312-50V13 Exam Questions
626 real 312-50V13 exam questions with expert-verified answers and explanations. Page 9 of 13.
- Question #402Hacking Web Applications
Joel, a professional hacker, targeted a company and identified the types of websites frequently visited by its employees. Using this information, he searched for possible loopholes...
Watering Hole AttackMalware DistributionWeb Application ExploitationTargeted Attack - Question #403Footprinting and Reconnaissance
Juliet, a security researcher in an organization, was tasked with checking for the authenticity of images to be used in the organization's magazines. She used these images as a sea...
FootprintingReconnaissanceReverse image searchOSINT - Question #404Scanning Networks
A security analyst uses Zenmap to perform an ICMP timestamp ping scan to acquire information related to the current time from the target host machine. Which of the following Zenmap...
NmapZenmapICMP timestamp scanport scanning - Question #405Enumeration
Elante company has recently hired James as a penetration tester. He was tasked with performing enumeration on an organization's network. In the process of enumeration, James discov...
port 21FTPservice enumerationnetwork services - Question #406Vulnerability Analysis
Given below are different steps involved in the vulnerability-management life cycle. 1) Remediation 2) Identify assets and create a baseline 3) Verification 4) Monitor 5) Vulnerabi...
vulnerability managementlife cycleremediationvulnerability scan - Question #407System Hacking
Tony is a penetration tester tasked with performing a penetration test. After gaining initial access to a target system, he finds a list of hashed passwords. Which of the following...
password crackingJohn the RipperHashcatnetcat - Question #408Evading IDS, Firewalls, and Honeypots
Which Nmap switch helps evade IDS or firewalls?
NmapIDS evasionfirewall evasiontiming templates - Question #409Cryptography
Harper, a software engineer, is developing an email application. To ensure the confidentiality of email messages. Harper uses a symmetric-key block cipher having a classical 12- or...
symmetric encryptionblock cipherFeistel networkCAST-128 - Question #410Footprinting and Reconnaissance
Which of the following Google advanced search operators helps an attacker in gathering information about websites that are similar to a specified target URL?
Google DorkingOSINTFootprintingInformation Gathering - Question #411Hacking Wireless Networks
The security team of Debry Inc. decided to upgrade Wi-Fi security to thwart attacks such as dictionary attacks and key recovery attacks. For this purpose, the security team started...
Wi-Fi securityWPA3SAEdragonfly key exchange - Question #412Hacking Web Applications
Stella, a professional hacker, performs an attack on web services by exploiting a vulnerability that provides additional routing information in the SOAP header to support asynchron...
Web services attackSOAPWS-AddressingSpoofing - Question #413Footprinting and Reconnaissance
James is working as an ethical hacker at Technix Solutions. The management ordered James to discover how vulnerable its network is towards footprinting attacks. James took the help...
OSINTreconnaissanceopen-source intelligencefootprinting framework - Question #414Cloud Computing
Thomas, a cloud security professional, is performing security assessment on cloud services to identify any loopholes. He detects a vulnerability in a bare-metal cloud server that c...
cloud securitybare-metal serverfirmware backdoorCloudborne attackIaaS - Question #415Introduction to Ethical Hacking
Which among the following is the best example of the third step (delivery) in the cyber kill chain?
cyber kill chaindelivery phasemalicious attachmentemail attacks - Question #416Evading IDS, Firewalls, and Honeypots
Dayn, an attacker, wanted to detect if any honeypots are installed in a target network. For this purpose, he used a time-based TCP fingerprinting method to validate the response to...
honeypot detectiontime-based fingerprintingTCP fingerprintingSnort_inline - Question #417Malware Threats
Which type of malware spreads from one system to another or from one network to another and causes similar types of damage as viruses do to the infected system?
malwarewormvirusself-replication - Question #418Hacking Wireless Networks
A group of hackers were roaming around a bank office building in a city, driving a luxury car. They were using hacking tools on their laptop with the intention to find a free-acces...
wardrivingwireless networksWi-Fi hackingreconnaissance - Question #419Introduction to Ethical Hacking
John, a security analyst working for an organization, found a critical vulnerability on the organization's LAN that allows him to view financial and personal information about the...
ethical hackinghacker typesgray hat - Question #420Cryptography
BitLocker encryption has been implemented for all the Windows-based computers in an organization. You are concerned that someone might lose their cryptographic key. Therefore, a me...
key escrowcryptographic keyskey managementBitLocker - Question #421Sniffing
Miley, a professional hacker, decided to attack a target organization's network. To perform the attack, she used a tool to send fake ARP messages over the target network to link he...
ARP spoofingMITM attacksniffing toolsBetterCAP - Question #422Enumeration
Mason, a professional hacker, targets an organization and spreads Emotet malware through malicious script. After infecting the victim's device. Mason further used Emotet to spread...
EmotetNetwork EnumerationLateral MovementPost-exploitation - Question #423Hacking Wireless Networks
Which wireless security protocol replaces the personal pre-shared key (PSK) authentication with Simultaneous Authentication of Equals (SAE) and is therefore resistant to offline di...
WPA3-PersonalSAE (Simultaneous Authentication of Equals)Wireless Security ProtocolsDictionary Attacks - Question #424Hacking Web Servers
A "Server-Side Includes" attack refers to the exploitation of a web application by injecting scripts in HTML pages or executing arbitrary code remotely. Which web-page file type, i...
Server-Side IncludesSSI attackweb server vulnerabilities.stm file - Question #425Hacking Web Applications
Which of the following web vulnerabilities would an attacker be attempting to exploit if they delivered the following input?
XXEXML External Entityweb vulnerabilities - Question #426Scanning Networks
Which of the following allows attackers to draw a map or outline the target organization's network infrastructure to know about the actual environment that they are going to hack.
