312-50V11 Practice Questions
1,039 real 312-50V11 exam questions with expert-verified answers and explanations. Page 8 of 21.
- Question #351Malware Threats
A botnet can be managed through which of the following?
botnetIRCcommand and controlmalware - Question #352Scanning Networks
Fingerprinting VPN firewalls is possible with which of the following tools?
VPN fingerprintingike-scanIKE protocolfirewall fingerprinting - Question #353Denial of Service
What is a successful method for protecting a router from potential smurf attacks?
smurf attackDoS mitigationbroadcast pingrouter security - Question #354Cryptography
Which of the following is optimized for confidential communications, such as bidirectional voice and video?
RC4stream ciphersymmetric encryptionconfidential communications - Question #355Cryptography
Advanced encryption standard is an algorithm used for which of the following?
AESbulk encryptionsymmetric encryption - Question #356Cryptography
The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses which of the following?
symmetric cryptographyasymmetric cryptographykey management - Question #357Cryptography
An attacker sniffs encrypted traffic from the network and is subsequently able to decrypt it. The attacker can now use which cryptanalytic technique to attempt to discover the encr...
chosen ciphertext attackcryptanalysisencryption attackciphertext - Question #358Cryptography
What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256 bit key to share sensitive data?
AES-256key distributionsymmetric encryptionkey exchange problem - Question #359Cryptography
A Certificate Authority (CA) generates a key pair that will be used for encryption and decryption of email. The integrity of the encrypted email is dependent on the security of whi...
PKICertificate Authorityprivate keyemail encryption - Question #360Hacking Wireless Networks
When setting up a wireless network, an administrator enters a pre-shared key for security. Which of the following is true?
pre-shared keyWPAsymmetric encryptionwireless security - Question #361Cryptography
An attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file?
chosen plaintext attackpublic key cryptographyasymmetric encryptioncryptanalysis - Question #362Cryptography
Which of the following processes of PKI (Public Key Infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations?
PKIcertificate validationtrust relationshipdigital certificates - Question #363Cryptography
Which of the following describes a component of Public Key Infrastructure (PKI) where a copy of a private key is stored to provide third-party access and to facilitate recovery ope...
key escrowPKIprivate key storagerecovery operations - Question #364Information Security and Ethical Hacking Fundamentals
To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settin...
system hardeningattack surface reductionsecurity configurationbaseline security - Question #365Hacking Web Applications
Which of the following is a common Service Oriented Architecture (SOA) vulnerability?
SOA vulnerabilitiesXML denial of serviceweb servicesservice-oriented architecture - Question #366Information Security and Ethical Hacking Fundamentals
The intrusion detection system at a software development company suddenly generates multiple alerts regarding attacks against the company's external webserver, VPN concentrator, an...
incident responseIDS alert triagesecurity prioritizationalert management - Question #367Information Security and Ethical Hacking Fundamentals
An IT security engineer notices that the company's web server is currently being hacked. What should the engineer do next?
incident responseevidence collectionactive attack handlingweb server security - Question #368Information Security and Ethical Hacking Fundamentals
Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?
CSIRTincident responsesecurity servicestrusted reporting - Question #369Hacking Web Applications
Which of the following items is unique to the N-tier architecture method of designing software applications?
N-tier architecturelayer separationapplication designsoftware architecture - Question #370Scanning Networks
Which of the following descriptions is true about a static NAT?
static NATnetwork address translationone-to-one mappingnetwork infrastructure - Question #371Denial of Service
Which of the following network attacks takes advantage of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack?
teardrop attackIP fragmentationfragment reassemblyTCP/IP vulnerabilities - Question #372Scanning Networks
Employees in a company are no longer able to access Internet web sites on their computers. The network administrator is able to successfully ping IP address of web servers on the I...
DNS resolutionfirewall rulesport 53network troubleshooting - Question #373Hacking Web Applications
While testing the company's web applications, a tester attempts to insert the following test script into the search area on the company's web site: <script>alert(" Testing Testing...
cross-site scriptingXSSJavaScript injectionreflected XSS - Question #374Information Security and Ethical Hacking Fundamentals
Which of the following is an advantage of utilizing security testing methodologies to conduct a security audit?
security testing methodologyrepeatable frameworksecurity audittesting standards - Question #375Hacking Web Applications
The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?
