312-50V7 Exam Questions

John the Ripper is a technical assessment tool used to test the weakness of which of the following?

A company has made the decision to host their own email and basic web services. The administrator needs to set up the external firewall to limit what protocols should be allowed to...

Which type of scan measures a person's external features through a digital video camera?

In order to show improvement of security over time, what must be developed?

In the software security development life cyle process, threat modeling occurs in which phase?

Which of the following items of a computer system will an anti-virus program scan for viruses?

Which of the following can take an arbitrary length of input and produce a message digest output of 160 bit?

A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new docume...

A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network. Which attack could the hacker use to snif...

Which of the following conditions must be given to allow a tester to exploit a Cross-Site Request Forgery (CSRF) vulnerable web application?

During a wireless penetration test, a tester detects an access point using WPA2 encryption. Which of the following attacks should be used to obtain the key?

Which tool is used to automate SQL injections and exploit a database by forcing a given web application to connect to another database controlled by a hacker?

A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT...

A company is using Windows Server 2003 for its Active Directory (AD). What is the most efficient way to crack the passwords for the AD users?

When an alert rule is matched in a network-based IDS like snort, the IDS does which of the following?

Passive reconnaissance involves collecting information through which of the following?

During a penetration test, the tester conducts an ACK scan using NMAP against the external interface of the DMZ firewall. NMAP reports that port 80 is unfiltered. Based on this res...

What is the main reason the use of a stored biometric is vulnerable to an attack?

Which of the following types of firewall inspects only header information in network traffic?

An attacker sniffs encrypted traffic from the network and is subsequently able to decrypt it. The attacker can now use which cryptanalytic technique to attempt to discover the encr...

Low humidity in a data center can cause which of the following problems?

Which of the following describes a component of Public Key Infrastructure (PKI) where a copy of a private key is stored to provide third-party access and to facilitate recovery ope...

Which tool would be used to collect wireless packet data?

Which of the following processes evaluates the adherence of an organization to its stated security policy?

Which of the following statements are true regarding N-tier architecture? (Choose two.)

Some passwords are stored using specialized encryption algorithms known as hashes. Why is this an appropriate method?

What is the main disadvantage of the scripting languages as opposed to compiled programming languages?

Which of the following are password cracking tools? (Choose three.)

Which of the following techniques can be used to mitigate the risk of an on-site attacker from connecting to an unused network port and gaining full access to the network? (Choose...

When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?

Which type of antenna is used in wireless communication?

Employees in a company are no longer able to access Internet web sites on their computers. The network administrator is able to successfully ping IP address of web servers on the I...

Which initial procedure should an ethical hacker perform after being brought into an organization?

Which of the following guidelines or standards is associated with the credit card industry?

An attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file?

Which tool can be used to silently copy files from USB devices?

How can a rootkit bypass Windows 7 operating system's kernel mode, code signing policy?

A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should...

A consultant has been hired by the V.P. of a large financial organization to assess the company's security posture. During the security testing, the consultant comes across child p...

How is sniffing broadly categorized?

An engineer is learning to write exploits in C++ and is using the exploit tool Backtrack. The engineer wants to compile the newest C++ exploit and name it calc.exe. Which command w...

A computer technician is using a new version of a word processing software package when it is discovered that a special sequence of characters causes the entire computer to crash....

What is the most secure way to mitigate the theft of corporate information from a laptop that was left in a hotel room?

The intrusion detection system at a software development company suddenly generates multiple alerts regarding attacks against the company's external webserver, VPN concentrator, an...

A corporation hired an ethical hacker to test if it is possible to obtain users' login credentials using methods other than social engineering. Access to offices and to a network n...

Which of the following scanning tools is specifically designed to find potential exploits in Microsoft Windows products?

Which of the statements concerning proxy firewalls is correct?

Which of the following is an example of two factor authentication?

A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The company accepting bids wants proof of work so the consultant prints...

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version install...