Network scanningNetwork mappingInfrastructure discoveryActive reconnaissance - Question #427Cloud Computing
Eric, a cloud security engineer, implements a technique for securing the cloud resources used by his organization. This technique assumes by default that a user attempting to acces...
Zero TrustCloud SecurityNetwork SecurityAccess Control - Question #428Hacking Web Applications
Calvin, a software developer, uses a feature that helps him auto-generate the content of a web page without manual involvement and is integrated with SSI directives. This leads to...
Server-Side Includes injectionSSI injectionweb application vulnerabilities - Question #429IoT Hacking
John, a professional hacker, targeted CyberSol Inc., an MNC. He decided to discover the loT devices connected in the target network that are using default credentials and are vulne...
IoT HackingVulnerability ScanningDefault CredentialsIoT Security Tools - Question #430Social Engineering
Josh has finished scanning a network and has discovered multiple vulnerable services. He knows that several of these usually have protections against external sources but are frequ...
cyber kill chainweaponizationsocial engineeringmalicious file - Question #431Hacking Web Applications
An organization decided to harden its security against web-application and web-server attacks. John, a security personnel in the organization, employed a security scanner to automa...
Web Application SecurityVulnerability ScanningSecurity Scanners - Question #432System Hacking
To hide the file on a Linux system, you have to start the filename with a specific character. What is the character?
Linuxhidden filesfile systemperiod character - Question #433Footprinting and Reconnaissance
Harris is attempting to identify the OS running on his target machine. He inspected the initial TTL in the IP header and the related TCP window size and obtained the following resu...
OS fingerprintingTTLTCP window sizeLinux OS - Question #434Hacking Wireless Networks
Attacker Rony installed a rogue access point within an organization's perimeter and attempted to intrude into its internal network. Johnson, a security auditor, identified some unu...
Rogue Access PointWireless Network AssessmentVulnerability AssessmentWireless Security - Question #435Cryptography
Jane is working as a security professional at CyberSol Inc. She was tasked with ensuring the authentication and integrity of messages being transmitted in the corporate network. To...
Web of trustpublic key cryptographymessage integrityauthentication - Question #436Evading IDS, Firewalls, and Honeypots
While performing an Nmap scan against a host, Paola determines the existence of a firewall. In an attempt to determine whether the firewall is stateful or stateless, which of the f...
NmapFirewallACK ScanStateful vs Stateless - Question #437Cryptography
Bob wants to ensure that Alice can check whether his message has been tampered with. He creates a checksum of the message and encrypts it using asymmetric cryptography. What key do...
Digital SignaturesAsymmetric CryptographyMessage IntegrityPrivate Key - Question #438IoT Hacking
Mirai malware targets loT devices. After infiltration, it uses them to propagate and create botnets that then used to launch which types of attack?
Mirai malwareIoT botnetDDoS attackIoT devices - Question #439Introduction to Ethical Hacking
What information security law or standard aims at protecting stakeholders and the general public from accounting errors and fraudulent activities within organizations?
SOXcomplianceinformation security law - Question #440Cryptography
Kevin, an encryption specialist, implemented a technique that enhances the security of keys used for encryption and authentication. Using this technique, Kevin input an initial key...
key stretchingcryptographic keysbrute-force resistancekey derivation function - Question #441Hacking Web Applications
Ron, a security professional, was pen testing web applications and SaaS platforms used by his company. While testing, he found a vulnerability that allows hackers to gain unauthori...
API securityaccess controlABAC validationweb application vulnerability - Question #442Introduction to Ethical Hacking
Leverox Solutions hired Arnold, a security professional, for the threat intelligence process. Arnold collected information about specific threats against the organization. From thi...
threat intelligenceoperational intelligenceattacker methodologiesrisk disclosure - Question #443Hacking Web Applications
Rebecca, a security professional, wants to authenticate employees who use web services for safe and secure communication. In this process, she employs a component of the Web Servic...
WS-SecuritySOAP securityweb servicesauthentication - Question #444Hacking Mobile Platforms
Jake, a professional hacker, installed spyware on a target iPhone to spy on the target user's activities. He can take complete control of the target mobile device by jailbreaking t...
iOS spywarejailbreakingmobile platform exploitationTrident - Question #445Hacking Wireless Networks
Clark, a professional hacker, attempted to perform a Btlejacking attack using an automated tool, Btlejack, and hardware tool, micro:bit. This attack allowed Clark to hijack, read,...
Bluetooth Low Energy (BLE)BtlejackingConnection Hijackingbtlejack tool - Question #446Denial-of-Service
Mike, a security engineer, was recently hired by BigFox Ltd. The company recently experienced disastrous DoS attacks. The management had instructed Mike to build defensive strategi...
DoS/DDoS countermeasuresjamming attacksscrambling attackscognitive radios - Question #447Enumeration
What useful information is gathered during a successful Simple Mail Transfer Protocol (SMTP) enumeration?
SMTP enumerationVRFYEXPNvalid users - Question #448Hacking Web Applications
Gregory, a professional penetration tester working at Sys Security Ltd., is tasked with performing a security test of web applications used in the company. For this purpose, Gregor...
Burp Suiteweb application testingsession hijackingintercepting proxy - Question #449Footprinting and Reconnaissance
When considering how an attacker may exploit a web server, what is web server footprinting?
web server footprintingreconnaissancesystem-level dataserver names - Question #450Social Engineering
Which of the following tactics uses malicious code to redirect users' web traffic?
pharmingweb traffic redirectionmalicious codesocial engineering - Question #451System Hacking
Attacker Simon targeted the communication network of an organization and disabled the security controls of NetNTLMvl by modifying the values of LMCompatibilityLevel, NTLMMinClientS...
NTLM AttackToken ImpersonationCredential TheftPost-exploitation