OWASPweb application securityvulnerability listsecurity framework - Question #376Cryptography
In the OSI model, where does PPTP encryption take place?
PPTPOSI modeldata link layerVPN encryption - Question #377Sniffing
Which of the following is an example of IP spoofing?
IP spoofingman-in-the-middlenetwork spoofingpacket manipulation - Question #378Cryptography
For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using...
digital signaturesmessage digestsender private keyasymmetric cryptography - Question #379Cryptography
Some passwords are stored using specialized encryption algorithms known as hashes. Why is this an appropriate method?
password hashingone-way functionsnon-reversible hashingpassword storage - Question #380Cryptography
Company A and Company B have just merged and each has its own Public Key Infrastructure (PKI). What must the Certificate Authorities (CAs) establish so that the private PKIs for Co...
PKIcross certificationCertificate Authority trustinter-organization PKI - Question #381Cryptography
Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?
PKIroot CAcertificate authoritydigital certificates - Question #382Cryptography
A network security administrator is worried about potential man-in-the-middle attacks when users access a corporate web site from their workstations. Which of the following is the...
MITM attackmutual authenticationPKI certificatesSSL/TLS - Question #383Cryptography
Which of the following levels of algorithms does Public Key Infrastructure (PKI) use?
PKIRSAasymmetric encryptionkey strength - Question #384Cryptography
Which of the following is a characteristic of Public Key Infrastructure (PKI)?
PKIpublic-key cryptosystemdigital signatureskey distribution - Question #385Information Security and Ethical Hacking Fundamentals
Which security strategy requires using several, varying methods to protect IT systems against attacks?
defense in depthlayered securitysecurity strategyrisk mitigation - Question #386Hacking Web Applications
SOAP services use which technology to format information?
SOAPXMLweb servicesAPI - Question #387Cryptography
Which of the following can take an arbitrary length of input and produce a message digest output of 160 bit?
SHA-1message digesthash function160-bit output - Question #388Cryptography
Which element of Public Key Infrastructure (PKI) verifies the applicant?
PKIregistration authoritycertificate verificationCA hierarchy - Question #389Information Security and Ethical Hacking Fundamentals
Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?
CSIRTincident responsecybersecurity organizationUS-CERT - Question #390Information Security and Ethical Hacking Fundamentals
How do employers protect assets with security policies pertaining to employee surveillance activities?
security policyemployee monitoringacceptable use policyHR security - Question #391Information Security and Ethical Hacking Fundamentals
Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion?
change managementsecurity policyconfiguration managementcompliance - Question #392Vulnerability Analysis
Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?
PCI DSSNessusvulnerability scanningcompliance tools - Question #393Information Security and Ethical Hacking Fundamentals
Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy o...
Sarbanes-OxleySOXcompliancefinancial reporting - Question #394Information Security and Ethical Hacking Fundamentals
How can a policy help improve an employee's security awareness?
security awarenesssecurity policyemployee trainingsecurity culture - Question #395Information Security and Ethical Hacking Fundamentals
Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design,...
penetration testingsecurity assessmentROIcomprehensive testing - Question #396Information Security and Ethical Hacking Fundamentals
Which of the following guidelines or standards is associated with the credit card industry?
PCI DSScredit card securitycompliance standardsindustry regulation - Question #397Information Security and Ethical Hacking Fundamentals
International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining
ISO 27002security controlscomplianceinformation security standards - Question #398Information Security and Ethical Hacking Fundamentals
Which type of security document is written with specific step-by-step details?
security proceduresecurity policydocumentationsecurity governance - Question #399Information Security and Ethical Hacking Fundamentals
An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker...
ethical hackingauthorizationprofessional ethicsengagement rules - Question #400Information Security and Ethical Hacking Fundamentals
A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from f...
CEH code of ethicsprofessional ethicslegal remediesethical hacker conduct