312-50V11 Practice Questions
1,039 real 312-50V11 exam questions with expert-verified answers and explanations. Page 5 of 21.
- Question #201Information Security and Ethical Hacking Fundamentals
Which type of security feature stops vehicles from crashing through the doors of a building?
physical securitybollardsperimeter securityaccess control - Question #202Information Security and Ethical Hacking Fundamentals
A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by comp...
DMZnetwork segmentationweb server hardeningdata breach mitigation - Question #203System Hacking
Which of the following is considered an exploit framework and has the ability to perform automated attacks on services, ports, applications an unpatched security flaws in a compute...
Metasploitexploit frameworkautomated attackspenetration testing tools - Question #204Hacking Wireless Networks
You want to analyze packets on your wireless network. Which program would you use?
wireless sniffingWiresharkAirpcappacket analysis - Question #205Social Engineering
Jimmy is standing outside a secure entrance to a facility. He is pretending to have a tense conversation on his cell phone as an authorized employee badges in. Jimmy, while still o...
tailgatingphysical access controlsocial engineeringunauthorized entry - Question #206Cryptography
What is the most secure way to mitigate the theft of corporate information from a laptop that was left in a hotel room?
disk encryptiondata at restlaptop securitydata protection - Question #207Social Engineering
In both pharming and phishing attacks an attacker can create websites that look similar to legitimate sites with the intent of collecting personal identifiable information from its...
pharmingphishinghost file manipulationDNS poisoning - Question #208Information Security and Ethical Hacking Fundamentals
What is the role of test automation in security testing?
test automationsecurity testing methodologybenchmark testingmanual vs automated - Question #209Malware Threats
A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take part in coordinated attacks, or host junk email content. Which sort of t...
botnettrojanmalware classificationC2 infrastructure - Question #210Evading IDS, Firewalls, and Honeypots
In order to have an anonymous Internet surf, which of the following is best choice?
Tor networkonion routinganonymitytraffic obfuscation - Question #211Footprinting and Reconnaissance
In which phase of the ethical hacking process can Google hacking be employed? This is a technique that involves manipulating a search string with specific operators to search for v...
Google hackingOSINTsearch operatorspassive reconnaissance - Question #212Cryptography
Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?
OTPcounter-based authenticationHOTPone-time passwords - Question #213Cryptography
How can rainbow tables be defeated?
rainbow tablespassword saltinghash cracking defensepassword storage - Question #214Scanning Networks
The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122, 192.168.1.123 and 192...
nmapCIDR subnet calculationIP addressingscan range - Question #215Social Engineering
In many states sending spam is illegal. Thus, the spammers have techniques to try and ensure that no one knows they sent the spam out to thousands of users at a time. Which of the...
mail relayingspam obfuscationemail spoofingorigin masking - Question #216Scanning Networks
Emil uses nmap to scan two hosts using this command: nmap -sS -T4 -O 192.168.99.1 192.168.99.7 He receives this output: What is his conclusion?
nmapSYN scanOS fingerprintingscan flags - Question #217Scanning Networks
Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP XMAS scan is used to identify listening ports on the targeted system. If a...
XMAS scanTCP flagsopen port behaviorstealth scanning - Question #218Evading IDS, Firewalls, and Honeypots
Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?
msfencodeAV evasionpayload encodingMetasploit - Question #219Hacking Wireless Networks
Which of the following is a passive wireless packet analyzer that works on Linux-based systems?
Kismetpassive wireless scanningwireless packet analysisLinux tools - Question #220Cryptography
Which service in a PKI will vouch for the identity of an individual or company?
PKICertificate Authoritydigital certificatesidentity verification - Question #221System Hacking
What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or PowerShell (.ps1) script?
DEPexploit preventionASLRUAC - Question #222Information Security and Ethical Hacking Fundamentals
Seth is starting a penetration test from inside the network. He hasn't been given any information about the network. What type of test is he conducting?
pen test methodologyblackbox testinginternal testingengagement types - Question #223System Hacking
What is the code written for?
buffer overflowcode analysismemory corruptionexploit development - Question #224Information Security and Ethical Hacking Fundamentals
You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You f...
ethicspen test conductresponsible disclosurelegal boundaries - Question #225Sniffing
An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the...
rogue routerman-in-the-middlerouting protocol authenticationnetwork MITM - Question #226Footprinting and Reconnaissance
Which system consists of a publicly available set of databases that contain domain name registration contact information?
