312-50V11 Practice Questions
1,039 real 312-50V11 exam questions with expert-verified answers and explanations. Page 12 of 21.
- Question #551Cryptography
Which of the following is an example of an asymmetric encryption implementation?
asymmetric encryptionPGPpublic key cryptographyencryption algorithms - Question #552Cryptography
A hacker was able to sniff packets on a company's wireless network. The following information was discovered: The Key 10110010 01001011 The Cyphertext 01100101 01011010 Using the E...
XOR operationstream cipherciphertextwireless sniffing - Question #553Cryptography
Which of the following cryptography attack methods is usually performed without the use of a computer?
rubber hose attackcryptanalysisphysical coercionattack types - Question #554Information Security and Ethical Hacking Fundamentals
Which of the following is a strong post designed to stop a car?
bollardphysical securityperimeter securityvehicle barriers - Question #555Information Security and Ethical Hacking Fundamentals
A Network Administrator was recently promoted to Chief Security Officer at a local university. One of employee's new responsibilities is to manage the implementation of an RFID car...
segregation of dutiesRFID access controlsecurity controlsleast privilege - Question #556Footprinting and Reconnaissance
A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, r...
passive reconnaissancefootprintingOSINTdumpster diving - Question #557Scanning Networks
An NMAP scan of a server shows port 69 is open. What risk could this pose?
TFTPport 69unauthenticated accessnetwork services - Question #558Information Security and Ethical Hacking Fundamentals
What information should an IT system analysis provide to the risk assessor?
risk assessmentsecurity architectureIT analysisinformation systems - Question #559Information Security and Ethical Hacking Fundamentals
Which of the following is a preventive control?
preventive controlsmart card authenticationaccess controlsecurity control types - Question #560Evading IDS, Firewalls, and Honeypots
An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network's external DMZ. The packet...
protocol analyzerIDS false positivePCAP analysisnetwork forensics - Question #561SQL Injection
An attacker gains access to a Web server's database and displays the contents of the table that holds all of the names, passwords, and other user information. The attacker did this...
SQL injectioninput validationweb application securitydatabase access - Question #562Information Security and Ethical Hacking Fundamentals
Which of the following is a protocol specifically designed for transporting event messages?
SYSLOGevent messageslogging protocolsnetwork protocols - Question #563Scanning Networks
Which of the following security operations is used for determining the attack surface of an organization?
attack surfacenetwork scanningDMZnetwork services - Question #564Information Security and Ethical Hacking Fundamentals
The security concept of "separation of duties" is most similar to the operation of which type of security device?
separation of dutiessecurity controlsfirewallsecurity concepts - Question #565Information Security and Ethical Hacking Fundamentals
The "black box testing" methodology enforces which kind of restriction?
black box testingpenetration testingtesting methodologyexternal testing - Question #566Information Security and Ethical Hacking Fundamentals
The "gray box testing" methodology enforces what kind of restriction?
gray box testingpenetration testingtesting methodologypartial knowledge - Question #567Information Security and Ethical Hacking Fundamentals
Which of the following lists are valid data-gathering activities associated with a risk assessment?
risk assessmentthreat identificationvulnerability identificationcontrol analysis - Question #568Information Security and Ethical Hacking Fundamentals
A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior...
black box testingpenetration testingrules of engagementexternal testing - Question #569Information Security and Ethical Hacking Fundamentals
Which of the following is a detective control?
detective controlaudit trailsecurity control typesaccess control - Question #570Information Security and Ethical Hacking Fundamentals
Which of the following is a component of a risk assessment?
risk assessmentadministrative safeguardssecurity managementrisk components - Question #571Information Security and Ethical Hacking Fundamentals
Risks = Threats x Vulnerabilities is referred to as the:
risk equationthreatvulnerabilityrisk management - Question #572Evading IDS, Firewalls, and Honeypots
Which of the following is designed to identify malicious attempts to penetrate systems?
intrusion detection systemIDSmalicious activity detectionnetwork security - Question #573Hacking Web Servers
Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?
Niktoweb server scanningCGI scanningvulnerability scanning - Question #574Sniffing
Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?
tcptracepacket capture analysistcpdumptraffic analysis - Question #575Hacking Wireless Networks
Which of the following tools is used to detect wireless LANs using the 802.11a/b/g/n WLAN standards on a linux platform?
