312-50V11 Practice Questions
1,039 real 312-50V11 exam questions with expert-verified answers and explanations. Page 9 of 21.
- Question #401Information Security and Ethical Hacking Fundamentals
Which initial procedure should an ethical hacker perform after being brought into an organization?
NDAengagement contractethical hacking processlegal authorization - Question #402Information Security and Ethical Hacking Fundamentals
A consultant has been hired by the V.P. of a large financial organization to assess the company's security posture. During the security testing, the consultant comes across child p...
legal obligationsincident reportingethicsillegal content - Question #403Information Security and Ethical Hacking Fundamentals
A computer technician is using a new version of a word processing software package when it is discovered that a special sequence of characters causes the entire computer to crash....
responsible disclosurevulnerability reportingethicscoordinated disclosure - Question #404Information Security and Ethical Hacking Fundamentals
A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof...
authorizationlegal boundariesethicsscope of engagement - Question #405Information Security and Ethical Hacking Fundamentals
This international organization regulates billions of transactions daily and provides security guidelines to protect personally identifiable information (PII). These security contr...
PCI DSScompliance frameworksPII protectionsecurity standards - Question #406Hacking Web Applications
While using your bank's online servicing you notice the following string in the URL bar: &Camount= 21" You observe that if you modify the Damount & Camount values and submit the re...
parameter tamperingURL manipulationweb vulnerabilitiesinput validation - Question #407Information Security and Ethical Hacking Fundamentals
Perspective clients want to see sample reports from previous penetration tests. What should you do next?
report confidentialityNDApenetration testing ethicsclient data protection - Question #408Evading IDS, Firewalls, and Honeypots
During a blackbox pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimped...
stateful inspectionfirewall typesprotocol tunnelingdeep packet inspection - Question #409System Hacking
You've gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password....
CHNTPWoffline password attackWindows password resetLiveCD tools - Question #410System Hacking
After trying multiple exploits, you've gained root access to a Centos 6 server. To ensure you maintain access, what would you do first?
persistencepost-exploitationbackdoor accountmaintaining access - Question #411System Hacking
What is the Shellshock bash vulnerability attempting to do on an vulnerable Linux host? env x=`(){ :;};echo exploit` bash -c 'cat /etc/passwd'
Shellshockbash vulnerabilityremote code executionCVE-2014-6271 - Question #412Enumeration
Using Windows CMD, how would an attacker list all the shares to which the current user context has access?
NET USEWindows enumerationnetwork sharesWindows CLI commands - Question #413Cryptography
A common cryptographical tool is the use of XOR. XOR the following binary values: 10110001 00111010
XOR operationbinary arithmeticcryptographic primitivesbitwise operations - Question #414Cryptography
Which of the following is the successor of SSL?
TLSSSL successortransport layer securitycryptographic protocols - Question #415Session Hijacking
You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence number?
TCP sequence numberssession hijackingMITMTCP/IP protocol - Question #416Footprinting and Reconnaissance
Your team has won a contract to infiltrate an organization. The company wants to have the attack be as realistic as possible; therefore, they did not provide any information beside...
reconnaissanceblack-box testingpenetration testing methodologyfootprinting - Question #417Footprinting and Reconnaissance
You are performing information gathering for an important penetration test. You have found pdf, doc, and images in your objective. You decide to extract metadata from these files a...
Metagoofilmetadata extractionOSINTdocument analysis - Question #418Footprinting and Reconnaissance
When you are collecting information to perform a data analysis, Google commands are very useful to find sensitive information and files. These files may contain information about p...
Google dorkingfiletype operatorOSINTsensitive file discovery - Question #419Cryptography
What is a "Collision attack" in cryptography?
hash collisioncryptographic attackshash functionscollision resistance - Question #420Social Engineering
You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist's email, and you send h...
spear phishingemail spoofingmalicious link deliverypretexting - Question #421Hacking Web Servers
When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two cr...
nmap scriptingHTTP methodsweb server enumerationPUT DELETE methods - Question #422Sniffing
You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. Y...
Wireshark filterssyslognetwork monitoringpacket analysis - Question #423Cryptography
Which of the following parameters describe LM Hash (see exhibit):
LM Hashpassword hashingWindows authenticationhash parameters - Question #424Information Security and Ethical Hacking Fundamentals
What is the process of logging, recording, and resolving events that take place in an organization?
incident managementsecurity operationsevent loggingITSM - Question #425Hacking Web Applications
The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary co...
