312-50V11 Practice Questions
1,039 real 312-50V11 exam questions with expert-verified answers and explanations. Page 7 of 21.
- Question #301System Hacking
An engineer is learning to write exploits in C++ and is using the exploit tool Backtrack. The engineer wants to compile the newest C++ exploit and name it calc.exe. Which command w...
exploit compilationg++ compilerC++ exploitsBacktrack - Question #302Scanning Networks
A recently hired network security associate at a local bank was given the responsibility to perform daily scans of the internal network to look for unauthorized devices. The employ...
scriptingnetwork scanningPythonautomation - Question #303System Hacking
A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended...
chained exploitMSADCnetcatWindows NT - Question #304Evading IDS, Firewalls, and Honeypots
One advantage of an application-level firewall is the ability to
application-layer firewallHTTP filteringpacket filteringfirewall types - Question #305Evading IDS, Firewalls, and Honeypots
Which of the statements concerning proxy firewalls is correct?
proxy firewallnetwork connectionfirewall typespacket filtering - Question #306Vulnerability Analysis
On a Linux device, which of the following commands will start the Nessus client in the background so that the Nessus server can be configured?
NessusLinux commandsbackground processvulnerability scanner - Question #307Vulnerability Analysis
Which of the following tools will scan a network to perform vulnerability checks and compliance auditing?
Nessusvulnerability scanningcompliance auditingnetwork tools - Question #308System Hacking
What is the best defense against privilege escalation vulnerability?
privilege escalationleast privilegemulti-factor authenticationdefense - Question #309Malware Threats
How can a rootkit bypass Windows 7 operating system's kernel mode, code signing policy?
rootkitkernel modecode signingmaster boot record - Question #310Malware Threats
Which of the following items of a computer system will an anti-virus program scan for viruses?
antivirusboot sectorvirus scanningmalware detection - Question #311Scanning Networks
Which protocol and port number might be needed in order to send log messages to a log analysis tool that resides behind a firewall?
syslogUDP 514log managementfirewall rules - Question #312System Hacking
A pentester is using Metasploit to exploit an FTP server and pivot to a LAN. How will the pentester pivot using Metasploit?
Metasploitpivotingmeterpreterroute statement - Question #313Scanning Networks
What is the outcome of the comm"nc -l -p 2222 | nc 10.1.0.43 1234"?
netcatport forwardingtraffic relaynetwork relay - Question #314Evading IDS, Firewalls, and Honeypots
Which of the following is a client-server tool utilized to evade firewall inspection?
tcp-over-dnsfirewall evasiontunnelingcovert channel - Question #315SQL Injection
Which tool is used to automate SQL injections and exploit a database by forcing a given web application to connect to another database controlled by a hacker?
SQL injectionDataThiefdatabase exploitationautomated injection - Question #316Evading IDS, Firewalls, and Honeypots
Which of the following identifies the three modes in which Snort can be configured to run?
SnortIDS modespacket loggernetwork intrusion detection - Question #317Sniffing
When using Wireshark to acquire packet capture on a network, which device would enable the capture of all traffic on the wire?
Wiresharknetwork tappacket capturetraffic sniffing - Question #318System Hacking
Which of the following programming languages is most vulnerable to buffer overflow attacks?
buffer overflowC++memory safetyvulnerable languages - Question #319Cryptography
Smart cards use which protocol to transfer the certificate in a secure manner?
smart cardsEAPcertificate transferauthentication protocols - Question #320Cryptography
Which of the following is a hashing algorithm?
hashingMD5cryptographic algorithmshash functions - Question #321Sniffing
Which of the following problems can be solved by using Wireshark?
Wiresharkpacket analysisnetwork troubleshootingprotocol capture - Question #322Sniffing
What is the correct PCAP filter to capture all TCP traffic going to or from host 192.168.0.125 on port 25?
PCAP filter syntaxWireshark filtersTCP port filterhost filter - Question #323Hacking Wireless Networks
Which tool would be used to collect wireless packet data?
NetStumblerwireless packet capturewireless tools802.11 - Question #324Information Security and Ethical Hacking Fundamentals
Which of the following is an example of two factor authentication?
multi-factor authenticationauthentication factorsbiometricssmartcard - Question #325Cryptography
Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process. Which of the following is the correct bit size of the Diffie-Hellman (DH) group 5?