WHOISdomain registrationpassive reconnaissanceOSINT - Question #227Evading IDS, Firewalls, and Honeypots
A penetration test was done at a company. After the test, a report was written and given to the company's IT authorities. A section from the report is shown below: Access List shou...
stateful firewallDMZnetwork segmentationVLAN security - Question #228Scanning Networks
In IPv6 what is the major difference concerning application layer vulnerabilities compared to IPv4?
IPv6application layer vulnerabilitiesdual-stacknetwork protocols - Question #229Information Security and Ethical Hacking Fundamentals
It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices...
HIPAAhealthcare compliancedata privacyregulatory frameworks - Question #230Malware Threats
Jesse receives an email with an attachment labeled "Court_Notice_21206.zip". Inside the zip file named "Court_Notice_21206.docx.exe" disguised as a word document. Upon execution, a...
trojanC2 serverfile extension spoofingmalware disguise - Question #231Hacking Web Applications
A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploit...
XSSHTML injectioninput validationweb security - Question #232Sniffing
An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The a...
DNS spoofingDNS poisoningtraffic redirectionMITM - Question #233Footprinting and Reconnaissance
Which results will be returned with the following Google search query? site:target.com site:Marketing.target.com accounting
Google hackingsite: operatorOSINTsearch dorks - Question #234System Hacking
Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error has taken place. Which of the following is most likely taking place?
DEPnon-executable memorymemory protectionexploit prevention - Question #235Information Security and Ethical Hacking Fundamentals
As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing. What document describes the specifics o...
Rules of Engagementpen test documentationscopelegal agreement - Question #236Evading IDS, Firewalls, and Honeypots
When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator's Computer to update the router confi...
false positiveIDS alert typesintrusion detectiontrue positive - Question #237Cryptography
The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE's Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implemen...
HeartbleedOpenSSLTLSprivate key exposure - Question #238System Hacking
Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands: What is she trying to achieve?
John the Ripperpassword crackingoffline attackpassword hash - Question #239Scanning Networks
What is the correct process for the TCP three-way handshake connection establishment and connection termination?
TCP three-way handshakeSYN-ACKconnection establishmentTCP flags - Question #240Vulnerability Analysis
What is the Shellshock bash vulnerability attempting to do a vulnerable Linux host? env x='(){ :;};echo exploit' bash -c 'cat/etc/passwd'
Shellshockbash vulnerabilitycommand injectionLinux exploitation - Question #241Cryptography
Ricardo wants to send secret messages to a competitor company. To secure these messages, he uses a technique of hiding a secret message within an ordinary message. The technique pr...
steganographysecurity through obscuritydata hidingcovert communication - Question #242Information Security and Ethical Hacking Fundamentals
A well-intentioned researcher discovers a vulnerability on the web site of a major corporation. What should he do?
responsible disclosureethical hackingvulnerability reportingresearcher ethics - Question #243Scanning Networks
You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerpri...
nmapOS fingerprintingroot privilegesnetwork scanning - Question #244SQL Injection
What is the best description of SQL Injection?
SQL injectiondatabase attackunauthorized accessweb security - Question #245Evading IDS, Firewalls, and Honeypots
You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any a...
IDS rulesSnortintrusion detectionalert configuration - Question #246Information Security and Ethical Hacking Fundamentals
What is the benefit of performing an unannounced Penetration Testing?
penetration testingunannounced testingsecurity postureblack-box testing - Question #247Information Security and Ethical Hacking Fundamentals
Under the "Post-attack Phase and Activities", it is the responsibility of the tester to restore the systems to a pre-test state. Which of the following activities should not be inc...
penetration testingpost-attack phasesystem restorationtester responsibilities - Question #248Information Security and Ethical Hacking Fundamentals
Which of the following is a component of a risk assessment?
risk assessmentsecurity managementadministrative safeguardsrisk components - Question #249Information Security and Ethical Hacking Fundamentals
A medium-sized healthcare IT business decides to implement a risk management strategy. Which of the following is NOT one of the five basic responses to risk?
risk managementrisk responserisk strategyhealthcare security - Question #250Vulnerability Analysis
Your company was hired by a small healthcare provider to perform a technical assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based...
vulnerability scanningNessusWindows securityvulnerability assessment tools