312-50V9 Practice Questions

Which solution can be used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions?

Which command lets a tester enumerate alive systems in a class C network via ICMP using native Windows tools?

What results will the following command yield: 'NMAP -sS -O -p 123-153 192.168.100.3'?

Which of the following parameters enables NMAP's operating system detection feature?

Which of the following open source tools would be the best choice to scan a network for potential targets?

A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use?

A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network. Which attack could the hacker use to snif...

Which of the following settings enables Nessus to detect when it is sending too many packets and the network pipe is approaching capacity?

How does an operating system protect the passwords used for account logins?

Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?

An attacker has been successfully modifying the purchase price of items purchased on the company's web site. The security administrators verify the web server and Oracle database h...

Which tool can be used to silently copy files from USB devices?

Which of the following is used to indicate a single-line comment in structured query language (SQL)?

A security engineer is attempting to map a company's internal network. The engineer enters in the following NMAP command: NMAP -n -sS -P0 -p 80 ***.***.**.** What type of scan is t...

What is the broadcast address for the subnet 190.86.168.0/22?

A company is using Windows Server 2003 for its Active Directory (AD). What is the most efficient way to crack the passwords for the AD users?

Which of the following does proper basic configuration of snort as a network intrusion detection system require?

How is sniffing broadly categorized?

What are the three types of authentication?

The use of technologies like IPSec can help guarantee the following: authenticity, integrity, confidentiality and

What is the main disadvantage of the scripting languages as opposed to compiled programming languages?

A botnet can be managed through which of the following?

Fingerprinting VPN firewalls is possible with which of the following tools?

What is a successful method for protecting a router from potential smurf attacks?

Which of the following is optimized for confidential communications, such as bidirectional voice and video?

Advanced encryption standard is an algorithm used for which of the following?

The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses which of the following?

An attacker sniffs encrypted traffic from the network and is subsequently able to decrypt it. The attacker can now use which cryptanalytic technique to attempt to discover the encr...

What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256 bit key to share sensitive data?

A Certificate Authority (CA) generates a key pair that will be used for encryption and decryption of email. The integrity of the encrypted email is dependent on the security of whi...

When setting up a wireless network, an administrator enters a pre-shared key for security. Which of the following is true?

An attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file?

Which of the following processes of PKI (Public Key Infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations?

Which of the following describes a component of Public Key Infrastructure (PKI) where a copy of a private key is stored to provide third-party access and to facilitate recovery ope...

To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settin...

Which of the following is a common Service Oriented Architecture (SOA) vulnerability?

The intrusion detection system at a software development company suddenly generates multiple alerts regarding attacks against the company's external webserver, VPN concentrator, an...

An IT security engineer notices that the company's web server is currently being hacked. What should the engineer do next?

Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?

Which of the following items is unique to the N-tier architecture method of designing software applications?

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may b...

Which of the following descriptions is true about a static NAT?

Which of the following network attacks takes advantage of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack?

Employees in a company are no longer able to access Internet web sites on their computers. The network administrator is able to successfully ping IP address of web servers on the I...

While testing the company's web applications, a tester attempts to insert the following test script into the search area on the company's web site: <script>alert(" Testing Testing...

Which of the following is an advantage of utilizing security testing methodologies to conduct a security audit?

The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?

In the OSI model, where does PPTP encryption take place?

Which of the following is an example of IP spoofing?

For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using...