Diffie-HellmanDH groupskey exchangekey strength - Question #326Cryptography
After gaining access to the password hashes used to protect access to a web based application, knowledge of which cryptographic algorithms would be useful to gain access to the app...
password hashingSHA1hash crackingweb application authentication - Question #327System Hacking
What statement is true regarding LM hashes?
LM hashesWindows password storagepassword length limitlegacy authentication - Question #328Hacking Web Applications
A developer for a company is tasked with creating a program that will allow customers to update their billing and shipping information. The billing address field used is limited to...
buffer overflow preventioninput validationboundary checkingsecure coding - Question #329Hacking Web Applications
A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst d...
cross-site scriptingXSSvbscript injectionASP web app - Question #330SQL Injection
A security administrator notices that the log file of the company's webserver contains suspicious entries: Based on source code analysis, the analyst concludes that the login.php s...
SQL injectionlogin bypassweb application vulnerabilityMSSQL - Question #331Evading IDS, Firewalls, and Honeypots
Which solution can be used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions?
honeypotdeception technologyemulated servicesattacker luring - Question #332Scanning Networks
Which command lets a tester enumerate alive systems in a class C network via ICMP using native Windows tools?
ping sweepICMP host discoveryWindows CLIclass C enumeration - Question #333Scanning Networks
What results will the following command yield: 'NMAP -sS -O -p 123-153 192.168.100.3'?
Nmap SYN scanOS detectionport range scanningstealth scan - Question #334Scanning Networks
Which of the following parameters enables NMAP's operating system detection feature?
Nmap OS detection-O flagoperating system fingerprintingNmap switches - Question #335Scanning Networks
Which of the following open source tools would be the best choice to scan a network for potential targets?
Nmapnetwork scanningtarget discoveryopen source tools - Question #336Scanning Networks
A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use?
Nmap ping scan-sP switchhost discoverylive host detection - Question #337Sniffing
A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network. Which attack could the hacker use to snif...
MAC floodingswitched network sniffingCAM table overflowARP spoofing - Question #338Vulnerability Analysis
Which of the following settings enables Nessus to detect when it is sending too many packets and the network pipe is approaching capacity?
Nessusscan throttlingcongestion detectionvulnerability scanner settings - Question #339System Hacking
How does an operating system protect the passwords used for account logins?
password hashingone-way hashOS password storagecredential protection - Question #340Hacking Web Applications
An attacker has been successfully modifying the purchase price of items purchased on the company's web site. The security administrators verify the web server and Oracle database h...
hidden form valuesparameter tamperingweb application attackprice manipulation - Question #341System Hacking
Which tool can be used to silently copy files from USB devices?
USB Dumperdata exfiltrationUSB attacksphysical security - Question #342SQL Injection
Which of the following is used to indicate a single-line comment in structured query language (SQL)?
SQL commentsSQL syntaxcomment injection - Question #343Scanning Networks
A security engineer is attempting to map a company's internal network. The engineer enters in the following NMAP command: NMAP -n -sS -P0 -p 80 ***.***.**.** What type of scan is t...
NmapSYN scanstealth scannetwork scanning - Question #344Scanning Networks
What is the broadcast address for the subnet 190.86.168.0/22?
subnettingbroadcast addressCIDRIP addressing - Question #345System Hacking
A company is using Windows Server 2003 for its Active Directory (AD). What is the most efficient way to crack the passwords for the AD users?
rainbow tablepassword crackingActive DirectoryLM hash - Question #346Evading IDS, Firewalls, and Honeypots
Which of the following does proper basic configuration of snort as a network intrusion detection system require?
SnortNIDS configurationintrusion detectionpacket capture - Question #347Sniffing
How is sniffing broadly categorized?
active sniffingpassive sniffingnetwork sniffing - Question #348Information Security and Ethical Hacking Fundamentals
What are the three types of authentication?
authentication factorsmulti-factor authenticationsecurity fundamentals - Question #349Cryptography
The use of technologies like IPSec can help guarantee the following: authenticity, integrity, confidentiality and
IPSecnon-repudiationVPN securitycryptographic properties - Question #350Information Security and Ethical Hacking Fundamentals
What is the main disadvantage of the scripting languages as opposed to compiled programming languages?
scripting languagesinterpreted languagescompiled languagesperformance