312-50V9 Exam Questions
613 real 312-50V9 exam questions with expert-verified answers and explanations. Page 2 of 13.
- Question #51Vulnerability Analysis
Which of the following techniques does a vulnerability scanner use in order to detect a vulnerability on a target service?
vulnerability scannerservice response analysisdetection techniquesbanner grabbing - Question #52Vulnerability Analysis
Which of the following business challenges could be solved by using a vulnerability scanner?
vulnerability scannercompliance testinghost application usagesecurity auditing - Question #53Introduction to Ethical Hacking
A security policy will be more accepted by employees if it is consistent and has the support of
security policyexecutive management supportpolicy acceptanceorganizational security - Question #54Malware Threats
A company has hired a security administrator to maintain and administer Linux and Windows- based systems. Written in the nightly report file is the following: - Firewall log files...
log file tamperingincident responsesuspicious activitylog shrinkage - Question #55Introduction to Ethical Hacking
Which type of scan measures a person's external features through a digital video camera?
facial recognitionbiometricsphysical access controlscan types - Question #56Hacking Wireless Networks
WPA2 uses AES for wireless data encryption at which of the following encryption levels?
WPA2AES encryptionCCMPwireless encryption standards - Question #57System Hacking
An attacker uses a communication channel within an operating system that is neither designed nor intended to transfer information. What is the name of the communications channel?
covert channeloperating systemunauthorized communicationinformation hiding - Question #58Hacking Web Applications
What technique is used to perform a Connection Stream Parameter Pollution (CSPP) attack?
CSPPconnection string injectionparameter pollutionweb application attack - Question #59Vulnerability Analysis
A newly discovered flaw in a software application would be considered which kind of security vulnerability?
zero-day vulnerabilitysoftware flawunpatched vulnerabilityvulnerability types - Question #60Hacking Web Applications
During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to expl...
XSSHttpOnly flagcookie securitycross-site scripting conditions - Question #61Evading IDS, Firewalls, and Honeypots
The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities?
IDS evasionalert thresholdingslow attackdetection bypass - Question #62Evading IDS, Firewalls, and Honeypots
What is the main advantage that a network-based IDS/IPS system has over a host-based solution?
network-based IDShost-based IDSIDS placementtraffic inspection - Question #63Cryptography
The network administrator for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronical...
HTTPSasymmetric encryptioncertificatee-commerce security - Question #64Evading IDS, Firewalls, and Honeypots
When an alert rule is matched in a network-based IDS like snort, the IDS does which of the following?
SnortIDS rule matchingpacket evaluationalert generation - Question #65Evading IDS, Firewalls, and Honeypots
Which type of intrusion detection system can monitor and alert on attacks, but cannot stop them?
passive IDSintrusion detectionIDS typesmonitoring - Question #66Hacking Wireless Networks
An organization hires a tester to do a wireless penetration test. Previous reports indicate that the last test did not contain management or control packets in the submitted traces...
wireless packet capturemanagement frames802.11promiscuous mode - Question #67Scanning Networks
From the two screenshots below, which of the following is occurring? First one: 1 [10.0.0.253]# nmap -sP 10.0.0.0/24 3 Starting Nmap 5 Host 10.0.0.1 appears to be up. 6 MAC Address...
Nmapping sweepIP protocol scannetwork scanning - Question #68Sniffing
Pentest results indicate that voice over IP traffic is traversing a network. Which of the following tools will decode a packet capture and extract the voice conversations?
VoIPpacket captureCaintraffic decoding - Question #69Sniffing
Which technical characteristic do Ethereal/Wireshark, TCPDump, and Snort have in common?
pcaplibpcapWiresharkpacket capture utility - Question #70System Hacking
Which set of access control solutions implements two-factor authentication?
two-factor authenticationUSB tokenPINaccess control - Question #71Cryptography
A security engineer has been asked to deploy a secure remote access solution that will allow employees to connect to the company's internal network. Which of the following can be i...
man-in-the-middlemutual authenticationIPSecremote access - Question #72Cryptography
A person approaches a network administrator and wants advice on how to send encrypted email from home. The end user does not want to have to pay for any license fees or manage serv...
PGPemail encryptionencryption protocolfree encryption - Question #73Cryptography
To send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?
