312-50V10 Exam Questions
937 real 312-50V10 exam questions with expert-verified answers and explanations. Page 9 of 19.
- Question #404Information Security and Ethical Hacking Fundamentals
A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof...
authorizationunauthorized accesslegal consentethical boundaries - Question #405Information Security and Ethical Hacking Fundamentals
This international organization regulates billions of transactions daily and provides security guidelines to protect personally identifiable information (PII). These security contr...
PCI DSSPII protectioncompliance standardsscript kiddies - Question #406Hacking Web Applications
While using your bank's online servicing you notice the following string in the URL bar: &Camount= 21" You observe that if you modify the Damount & Camount values and submit the re...
parameter tamperingURL manipulationinput validationweb application vulnerabilities - Question #407Information Security and Ethical Hacking Fundamentals
Perspective clients want to see sample reports from previous penetration tests. What should you do next?
pen test reportsconfidentialityclient engagementprofessional ethics - Question #408Evading IDS, Firewalls, and Honeypots
During a blackbox pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimped...
stateful firewalldeep packet inspectionport 80traffic filtering - Question #409System Hacking
You've gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password....
CHNTPWpassword recoveryWindows password resetLinux LiveCD - Question #410System Hacking
After trying multiple exploits, you've gained root access to a Centos 6 server. To ensure you maintain access, what would you do first?
persistencemaintaining accesspost-exploitationuser account creation - Question #411System Hacking
What is the Shellshock bash vulnerability attempting to do on an vulnerable Linux host? env x=`(){ :;};echo exploit` bash -c 'cat /etc/passwd'
Shellshockbash vulnerabilitycommand injectionenvironment variable exploit - Question #412Enumeration
Using Windows CMD, how would an attacker list all the shares to which the current user context has access?
NET VIEWWindows enumerationnetwork sharesCMD commands - Question #413Cryptography
A common cryptographical tool is the use of XOR. XOR the following binary values: 10110001 00111010
XOR operationbinary arithmeticcryptographic primitivessymmetric operations - Question #414Cryptography
Which of the following is the successor of SSL?
TLSSSLtransport layer securitycryptographic protocols - Question #415Session Hijacking
You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence number?
TCP sequence numberssession hijackingman-in-the-middleTCP protocol - Question #416Footprinting and Reconnaissance
Your team has won a contract to infiltrate an organization. The company wants to have the attack be as realistic as possible; therefore, they did not provide any information beside...
black box testingreconnaissancepenetration testing methodologyOSINT - Question #417Footprinting and Reconnaissance
You are performing information gathering for an important penetration test. You have found pdf, doc, and images in your objective. You decide to extract metadata from these files a...
Metagoofilmetadata extractionOSINTfile analysis - Question #418Footprinting and Reconnaissance
When you are collecting information to perform a data analysis, Google commands are very useful to find sensitive information and files. These files may contain information about p...
Google dorksfiletype operatorOSINTsensitive file discovery - Question #419Cryptography
What is a "Collision attack" in cryptography?
collision attackhash functionscryptographic attackshash collision - Question #420Social Engineering
You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist's email, and you send h...
spear phishingemail spoofingsocial engineeringmalware delivery - Question #421Hacking Web Servers
When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two cr...
NMAP scripting engineHTTP methodsweb server fingerprintingPUT DELETE methods - Question #422Evading IDS, Firewalls, and Honeypots
You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. Y...
Wireshark filtersSnort IDSsyslognetwork traffic analysis - Question #423System Hacking
Which of the following parameters describe LM Hash (see exhibit):
LM Hashpassword hashingWindows authenticationNTLM - Question #425Hacking Web Applications
The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary co...
OWASP Top Teninjectionweb application risksapplication security - Question #426Malware Threats
Which of the following describes the characteristics of a Boot Sector Virus?
boot sector virusMBRvirus propagationmalware types - Question #427Evading IDS, Firewalls, and Honeypots
You have several plain-text firewall logs that you must review to evaluate network traffic. You know that in order to do fast, efficient searches of the logs you must use regular e...
grepregular expressionslog analysisfirewall logs - Question #428Information Security and Ethical Hacking Fundamentals
You've just been hired to perform a pen test on an organization that has been subjected to a large-scale attack. The CIO is concerned with mitigating threats and vulnerabilities to...
risk managementpenetration testing methodologyrisk reductionsecurity assessment - Question #429Scanning Networks
A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version install...
