent and has the support of
security policyexecutive managementtop-down approachorganizational security - Question #281Information Security and Ethical Hacking Fundamentals
A company has hired a security administrator to maintain and administer Linux and Windows- based systems. Written in the nightly report file is the following: - Firewall log files...
incident responselog tamperinglog analysissecurity policy - Question #282Information Security and Ethical Hacking Fundamentals
Which type of scan measures a person's external features through a digital video camera?
biometricsfacial recognitionphysical authenticationaccess control - Question #283Hacking Wireless Networks
WPA2 uses AES for wireless data encryption at which of the following encryption levels?
WPA2AESCCMPwireless encryption - Question #284System Hacking
An attacker uses a communication channel within an operating system that is neither designed nor intended to transfer information. What is the name of the communications channel?
covert channelinformation leakageOS securitysteganography - Question #285Hacking Web Applications
What technique is used to perform a Connection Stream Parameter Pollution (CSPP) attack?
CSPPparameter injectionconnection stringweb attack - Question #286Vulnerability Analysis
A newly discovered flaw in a software application would be considered which kind of security vulnerability?
zero-dayvulnerability classificationunpatched flawexploit - Question #287Hacking Web Applications
During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to expl...
XSSHttpOnly flagsession cookiescross-site scripting - Question #288Evading IDS, Firewalls, and Honeypots
The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities?
IDS evasionalert thresholdingslow attackdetection bypass - Question #289Evading IDS, Firewalls, and Honeypots
What is the main advantage that a network-based IDS/IPS system has over a host-based solution?
NIDSHIDSIDS comparisonnetwork monitoring - Question #290Cryptography
The network administrator for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronical...
asymmetric encryptionHTTPSSSL/TLScertificate - Question #291Evading IDS, Firewalls, and Honeypots
When an alert rule is matched in a network-based IDS like snort, the IDS does which of the following?
SnortIDS rule processingalert mechanismpacket evaluation - Question #292Evading IDS, Firewalls, and Honeypots
Which type of intrusion detection system can monitor and alert on attacks, but cannot stop them?
passive IDSIDS typesdetection onlyintrusion detection - Question #293Hacking Wireless Networks
An organization hires a tester to do a wireless penetration test. Previous reports indicate that the last test did not contain management or control packets in the submitted traces...
wireless packet capturepromiscuous mode802.11 framesWireshark - Question #294Scanning Networks
From the two screenshots below, which of the following is occurring? First one: 1 [10.0.0.253]# nmap -sP 10.0.0.0/24 3 Starting Nmap 5 Host 10.0.0.1 appears to be up. 6 MAC Address...
Nmapping scanIP protocol scannetwork scanning - Question #295Sniffing
Pentest results indicate that voice over IP traffic is traversing a network. Which of the following tools will decode a packet capture and extract the voice conversations?
VoIP sniffingpacket captureCaintraffic analysis - Question #296Sniffing
Which technical characteristic do Ethereal/Wireshark, TCPDump, and Snort have in common?
libpcappacket capture utilityWiresharkSnort - Question #297Information Security and Ethical Hacking Fundamentals
Which set of access control solutions implements two-factor authentication?
two-factor authenticationauthentication factorsUSB tokenaccess control - Question #298Cryptography
A security engineer has been asked to deploy a secure remote access solution that will allow employees to connect to the company's internal network. Which of the following can be i...
IPSecMITM preventionVPNremote access security - Question #299Cryptography
A person approaches a network administrator and wants advice on how to send encrypted email from home. The end user does not want to have to pay for any license fees or manage serv...
PGPemail encryptionOpenPGPcryptography protocols - Question #300Cryptography
To send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?
PGPpublic keyasymmetric encryptionkey exchange - Question #301System Hacking
An engineer is learning to write exploits in C++ and is using the exploit tool Backtrack. The engineer wants to compile the newest C++ exploit and name it calc.exe. Which command w...
exploit compilationg++ compilerC++Backtrack - Question #302Scanning Networks
A recently hired network security associate at a local bank was given the responsibility to perform daily scans of the internal network to look for unauthorized devices. The employ...
Python scriptingnetwork scanningautomationscheduling - Question #303System Hacking
A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended...
chained exploitmsadc.plPerl scriptingFTP exploitation