PGPpublic keyasymmetric encryptionkey exchange - Question #74System Hacking
An engineer is learning to write exploits in C++ and is using the exploit tool Backtrack. The engineer wants to compile the newest C++ exploit and name it calc.exe. Which command w...
g++ compilerexploit developmentC++Backtrack - Question #75Scanning Networks
A recently hired network security associate at a local bank was given the responsibility to perform daily scans of the internal network to look for unauthorized devices. The employ...
Python scriptingnetwork scanningautomationunauthorized devices - Question #76Hacking Web Servers
A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended...
chained exploitMSADCnetcatexploit scripting - Question #77Evading IDS, Firewalls, and Honeypots
One advantage of an application-level firewall is the ability to
application-layer firewallHTTP filteringproxy firewallfirewall types - Question #78Evading IDS, Firewalls, and Honeypots
Which of the statements concerning proxy firewalls is correct?
proxy firewallnetwork connectionfirewall architecturepacket filtering - Question #79Vulnerability Analysis
On a Linux device, which of the following commands will start the Nessus client in the background so that the Nessus server can be configured?
NessusLinux commandsbackground processvulnerability scanner - Question #80Vulnerability Analysis
Which of the following tools will scan a network to perform vulnerability checks and compliance auditing?
Nessusvulnerability scanningcompliance auditingsecurity tools - Question #81System Hacking
What is the best defense against privilege escalation vulnerability?
privilege escalationleast privilegeservice accountsmulti-factor authentication - Question #82Malware Threats
How can a rootkit bypass Windows 7 operating system's kernel mode, code signing policy?
rootkitkernel modecode signing bypassboot sector - Question #83Malware Threats
Which of the following items of a computer system will an anti-virus program scan for viruses?
antivirusboot sectorvirus scanningmalware detection - Question #84Evading IDS, Firewalls, and Honeypots
Which protocol and port number might be needed in order to send log messages to a log analysis tool that resides behind a firewall?
syslogUDP 514log managementfirewall ports - Question #85System Hacking
A pentester is using Metasploit to exploit an FTP server and pivot to a LAN. How will the pentester pivot using Metasploit?
Metasploitpivotingmeterpreterlateral movement - Question #86System Hacking
What is the outcome of the comm"nc -l -p 2222 | nc 10.1.0.43 1234"?
netcatnetwork relayport forwardingcommand piping - Question #87Evading IDS, Firewalls, and Honeypots
Which of the following is a client-server tool utilized to evade firewall inspection?
tcp-over-dnsDNS tunnelingfirewall evasioncovert channel - Question #88SQL Injection
Which tool is used to automate SQL injections and exploit a database by forcing a given web application to connect to another database controlled by a hacker?
SQL injection toolsDataThiefdatabase exploitationautomation - Question #89SQL Injection
A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back end database. In order for the tester to see...
SQL injectionsingle quoteinjection testinginput validation - Question #90Evading IDS, Firewalls, and Honeypots
Which of the following identifies the three modes in which Snort can be configured to run?
SnortIDS modespacket loggerNIDS - Question #91Sniffing
When using Wireshark to acquire packet capture on a network, which device would enable the capture of all traffic on the wire?
Wiresharknetwork tappacket capturepromiscuous mode - Question #92System Hacking
Which of the following programming languages is most vulnerable to buffer overflow attacks?
buffer overflowC++memory managementunsafe languages - Question #93Cryptography
Smart cards use which protocol to transfer the certificate in a secure manner?
smart cardEAPcertificate transferauthentication protocol - Question #94Cryptography
Which of the following is a hashing algorithm?
MD5hashing algorithmmessage digestcryptographic primitives - Question #95Sniffing
Which of the following problems can be solved by using Wireshark?
Wiresharkpacket analysisnetwork troubleshootingtraffic analysis - Question #96Sniffing
What is the correct PCAP filter to capture all TCP traffic going to or from host 192.168.0.125 on port 25?
PCAP filterdisplay filterTCP filteringWireshark syntax - Question #97Hacking Wireless Networks
Which tool would be used to collect wireless packet data?
NetStumblerwireless packet captureWiFi toolswireless sniffing - Question #98System Hacking
Which of the following is an example of two factor authentication?
two-factor authenticationbiometricssmartcardauthentication factors - Question #99Cryptography
Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process. Which of the following is the correct bit size of the Diffie-Hellman (DH) group 5?
Diffie-HellmanDH group 5key exchange1536-bit - Question #100Cryptography
After gaining access to the password hashes used to protect access to a web based application, knowledge of which cryptographic algorithms would be useful to gain access to the app...
SHA1password hashinghash crackingweb application security