Kismetwireless LAN detection802.11Linux wireless tools - Question #576Vulnerability Analysis
Windows file servers commonly hold sensitive files, databases, passwords and more. Which of the following choices would be a common vulnerability that usually exposes them?
missing patchespatch managementWindows file servervulnerability exposure - Question #577Evading IDS, Firewalls, and Honeypots
While conducting a penetration test, the tester determines that there is a firewall between the tester's machine and the target machine. The firewall is only monitoring TCP handsha...
circuit-level gatewayOSI session layerfirewall typesTCP handshaking - Question #578Evading IDS, Firewalls, and Honeypots
A company firewall engineer has configured a new DMZ to allow public systems to be located away from the internal network. The engineer has three security zones set: Untrust (Inter...
firewall rulesRDPDMZleast-privilege access control - Question #579Evading IDS, Firewalls, and Honeypots
A circuit level gateway works at which of the following layers of the OSI Model?
circuit-level gatewayOSI modeltransport layerfirewall types - Question #580Cryptography
Which of the following is a symmetric cryptographic standard?
3DESsymmetric encryptioncryptographic standardsDES - Question #581Cryptography
Which property ensures that a hash function will not produce the same hashed value for two different messages?
hash functionscollision resistancecryptographic propertiesintegrity - Question #582Hacking Web Servers
How can telnet be used to fingerprint a web server?
web server fingerprintingtelnetbanner grabbingreconnaissance - Question #583Information Security and Ethical Hacking Fundamentals
Low humidity in a data center can cause which of the following problems?
physical securitydata centerstatic electricityenvironmental controls - Question #584Social Engineering
A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed lik...
tailgatingphysical penetration testingsocial engineeringaccess control - Question #585Hacking Web Applications
While performing data validation of web content, a security technician is required to restrict malicious input. Which of the following processes is an efficient way of restricting...
input validationweb securitydata sanitizationsecure coding - Question #586Information Security and Ethical Hacking Fundamentals
A covert channel is a channel that
covert channelsecurity policyinformation transferdata exfiltration - Question #587Information Security and Ethical Hacking Fundamentals
Least privilege is a security concept that requires that a user is
least privilegeaccess controlsecurity principlesauthorization - Question #588Information Security and Ethical Hacking Fundamentals
If the final set of security controls does not eliminate all risk in a system, what could be done next?
residual riskrisk managementrisk acceptancesecurity controls - Question #589Information Security and Ethical Hacking Fundamentals
What is one thing a tester can do to ensure that the software is trusted and is not changing or tampering with critical data on the back end of a system it is loaded on?
software integrityinterrupt analysistamper detectionbackend security - Question #590Information Security and Ethical Hacking Fundamentals
Which of the following examples best represents a logical or technical control?
logical controlstechnical controlssecurity tokensaccess control - Question #591Information Security and Ethical Hacking Fundamentals
It is an entity or event with the potential to adversely impact a system through unauthorized access, destruction, disclosure, denial of service or modification of data. Which of t...
threat definitionsecurity terminologyrisk conceptsvulnerability - Question #592Hacking Web Applications
Initiating an attack against targeted businesses and organizations, threat actors compromise a carefully selected website by inserting an exploit resulting in malware infection. Th...
watering hole attackzero-day exploitsmalware infectiontargeted attacks - Question #593Scanning Networks
You have successfully gained access to your client's internal network and successfully comprised a Linux server which is part of the internal IP network. You want to know which Mic...
SMBport 445file sharingWindows networking - Question #594Hacking Wireless Networks
It is a short-range wireless communication technology intended to replace the cables connecting portable of fixed devices while maintaining high levels of security. It allows mobil...
Bluetoothshort-range wirelesswireless technologydevice communication - Question #595Evading IDS, Firewalls, and Honeypots
You have compromised a server and successfully gained a root access. You want to pivot and pass traffic undetected over the network and evade any possible Intrusion Detection Syste...
Cryptcattraffic encryptionIDS evasionpivoting - Question #596Malware Threats
It is a kind of malware (malicious software) that criminals install on your computer so they can lock it from a remote location. This malware generates a pop-up window, webpage, or...
ransomwaremalware typesextortionmalicious software - Question #597Scanning Networks
Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection?
NmapTCP port scanningOS fingerprintingICMP blocking - Question #598Scanning Networks
While checking the settings on the internet browser, a technician finds that the proxy server settings have been checked and a computer is trying to use itself as a proxy server. W...
loopback addressproxy settings127.0.0.1network configuration - Question #599Scanning Networks
A company has five different subnets: 192.168.1.0, 192.168.2.0, 192.168.3.0, 192.168.4.0 and 192.168.5.0. How can NMAP be used to scan these adjacent Class C networks?
Nmapsubnet scanningCIDR notationnetwork ranges - Question #600Evading IDS, Firewalls, and Honeypots
A penetration tester is attempting to scan an internal corporate network from the internet without alerting the border sensor. Which is the most efficient technique should the test...
SSH tunnelingstealth scanningIDS evasionpenetration testing