312-50V11 Practice Questions
1,039 real 312-50V11 exam questions with expert-verified answers and explanations. Page 21 of 21.
- Question #1003Hacking Web Applications
Rebecca, a security professional, wants to authenticate employees who use web services for safe and secure communication. In this process, she employs a component of the Web Servic...
WS-SecuritySOAPweb servicesmessage integrity - Question #1004Hacking Mobile Platforms
Jake, a professional hacker, installed spyware on a target iPhone to spy on the target user's activities. He can take complete control of the target mobile device by jailbreaking t...
iOS spywareTrident exploitmobile jailbreakingremote surveillance - Question #1005Hacking Wireless Networks
Clark, a professional hacker, attempted to perform a Btlejacking attack using an automated tool, Btlejack, and hardware tool, micro:bit. This attack allowed Clark to hijack, read,...
BtlejackingBtlejack toolBLE hijackingBluetooth attack - Question #1006Denial of Service
Mike, a security engineer, was recently hired by BigFox Ltd. The company recently experienced disastrous DoS attacks. The management had instructed Mike to build defensive strategi...
DoS countermeasuresjamming attackcognitive radioDDoS defense - Question #1007Enumeration
What useful information is gathered during a successful Simple Mail Transfer Protocol (SMTP) enumeration?
SMTP enumerationVRFY commandEXPN commandemail user enumeration - Question #1008Hacking Web Applications
Gregory, a professional penetration tester working at Sys Security Ltd., is tasked with performing a security test of web applications used in the company. For this purpose, Gregor...
Burp Suiteintercepting proxysession token analysisweb application testing - Question #1009Hacking Web Servers
When considering how an attacker may exploit a web server, what is web server footprinting?
web server footprintinginformation gatheringserver reconnaissanceaccount enumeration - Question #1010Social Engineering
Which of the following tactics uses malicious code to redirect users' web traffic?
pharmingDNS redirectionweb traffic hijackingsocial engineering - Question #1011System Hacking
Attacker Simon targeted the communication network of an organization and disabled the security controls of NetNTLMvl by modifying the values of LMCompatibilityLevel, NTLMMinClientS...
internal monologue attackNTLM downgradetoken impersonationcredential theft - Question #1012Hacking Web Applications
Calvin, a grey-hat hacker, targets a web application that has design flaws in its authentication mechanism. He enumerates usernames from the login form of the web application, whic...
verbose failure messagesusername enumerationauthentication design flawweb application security - Question #1013Enumeration
Henry is a penetration tester who works for XYZ organization. While performing enumeration on a client organization, he queries the DNS server for a specific cached DNS record. Fur...
DNS cache snoopingDNS enumerationcached DNS recordsnetwork reconnaissance - Question #1014IoT and OT Hacking
An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a t...
side-channel attacktiming attackICS password crackingOT security - Question #1015System Hacking
Mary, a penetration tester, has found password hashes in a client system she managed to breach. She needs to use these passwords to continue with the test, but she does not have ti...
pass the hashNTLM hashcredential reuselateral movement - Question #1016Malware Threats
Jack, a disgruntled ex-employee of Incalsol Ltd., decided to inject fileless malware into Incalsol's systems. To deliver the malware, he used the current employees' email IDs to se...
fileless malwarephishing deliveryFlash exploitin-memory execution - Question #1017Footprinting and Reconnaissance
In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related informat...
CeWLword list generationweb spideringbrute-force preparation - Question #1018Cryptography
Sam, a web developer, was instructed to incorporate a hybrid encryption software program into a web application to secure email messages. Sam used an encryption software, which is...
GPGOpenPGPhybrid encryptionemail security - Question #1019System Hacking
Which among the following is the best example of the hacking concept called "clearing tracks"?
clearing tracksevent log tamperinglog corruptionpost-exploitation - Question #1020Denial of Service
Jude, a pen tester working in Keiltech Ltd., performs sophisticated security testing on his company's network infrastructure to identify security loopholes. In this process, he sta...
spoofed session floodTCP session forgeryDDoS attackfirewall evasion - Question #1021Cloud Computing
Upon establishing his new startup, Tom hired a cloud service provider (CSP) but was dissatisfied with their service and wanted to move to another CSP. What part of the contract mig...
vendor lock-incloud portabilityCSP contractcloud migration - Question #1022Cloud Computing
Alex, a cloud security engineer working in Eyecloud Inc. is tasked with isolating applications from the underlying infrastructure and stimulating communication via well-defined cha...