OWASP Top Teninjectionweb application securitycritical risks - Question #426Malware Threats
Which of the following describes the characteristics of a Boot Sector Virus?
boot sector virusMBRmalware typesvirus behavior - Question #427Evading IDS, Firewalls, and Honeypots
You have several plain-text firewall logs that you must review to evaluate network traffic. You know that in order to do fast, efficient searches of the logs you must use regular e...
grepregular expressionsfirewall logslog analysis - Question #428Information Security and Ethical Hacking Fundamentals
You've just been hired to perform a pen test on an organization that has been subjected to a large-scale attack. The CIO is concerned with mitigating threats and vulnerabilities to...
risk managementpenetration testingrisk reductionsecurity fundamentals - Question #429Scanning Networks
A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version install...
NMAPport scanningdevice fingerprintingprinter identification - Question #430Information Security and Ethical Hacking Fundamentals
Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company?
biometricsphysical securityaccess controlauthentication factors - Question #431Hacking Mobile Platforms
Which of the following is not a Bluetooth attack?
Bluetooth attacksBluejackingBluesnarfingwireless security - Question #432Footprinting and Reconnaissance
This phase will increase the odds of success in later phases of the penetration test. It is also the very first step in Information Gathering, and it will tell you what the "landsc...
footprintinginformation gatheringethical hacking phasesreconnaissance - Question #433Hacking Wireless Networks
The purpose of a __________ is to deny network access to local area networks and other information assets by unauthorized wireless devices.
WIPSwireless securityintrusion preventionunauthorized access - Question #434Scanning Networks
The NMAP command above performs which of the following? > NMAP -sn 192.168.11.200-215
NMAPping scanhost discovery-sn flag - Question #435Footprinting and Reconnaissance
You are using NMAP to resolve domain names into IP addresses for a ping sweep later. Which of the following commands looks for IP addresses?
DNS lookuphost commandA recordsIP resolution - Question #436Sniffing
Which of the following is a command line packet analyzer similar to GUI-based Wireshark?
tcpdumppacket analyzernetwork monitoringCLI tools - Question #437Sniffing
The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the central processing unit (CPU), rather than passing only the frames...
promiscuous modenetwork interfacepacket capturesniffing - Question #438Evading IDS, Firewalls, and Honeypots
Which of the following is an extremely common IDS evasion technique in the web world?
IDS evasionunicode encodingweb evasionsignature bypass - Question #439Cryptography
Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?
PKIpublic key infrastructuredigital certificatesidentity authentication - Question #440Cloud Computing
Which of the following is a design pattern based on distinct pieces of software providing application functionality as services to other applications?
SOAservice oriented architecturesoftware servicesapplication architecture - Question #441Cryptography
Which of the following is assured by the use of a hash?
hashingdata integritycryptographic functions - Question #442Information Security and Ethical Hacking Fundamentals
Which of the following is the greatest threat posed by backups?
backup securitydata protectionunencrypted backupsphysical security - Question #443Information Security and Ethical Hacking Fundamentals
The chance of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk...
SLEAROALErisk quantification - Question #444Hacking Web Applications
While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser...
CSRFsession cookiescross-site request forgerybrowser security - Question #445Session Hijacking
A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempti...
HTTP cookiessession theftbrowser policycookie management - Question #446Hacking Web Applications
Which of the following is considered the best way to protect Personally Identifiable Information (PII) from Web application vulnerabilities?
PII protectionencrypted transmissionweb application securitydata privacy - Question #447Hacking Web Applications
Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications?
XSS preventioninput validationoutput encodingweb security - Question #448Information Security and Ethical Hacking Fundamentals
An Internet Service Provider (ISP) has a need to authenticate users connecting using analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Netw...
AAA protocolsRADIUSauthenticationnetwork access control - Question #449Vulnerability Analysis
To maintain compliance with regulatory requirements, a security audit of the systems on a network must be performed to determine their compliance with security policies. Which one...
vulnerability scannersecurity auditcompliancepolicy enforcement - Question #450Information Security and Ethical Hacking Fundamentals
Which of these options is the most secure procedure for storing backup tapes?
backup tape storageoffsite storagephysical securitydisaster recovery