312-50V13 Exam Questions
626 real 312-50V13 exam questions with expert-verified answers and explanations. Page 1 of 13.
- Question #1Hacking Wireless Networks
"........is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communi...
Evil Twin AttackWireless AttacksRogue Access PointPhishing - Question #2Introduction to Ethical Hacking
What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?
Risk ManagementResidual RiskInformation Security Concepts - Question #3Network and Perimeter Hacking
Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, small sized packets to the target computer, making it very difficult for an IDS to dete...
IDS evasionsession splicingWhiskerattack tools - Question #4Reconnaissance Techniques
You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly. What is the best Nmap command you...
Nmapnetwork scanninghost discoverynetwork enumeration - Question #5Sniffing
Which of the following is the BEST way to defend against network sniffing?
Network sniffing defenseEncryption protocolsNetwork securityCountermeasures - Question #6Cryptography
Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?
IPsecOSI ModelEncryption ProtocolsFTP Security - Question #7Cryptography
What is the known plaintext attack used against DES which gives the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more sec...
Meet-in-the-middle attackDESKnown plaintext attackCryptographic weakness - Question #8Information Security and Ethical Hacking Overview
Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a p...
multi-factor authenticationbiometricsRFIDaccess control - Question #9Information Security and Ethical Hacking Overview
What is not a PCI compliance recommendation?
PCI DSScompliancedata security standardspayment card data - Question #10Network and Perimeter Hacking
What is the minimum number of network connections in a multihomed firewall?
firewallnetwork architecturemultihomednetwork security - Question #11Information Security and Ethical Hacking Overview
Suppose your company has just passed a security risk assessment exercise. The results display that the risk of the breach in the main company application is 50%. Security staff has...
risk managementrisk acceptancerisk thresholdsecurity controls - Question #12Network and Perimeter Hacking
You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recomm...
network architectureDMZweb serverapplication server - Question #13Network and Perimeter Hacking
An attacker, using a rogue wireless AP, performed an MITM attack and injected an HTML code to embed a malicious applet in all HTTP connections. When users accessed any page, the ap...
MITM attackHTML injectionEttercapwireless hacking tools - Question #14Network and Perimeter Hacking
Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?
IPSecESP transport modenetwork encryptionLAN security - Question #15Reconnaissance Techniques
Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatt...
reconnaissancephishingsocial engineeringinformation gathering - Question #16Malware Threats
Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?
virus typesstealth virusmalware evasion - Question #17Introduction to Ethical Hacking
The "Gray-box testing" methodology enforces what kind of restriction?
Gray-box testingPenetration testing methodologiesSecurity assessment types - Question #18Evading IDS, Firewalls, and Honeypots
When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator's Computer to update the router confi...
IDSSecurity MonitoringAlert ClassificationFalse Positive - Question #19Hacking Mobile Platforms
A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking att...
mobile securityblackberry hackingmobile attack tools - Question #20Hacking Web Servers
When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two cr...
Nmap scriptsHTTP methodsweb server enumeration - Question #21Cryptography
Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?
authentication systemsone-time passwordscounter-based authentication - Question #22Social Engineering
Which of the following is a low-tech way of gaining unauthorized access to systems?
social engineeringlow-tech attackshuman exploitation - Question #23Footprinting and Reconnaissance
Which system consists of a publicly available set of databases that contain domain name registration contact information?
WHOISdomain registrationinformation gathering - Question #24Vulnerability Analysis
Why is a penetration test considered to be more thorough than vulnerability scan?
penetration testingvulnerability scanningsecurity assessment - Question #25Social Engineering
Bob received this text message on his mobile phone: "Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: [email protected]". Which st...
phishingscam detectionsocial engineering - Question #26System Hacking
env x='(){ :;};echo exploit' bash c 'cat/etc/passwd' What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?
Shellshock vulnerabilitybash exploitremote code execution - Question #27Cryptography
Which of the following is assured by the use of a hash?
hashingdata integritycryptographic principles - Question #28Footprinting and Reconnaissance
Which results will be returned with the following Google search query? site:target.com site:Marketing.target.com accounting
Google DorkingOSINTinformation gathering - Question #29Cryptography
Email is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP does not encrypt email, leaving the information in the message vulnerable to being read by a...
SMTPTLS encryptionemail security - Question #30Cryptography
In the field of cryptanalysis, what is meant by a "rubber-hose" attack?
Rubber-hose attackCryptanalysisCoercion - Question #31Sniffing
You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. Y...
Wireshark filterssyslognetwork troubleshootingpacket analysis - Question #32Cryptography
What two conditions must a digital signature meet?
digital signaturesauthenticationnon-repudiation - Question #33Session Hijacking
A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempti...
HTTP cookiessession hijackingbrowser security - Question #34Cryptography
What is correct about digital signatures?
digital signaturesdocument integritynon-repudiation - Question #35Sniffing
An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?
STP attacknetwork reconnaissancetraffic redirectionMITM - Question #36System Hacking
You have gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password...
Password resetWindows securityLiveCD toolsCHNTPW - Question #37Evading IDS, Firewalls, and Honeypots
What does a firewall check to prevent particular ports and applications from getting packets into an organization?
Firewall rulesPacket filteringTransport layerApplication layer - Question #38System Hacking
An attacker has installed a RAT on a host. The attacker wants to ensure that when a user Which file does the attacker need to modify?
Hosts fileDNS SpoofingRATSystem persistence - Question #39Vulnerability Analysis
is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types...
DNSSECDNS securityDNS poisoning preventionSpoofing prevention - Question #40Introduction to Ethical Hacking
Which of the following incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an orga...
Incident responsePreparation phaseSecurity policyContingency planning - Question #41Sniffing
The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the Central Processing Unit (CPU), rather than passing only the frames...
Promiscuous modeNetwork interfacePacket captureSniffing - Question #42System Hacking
A large mobile telephony and data network operator has a data center that houses network elements. These are essentially large computers running on Linux. The perimeter of the data...
System hardeningLinux securitySecurity policyPenetration testing - Question #43Cryptography
PGP, SSL, and IKE are all examples of which type of cryptography?
Public key cryptographyPGPSSL/TLSIKE - Question #44Footprinting and Reconnaissance
Peter is surfing the internet looking for information about DX Company. Which hacking process is Peter doing?
FootprintingReconnaissanceInformation gatheringOSINT - Question #45Introduction to Ethical Hacking
A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer's software and hardware without the owner's permission. Their intention c...
Hacker typesGray HatEthical hackingCybersecurity roles - Question #46Evading IDS, Firewalls, and Honeypots
During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network. W...
DNS architectureDMZSplit DNSNetwork segmentation - Question #47Malware Threats
What kind of detection techniques is being used in antivirus software that identifies malware by collecting data from multiple protected systems and instead of analyzing files loca...
AntivirusMalware detectionCloud-based securityThreat intelligence - Question #48Sniffing
Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?
Packet analysisNetwork forensicstcpdumptcptrace - Question #49Evading IDS, Firewalls, and Honeypots
What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports a...
Firewall bypassFirewalkingPort scanningNetwork mapping - Question #50Hacking Wireless Networks
Which of the following is not a Bluetooth attack?
Bluetooth attacksWireless securityMobile security