NMAP port scanningOS identificationprinter portsservice fingerprinting - Question #430Information Security and Ethical Hacking Fundamentals
Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company?
biometricsphysical access controlauthentication factorsenterprise security - Question #431Hacking Mobile Platforms
Which of the following is not a Bluetooth attack?
Bluetooth attacksBluejackingBluesnarfingwireless attack types - Question #432Footprinting and Reconnaissance
This phase will increase the odds of success in later phases of the penetration test. It is also the very first step in Information Gathering, and it will tell you what the "landsc...
footprintingethical hacking phasesinformation gatheringreconnaissance - Question #433Hacking Wireless Networks
The purpose of a __________ is to deny network access to local area networks and other information assets by unauthorized wireless devices.
Wireless IPSWIPSunauthorized device preventionnetwork access control - Question #434Scanning Networks
The NMAP command above performs which of the following? > NMAP -sn 192.168.11.200-215
NMAPping scan-sn flaghost discovery - Question #435Footprinting and Reconnaissance
You are using NMAP to resolve domain names into IP addresses for a ping sweep later. Which of the following commands looks for IP addresses?
DNS A recordshost commanddomain resolutionIP address lookup - Question #436Sniffing
Which of the following is a command line packet analyzer similar to GUI-based Wireshark?
tcpdumppacket analyzerCLI toolsnetwork capture - Question #437Sniffing
The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the central processing unit (CPU), rather than passing only the frames...
promiscuous modenetwork interface controllerpacket capturesniffing - Question #438Evading IDS, Firewalls, and Honeypots
Which of the following is an extremely common IDS evasion technique in the web world?
IDS evasionunicode encodingobfuscationweb-based evasion - Question #439Cryptography
Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?
PKIpublic key infrastructuredigital certificatesidentity verification - Question #440Information Security and Ethical Hacking Fundamentals
Which of the following is a design pattern based on distinct pieces of software providing application functionality as services to other applications?
SOAservice oriented architecturesoftware design patternsweb services - Question #441Cryptography
Which of the following is assured by the use of a hash?
hashingdata integritycryptographic functions - Question #442Information Security and Ethical Hacking Fundamentals
Which of the following is the greatest threat posed by backups?
backup securityencryptiondata protectionphysical security - Question #443Information Security and Ethical Hacking Fundamentals
The chance of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk...
SLEAROALErisk calculation - Question #444Hacking Web Applications
While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser...
CSRFsession cookiescross-site request forgeryweb browser security - Question #445Session Hijacking
A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempti...
HTTP cookiessession managementcookie theftweb security - Question #446Hacking Web Applications
Which of the following is considered the best way to protect Personally Identifiable Information (PII) from Web application vulnerabilities?
PII protectionencrypted communicationsweb application security - Question #447Hacking Web Applications
Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications?
XSS preventioninput validationoutput encodingweb security - Question #448Information Security and Ethical Hacking Fundamentals
An Internet Service Provider (ISP) has a need to authenticate users connecting using analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Netw...
AAARADIUSauthentication protocolsnetwork access control - Question #449Vulnerability Analysis
To maintain compliance with regulatory requirements, a security audit of the systems on a network must be performed to determine their compliance with security policies. Which one...
vulnerability scannersecurity auditcompliancenetwork assessment - Question #450Information Security and Ethical Hacking Fundamentals
Which of these options is the most secure procedure for storing backup tapes?
backup storageoffsite storagedisaster recoveryphysical security - Question #451Evading IDS, Firewalls, and Honeypots
Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, smallsized packets to the target computer, making it very difficult for an IDS to detec...
session splicingIDS evasionpacket fragmentationWhisker - Question #453Evading IDS, Firewalls, and Honeypots
You are the Systems Administrator for a large corporate organization. You need to monitor all network traffic on your local network for suspicious activities and receive notificati...
network-based IDSintrusion detectionnetwork monitoringalert notification - Question #454Evading IDS, Firewalls, and Honeypots
You work as a Security Analyst for a retail organization. In securing the company's network, you set up a firewall and an IDS. However, hackers are able to attack the network. Afte...
false negativeIDS alertsintrusion detectionalert types - Question #455Evading IDS, Firewalls, and Honeypots
Which of the following types of firewalls ensures that the packets are part of the established session?
stateful inspectionfirewall typessession trackingpacket filtering