312-50V7 Exam Questions

A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking att...

ICMP ping and ping sweeps are used to check for active systems and to check

A hacker searches in Google for filetype:pcf to find Cisco VPN config files. Those files may contain connectivity passwords that can be decoded with which of the following?

Which technical characteristic do Ethereal/Wireshark, TCPDump, and Snort have in common?

A pentester gains acess to a Windows application server and needs to determine the settings of the built-in Windows firewall. Which command would be used?

The following is a sample of output from a penetration tester's machine targeting a machine with the IP address of 192.168.1.106: What is most likely taking place?

A tester is attempting to capture and analyze the traffic on a given network and realizes that the network has several switches. What could be used to successfully sniff the traffi...

A newly discovered flaw in a software application would be considered which kind of security vulnerability?

What are the three types of authentication?

What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?

While checking the settings on the internet browser, a technician finds that the proxy server settings have been checked and a computer is trying to use itself as a proxy server. W...

Which of the following business challenges could be solved by using a vulnerability scanner?

Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?

If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this sec...

A Certificate Authority (CA) generates a key pair that will be used for encryption and decryption of email. The integrity of the encrypted email is dependent on the security of whi...

Which system consists of a publicly available set of databases that contain domain name registration contact information?

A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back end database. In order for the tester to see...

Which set of access control solutions implements two-factor authentication?

What is the name of the international standard that establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for e...

Advanced encryption standard is an algorithm used for which of the following?

Which statement best describes a server type under an N-tier architecture?

During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to expl...

Which protocol and port number might be needed in order to send log messages to a log analysis tool that resides behind a firewall?

A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof...

A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use?

The network administrator for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronical...

Which security control role does encryption meet?

A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed lik...

A pentester is using Metasploit to exploit an FTP server and pivot to a LAN. How will the pentester pivot using Metasploit?

A company has hired a security administrator to maintain and administer Linux and Windows- based systems. Written in the nightly report file is the followinG. Firewall log files ar...

A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use?

At a Windows Server command prompt, which command could be used to list the running services?

Which of the following is optimized for confidential communications, such as bidirectional voice and video?

The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities?

Which of the following is considered an acceptable option when managing a risk?

A person approaches a network administrator and wants advice on how to send encrypted email from home. The end user does not want to have to pay for any license fees or manage serv...

Which of the following countermeasure can specifically protect against both the MAC Flood and MAC Spoofing attacks?

Jimmy, an attacker, knows that he can take advantage of poorly designed input validation routines to create or alter SQL commands to gain access to private data or execute commands...

This IDS defeating technique works by splitting a datagram (or packet) into multiple fragments and the IDS will not spot the true nature of the fully assembled datagram. The datagr...

If a competitor wants to cause damage to your organization, steal critical secrets, or put you out of business, they just have to find a job opening, prepare someone to pass the in...

This type of Port Scanning technique splits TCP header into several packets so that the packet filters are not able to detect what the packets intends to do.

Joel and her team have been going through tons of garbage, recycled paper, and other rubbish in order to find some information about the target they are attempting to penetrate. Ho...

What type of attack is shown in the following diagram?

Anonymizer sites access the Internet on your behalf, protecting your personal information from disclosure. An anonymizer protects all of your computer's identifying information whi...

Jack Hacker wants to break into Brown Co.'s computers and obtain their secret double fudge cookie recipe. Jack calls Jane, an accountant at Brown Co., pretending to be an administr...

How do you defend against ARP Spoofing? Select three.

TCP SYN Flood attack uses the three-way handshake mechanism. 1. An attacker at system A sends a SYN packet to victim at system B. 2. System B sends a SYN/ACK packet to victim A. 3....

Lori is a Certified Ethical Hacker as well as a Certified Hacking Forensics Investigator working as an IT security consultant. Lori has been hired on by Kiley Innovators, a large m...

You run nmap port Scan on 10.0.0.5 and attempt to gain banner/server information from services running on ports 21, 110 and 123. Here is the output of your scan results: Which of t...

How do you defend against Privilege Escalation?