312-50V10 Exam Questions
937 real 312-50V10 exam questions with expert-verified answers and explanations. Page 8 of 19.
- Question #354Cryptography
Which of the following is optimized for confidential communications, such as bidirectional voice and video?
RC4stream ciphersymmetric encryptionmultimedia encryption - Question #355Cryptography
Advanced encryption standard is an algorithm used for which of the following?
AESbulk encryptionsymmetric cipherblock cipher - Question #356Cryptography
The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses which of the following?
symmetric cryptographyasymmetric cryptographyshared keyencryption fundamentals - Question #357Cryptography
An attacker sniffs encrypted traffic from the network and is subsequently able to decrypt it. The attacker can now use which cryptanalytic technique to attempt to discover the encr...
chosen ciphertext attackcryptanalysiskey recoveryciphertext - Question #358Cryptography
What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256 bit key to share sensitive data?
AES 256-bitsymmetric key distributionkey managementencryption tradeoffs - Question #359Cryptography
A Certificate Authority (CA) generates a key pair that will be used for encryption and decryption of email. The integrity of the encrypted email is dependent on the security of whi...
PKIprivate key securitycertificate authoritydigital certificates - Question #360Hacking Wireless Networks
When setting up a wireless network, an administrator enters a pre-shared key for security. Which of the following is true?
pre-shared keyWPAsymmetric encryptionwireless security - Question #361Cryptography
An attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file?
public key cryptographychosen plaintext attackcryptanalysisasymmetric encryption - Question #362Cryptography
Which of the following processes of PKI (Public Key Infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations?
PKIcertificate validationtrust chaindigital certificates - Question #363Cryptography
Which of the following describes a component of Public Key Infrastructure (PKI) where a copy of a private key is stored to provide third-party access and to facilitate recovery ope...
PKIkey escrowprivate key recoverythird-party access - Question #364Information Security and Ethical Hacking Fundamentals
To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settin...
system hardeningattack surface reductionconfiguration managementleast functionality - Question #365Hacking Web Applications
Which of the following is a common Service Oriented Architecture (SOA) vulnerability?
SOAXML denial of serviceweb servicesservice vulnerabilities - Question #366Information Security and Ethical Hacking Fundamentals
The intrusion detection system at a software development company suddenly generates multiple alerts regarding attacks against the company's external webserver, VPN concentrator, an...
IDS alertsincident prioritizationsecurity operationsincident response - Question #367Information Security and Ethical Hacking Fundamentals
An IT security engineer notices that the company's web server is currently being hacked. What should the engineer do next?
incident responseevidence collectionweb server attackforensics - Question #368Information Security and Ethical Hacking Fundamentals
Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?
CSIRTincident responsesingle point of contactsecurity team - Question #369Information Security and Ethical Hacking Fundamentals
Which of the following items is unique to the N-tier architecture method of designing software applications?
N-tier architectureapplication layerssoftware designseparation of concerns - Question #370Scanning Networks
Which of the following descriptions is true about a static NAT?
static NATnetwork address translationone-to-one mappingIP addressing - Question #371Denial of Service
Which of the following network attacks takes advantage of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack?
teardrop attackfragment reassemblyTCP/IP stackdenial of service - Question #372Scanning Networks
Employees in a company are no longer able to access Internet web sites on their computers. The network administrator is able to successfully ping IP address of web servers on the I...
DNSport 53firewall rulesnetwork troubleshooting - Question #373Hacking Web Applications
While testing the company's web applications, a tester attempts to insert the following test script into the search area on the company's web site: <script>alert(" Testing Testing...
cross-site scriptingXSSscript injectionweb application vulnerability - Question #374Information Security and Ethical Hacking Fundamentals
Which of the following is an advantage of utilizing security testing methodologies to conduct a security audit?
security testing methodologyaudit frameworkrepeatable processsecurity assessment - Question #375Hacking Web Applications
The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?
OWASPweb application securityvulnerability listtesting methodology - Question #376Cryptography
In the OSI model, where does PPTP encryption take place?
PPTPOSI modeldata link layerVPN encryption - Question #377Session Hijacking
Which of the following is an example of IP spoofing?