DockercontainerizationPaaSOS-level virtualization - Question #1023SQL Injection
CyberTech Inc. recently experienced SQL injection attacks on its official website. The company appointed Bob, a security professional, to build and incorporate defensive strategies...
whitelist validationinput validationSQL injection defenseweb security - Question #1024Sniffing
Which type of attack attempts to overflow the content-addressable memory (CAM) table in an Ethernet switch?
MAC floodingCAM table overflowLayer 2 attackswitch security - Question #1025SQL Injection
What is the following command used for?
SQLmapdatabase enumerationSQL injection toolDBMS - Question #1026SQL Injection
Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same str...
Union SQL injectionSQL injection typesstacked queriesdatabase attack - Question #1027Cloud Computing
Your organization has signed an agreement with a web hosting provider that requires you to take full responsibility of the maintenance of the cloud-based resources. Which of the fo...
cloud service modelsPaaSIaaSshared responsibility - Question #1028IoT and OT Hacking
Lewis, a professional hacker, targeted the loT cameras and devices used by a target venture- capital firm. He used an information-gathering tool to collect information about the lo...
CensysIoT reconnaissanceattack surfacenetwork scanning - Question #1030Footprinting and Reconnaissance
Richard, an attacker, targets an MNC In this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain informatio...
Whois lookupdomain footprintingDNS reconnaissanceOSINT - Question #1031Hacking Wireless Networks
An attacker utilizes a Wi-Fi Pineapple to run an access point with a legitimate-looking SSID for a nearby business in order to capture the wireless password. What kind of attack is...
evil twin attackWi-Fi Pineapplerogue access pointSSID spoofing - Question #1032Sniffing
You are using a public Wi-Fi network inside a coffee shop. Before surfing the web, you use your VPN to prevent intruders from sniffing your traffic. If you did not have a VPN, how...
ARP spoofing detectionARP tableMITM attacknetwork forensics - Question #1033SQL Injection
This type of injection attack does not show any error message. It is difficult to exploit as it returns information when the application is given SQL payloads that elicit a true or...
blind SQL injectionboolean-based injectionSQL attack typesdatabase enumeration - Question #1034Hacking Wireless Networks
An attacker identified that a user and an access point are both compatible with WPA2 and WPA3 encryption. The attacker installed a rogue access point with only WPA2 compatibility i...
downgrade security attackWPA2WPA3wireless protocol downgrade - Question #1035Footprinting and Reconnaissance
A penetration tester is performing the footprinting process and is reviewing publicly available information about an organization by using the Google search engine. Which of the fo...
Google dorkingsite operatorOSINTsearch engine reconnaissance - Question #1036Vulnerability Analysis
Mr. Omkar performed tool-based vulnerability assessment and found two vulnerabilities. During analysis, he found that these issues are not true vulnerabilities. What will you call...
false positivesvulnerability assessmentscan accuracytool-based scanning - Question #1037Scanning Networks
Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the network. While performing the given task...
TCP Maimon scanFIN/ACK probeport scanning techniquesfirewall evasion scanning - Question #1038Social Engineering
Sophia is a shopping enthusiast who spends significant time searching for trendy outfits online. Clark, an attacker, noticed her activities several times and sent a fake email cont...
Evilginxphishingcredential harvestingspoofed email - Question #1039Hacking Mobile Platforms
Jacob works as a system administrator in an organization. He wants to extract the source code of a mobile application and disassemble the application to analyze its design flaws. U...
reverse engineeringmobile app disassemblycode analysisvulnerability discovery - Question #1040Malware Threats
Which rootkit is characterized by its function of adding code and/or replacing some of the operating- system kernel code to obscure a backdoor on a system?
kernel-level rootkitrootkit typesOS kernel backdoormalware persistence - Question #1041System Hacking
Which of the following Metasploit post-exploitation modules can be used to escalate privileges on Windows systems?
privilege escalationMetasploitgetsystempost-exploitation - Question #1042IoT and OT Hacking
Robert, a professional hacker, is attempting to execute a fault injection attack on a target IoT device. In this process, he injects faults into the power supply that can be used f...
fault injectionIoT hardware attackspower supply manipulationclock network tampering