312-50V9 Practice Questions

You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly. What is the best nmap command you...

You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerpri...

Which of the following statements is TRUE?

You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line. Which command would you use?

What is the best description of SQL Injection?

Which of the following is the BEST way to defend against network sniffing?

You have successfully gained access to a linux server and would like to ensure that the succeeding outgoing traffic from this server will not be caught by a Network Based Intrusion...

You just set up a security system in your network. In what kind of system would you find the following string of characters used as a rule within its configuration? alert tcp any a...

What is the benefit of performing an unannounced Penetration Testing?

You have successfully compromised a machine on the network and found a server that is alive on the same network. You tried to ping it but you didn't get any response back. What is...

Under the "Post-attack Phase and Activities", it is the responsibility of the tester to restore the systems to a pre-test state. Which of the following activities should not be inc...

It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices...

Which of the following is a component of a risk assessment?

A medium-sized healthcare IT business decides to implement a risk management strategy. Which of the following is NOT one of the five basic responses to risk?

Your company was hired by a small healthcare provider to perform a technical assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based...

Nation-state threat actors often discover vulnerabilities and hold on to them until they want to launch a sophisticated attack. The Stuxnet attack was an unprecedented style of att...

An attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim's profile to a text file and the...

It is a vulnerability in GNU's bash shell, discovered in September of 2014, that gives attackers access to run remote commands on a vulnerable system. The malicious software can ta...

When you return to your desk after a lunch break, you notice a strange email in your inbox. The sender is someone you did business with recently, but the subject line has strange c...

The network administrator contacts you and tells you that she noticed the temperature on the internal wireless router increases by more than 20% during weekend hours when the offic...

A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by comp...

Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP XMAS scan is used to identify listening ports on the targeted system. If a...

During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal network. W...

This tool is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with som...

The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE's Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implemen...

In 2007, this wireless security algorithm was rendered useless by capturing packets and discovering the passkey in a matter of seconds. This security flaw led to a network invasion...

Which of the following is considered an acceptable option when managing a risk?

Which security control role does encryption meet?

Which type of access control is used on a router or firewall to limit network activity?

At a Windows Server command prompt, which command could be used to list the running services?

A security consultant decides to use multiple layers of anti-virus defense, such as end user desktop anti- virus and E-mail gateway. This approach can be used to mitigate which kin...

Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP?

Which of the following scanning tools is specifically designed to find potential exploits in Microsoft Windows products?

A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT...

What is the main reason the use of a stored biometric is vulnerable to an attack?

During a wireless penetration test, a tester detects an access point using WPA2 encryption. Which of the following attacks should be used to obtain the key?

Which type of antenna is used in wireless communication?

What is the name of the international standard that establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for e...

One way to defeat a multi-level security solution is to leak data via

Which of the following conditions must be given to allow a tester to exploit a Cross-Site Request Forgery (CSRF) vulnerable web application?

What is the main difference between a "Normal" SQL Injection and a "Blind" SQL Injection vulnerability?

During a penetration test, a tester finds a target that is running MS SQL 2000 with default credentials. The tester assumes that the service is running with Local System account. H...

The precaution of prohibiting employees from bringing personal computing devices into a facility is what type of security control?

A pentester gains access to a Windows application server and needs to determine the settings of the built- in Windows firewall. Which command would be used?

In the software security development life cycle process, threat modeling occurs in which phase?

A network administrator received an administrative alert at 3:00 a.m. from the intrusion detection system. The alert was generated because a large number of packets were coming int...

Which of the following techniques does a vulnerability scanner use in order to detect a vulnerability on a target service?

Which of the following business challenges could be solved by using a vulnerability scanner?

A security policy will be more accepted by employees if it is consistent and has the support of

A company has hired a security administrator to maintain and administer Linux and Windows- based systems. Written in the nightly report file is the following: - Firewall log files...