312-50V9 Practice Questions

Which type of scan measures a person's external features through a digital video camera?

WPA2 uses AES for wireless data encryption at which of the following encryption levels?

An attacker uses a communication channel within an operating system that is neither designed nor intended to transfer information. What is the name of the communications channel?

What technique is used to perform a Connection Stream Parameter Pollution (CSPP) attack?

A newly discovered flaw in a software application would be considered which kind of security vulnerability?

During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to expl...

The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities?

What is the main advantage that a network-based IDS/IPS system has over a host-based solution?

The network administrator for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronical...

When an alert rule is matched in a network-based IDS like snort, the IDS does which of the following?

Which type of intrusion detection system can monitor and alert on attacks, but cannot stop them?

An organization hires a tester to do a wireless penetration test. Previous reports indicate that the last test did not contain management or control packets in the submitted traces...

From the two screenshots below, which of the following is occurring? First one: 1 [10.0.0.253]# nmap -sP 10.0.0.0/24 3 Starting Nmap 5 Host 10.0.0.1 appears to be up. 6 MAC Address...

Pentest results indicate that voice over IP traffic is traversing a network. Which of the following tools will decode a packet capture and extract the voice conversations?

Which technical characteristic do Ethereal/Wireshark, TCPDump, and Snort have in common?

Which set of access control solutions implements two-factor authentication?

A security engineer has been asked to deploy a secure remote access solution that will allow employees to connect to the company's internal network. Which of the following can be i...

A person approaches a network administrator and wants advice on how to send encrypted email from home. The end user does not want to have to pay for any license fees or manage serv...

To send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?

An engineer is learning to write exploits in C++ and is using the exploit tool Backtrack. The engineer wants to compile the newest C++ exploit and name it calc.exe. Which command w...

A recently hired network security associate at a local bank was given the responsibility to perform daily scans of the internal network to look for unauthorized devices. The employ...

A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended...

One advantage of an application-level firewall is the ability to

Which of the statements concerning proxy firewalls is correct?

On a Linux device, which of the following commands will start the Nessus client in the background so that the Nessus server can be configured?

Which of the following tools will scan a network to perform vulnerability checks and compliance auditing?

What is the best defense against privilege escalation vulnerability?

How can a rootkit bypass Windows 7 operating system's kernel mode, code signing policy?

Which of the following items of a computer system will an anti-virus program scan for viruses?

Which protocol and port number might be needed in order to send log messages to a log analysis tool that resides behind a firewall?

A pentester is using Metasploit to exploit an FTP server and pivot to a LAN. How will the pentester pivot using Metasploit?

What is the outcome of the comm"nc -l -p 2222 | nc 10.1.0.43 1234"?

Which of the following is a client-server tool utilized to evade firewall inspection?

Which tool is used to automate SQL injections and exploit a database by forcing a given web application to connect to another database controlled by a hacker?

A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back end database. In order for the tester to see...

Which of the following identifies the three modes in which Snort can be configured to run?

When using Wireshark to acquire packet capture on a network, which device would enable the capture of all traffic on the wire?

Which of the following programming languages is most vulnerable to buffer overflow attacks?

Smart cards use which protocol to transfer the certificate in a secure manner?

Which of the following is a hashing algorithm?

Which of the following problems can be solved by using Wireshark?

What is the correct PCAP filter to capture all TCP traffic going to or from host 192.168.0.125 on port 25?

Which tool would be used to collect wireless packet data?

Which of the following is an example of two factor authentication?

Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process. Which of the following is the correct bit size of the Diffie-Hellman (DH) group 5?

After gaining access to the password hashes used to protect access to a web based application, knowledge of which cryptographic algorithms would be useful to gain access to the app...

What statement is true regarding LM hashes?

A developer for a company is tasked with creating a program that will allow customers to update their billing and shipping information. The billing address field used is limited to...

A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst d...

A security administrator notices that the log file of the company's webserver contains suspicious entries: Based on source code analysis, the analyst concludes that the login.php s...