IP spoofingman-in-the-middlesession interceptionnetwork attacks - Question #378Cryptography
For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using...
digital signaturemessage digestsender private keyasymmetric cryptography - Question #379Cryptography
Some passwords are stored using specialized encryption algorithms known as hashes. Why is this an appropriate method?
password hashingone-way functionnon-reversiblecredential storage - Question #380Cryptography
Company A and Company B have just merged and each has its own Public Key Infrastructure (PKI). What must the Certificate Authorities (CAs) establish so that the private PKIs for Co...
PKIcross certificationcertificate authority trustmulti-organization PKI - Question #381Cryptography
Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?
PKIroot CAcertificate authoritytrust hierarchy - Question #382Cryptography
A network security administrator is worried about potential man-in-the-middle attacks when users access a corporate web site from their workstations. Which of the following is the...
man-in-the-middlePKI certificatesmutual authenticationTLS - Question #383Cryptography
Which of the following levels of algorithms does Public Key Infrastructure (PKI) use?
PKIRSAasymmetric encryptionkey strength - Question #384Cryptography
Which of the following is a characteristic of Public Key Infrastructure (PKI)?
PKIpublic-key cryptographydigital signatureskey distribution - Question #385Information Security and Ethical Hacking Fundamentals
Which security strategy requires using several, varying methods to protect IT systems against attacks?
defense in depthlayered securitysecurity strategy - Question #386Hacking Web Applications
SOAP services use which technology to format information?
SOAPXMLweb servicesprotocol - Question #387Cryptography
Which of the following can take an arbitrary length of input and produce a message digest output of 160 bit?
SHA-1message digesthash function160-bit - Question #388Cryptography
Which element of Public Key Infrastructure (PKI) verifies the applicant?
PKIregistration authoritycertificate verificationRA - Question #389Information Security and Ethical Hacking Fundamentals
Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?
CSIRTincident responseUS-CERTsecurity governance - Question #390Information Security and Ethical Hacking Fundamentals
How do employers protect assets with security policies pertaining to employee surveillance activities?
employee monitoringsecurity policyacceptable usewritten policy - Question #391Information Security and Ethical Hacking Fundamentals
Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion?
change managementsecurity policyconfiguration controldocumentation - Question #392Vulnerability Analysis
Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?
PCI DSSNessusvulnerability scanningcompliance - Question #393Information Security and Ethical Hacking Fundamentals
Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy o...
Sarbanes-OxleySOXcompliancefinancial reporting - Question #394Information Security and Ethical Hacking Fundamentals
How can a policy help improve an employee's security awareness?
security awarenesssecurity policyemployee trainingsecurity procedures - Question #395Information Security and Ethical Hacking Fundamentals
Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design,...
penetration testingsecurity assessmentROIsecurity investment - Question #396Information Security and Ethical Hacking Fundamentals
Which of the following guidelines or standards is associated with the credit card industry?
PCI DSScompliance standardscredit card securityregulatory - Question #397Information Security and Ethical Hacking Fundamentals
International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining
ISO 27002security controlscompliance guidelinessecurity standards - Question #398Information Security and Ethical Hacking Fundamentals
Which type of security document is written with specific step-by-step details?
security proceduresecurity policysecurity documentationstep-by-step - Question #399Information Security and Ethical Hacking Fundamentals
An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker...
ethical hackingauthorizationscope of workprofessional ethics - Question #400Information Security and Ethical Hacking Fundamentals
A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from f...
ethical hackingcode of ethicslegal recourseprofessional conduct - Question #401Information Security and Ethical Hacking Fundamentals
Which initial procedure should an ethical hacker perform after being brought into an organization?
NDApre-engagementlegal agreementsethical hacking process - Question #402Information Security and Ethical Hacking Fundamentals
A consultant has been hired by the V.P. of a large financial organization to assess the company's security posture. During the security testing, the consultant comes across child p...
ethical obligationslegal complianceincident reportingprofessional conduct - Question #403Information Security and Ethical Hacking Fundamentals
A computer technician is using a new version of a word processing software package when it is discovered that a special sequence of characters causes the entire computer to crash....
responsible disclosurevulnerability reportingbug disclosureethical hacking