312-50V9 Exam Questions
613 real 312-50V9 exam questions with expert-verified answers and explanations. Page 3 of 13.
- Question #101System Hacking
What statement is true regarding LM hashes?
LM hashespassword hashingWindows authenticationNTLM - Question #102Hacking Web Applications
A developer for a company is tasked with creating a program that will allow customers to update their billing and shipping information. The billing address field used is limited to...
buffer overflowinput validationsecure codingboundary checking - Question #103Hacking Web Applications
A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst d...
cross-site scriptingXSSASPweb application testing - Question #104SQL Injection
A security administrator notices that the log file of the company's webserver contains suspicious entries: Based on source code analysis, the analyst concludes that the login.php s...
SQL injectionweb server logslogin formsMSSQL - Question #105Evading IDS, Firewalls, and Honeypots
Which solution can be used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions?
honeypotnetwork deceptionservice emulationintrusion detection - Question #106Scanning Networks
Which command lets a tester enumerate alive systems in a class C network via ICMP using native Windows tools?
ping sweepICMPWindows CLInetwork enumeration - Question #107Scanning Networks
What results will the following command yield: 'NMAP -sS -O -p 123-153 192.168.100.3'?
NmapSYN scanOS detectionport range scanning - Question #108Scanning Networks
Which of the following parameters enables NMAP's operating system detection feature?
NmapOS detectioncommand flagsfingerprinting - Question #109Scanning Networks
Which of the following open source tools would be the best choice to scan a network for potential targets?
Nmapnetwork scanningopen source toolsreconnaissance - Question #110Scanning Networks
A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use?
Nmapping scanhost discoverynetwork mapping - Question #111Sniffing
A hacker, who posed as a heating and air conditioning specialist, was able to install a sniffer program in a switched environment network. Which attack could the hacker use to snif...
MAC floodingswitched networksniffingARP - Question #112Vulnerability Analysis
Which of the following settings enables Nessus to detect when it is sending too many packets and the network pipe is approaching capacity?
Nessusvulnerability scanningcongestion controlpacket throttling - Question #113System Hacking
How does an operating system protect the passwords used for account logins?
password hashingone-way hashOS securitycredential storage - Question #114Malware Threats
Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?
stealth virusantivirus evasioninterrupt hookingmalware types - Question #115Hacking Web Applications
An attacker has been successfully modifying the purchase price of items purchased on the company's web site. The security administrators verify the web server and Oracle database h...
hidden form fieldsweb application tamperingparameter manipulatione-commerce security - Question #116System Hacking
Which tool can be used to silently copy files from USB devices?
USB data theftphysical securityremovable mediadata exfiltration - Question #117SQL Injection
Which of the following is used to indicate a single-line comment in structured query language (SQL)?
SQL commentsSQL syntaxinjection techniquesquery manipulation - Question #118Scanning Networks
A security engineer is attempting to map a company's internal network. The engineer enters in the following NMAP command: NMAP -n -sS -P0 -p 80 ***.***.**.** What type of scan is t...
NmapSYN scanstealth scaninternal network mapping - Question #119Scanning Networks
What is the broadcast address for the subnet 190.86.168.0/22?
subnettingCIDRbroadcast addressIP addressing - Question #120System Hacking
A company is using Windows Server 2003 for its Active Directory (AD). What is the most efficient way to crack the passwords for the AD users?
rainbow table attackActive Directorypassword crackingWindows authentication - Question #121Evading IDS, Firewalls, and Honeypots
Which of the following does proper basic configuration of snort as a network intrusion detection system require?
SnortNIDS configurationpacket captureIDS tuning - Question #122Sniffing
How is sniffing broadly categorized?
sniffing typesactive sniffingpassive sniffingnetwork monitoring - Question #123Introduction to Ethical Hacking
What are the three types of authentication?
authentication factorsmulti-factor authenticationidentity verificationaccess control - Question #124Cryptography
The use of technologies like IPSec can help guarantee the following: authenticity, integrity, confidentiality and
IPSecnon-repudiationCIA triadsecurity properties - Question #125Introduction to Ethical Hacking
What is the main disadvantage of the scripting languages as opposed to compiled programming languages?
scripting languagesinterpreted codecompiled languagesperformance - Question #126Malware Threats
A botnet can be managed through which of the following?
botnetIRCC2 channelmalware communication - Question #127Scanning Networks
Fingerprinting VPN firewalls is possible with which of the following tools?
VPN fingerprintingike-scanfirewall enumerationIKE protocol - Question #128Denial of Service
What is a successful method for protecting a router from potential smurf attacks?
smurf attackDDoS mitigationbroadcast pingrouter hardening - Question #129Cryptography
Which of the following is optimized for confidential communications, such as bidirectional voice and video?
RC4stream ciphervoice encryptionvideo encryption - Question #130Cryptography
Advanced encryption standard is an algorithm used for which of the following?
AESsymmetric encryptionbulk encryptionblock cipher - Question #131Cryptography
The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses which of the following?
symmetric cryptographyshared keyasymmetric vs symmetrickey management - Question #132Cryptography
An attacker sniffs encrypted traffic from the network and is subsequently able to decrypt it. The attacker can now use which cryptanalytic technique to attempt to discover the encr...
chosen ciphertext attackcryptanalysisciphertext decryptionkey discovery - Question #133Cryptography
What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256 bit key to share sensitive data?
AES-256symmetric key distributionkey exchangeencryption drawbacks - Question #134Cryptography
A Certificate Authority (CA) generates a key pair that will be used for encryption and decryption of email. The integrity of the encrypted email is dependent on the security of whi...
PKIprivate keycertificate authorityemail encryption - Question #135Hacking Wireless Networks
When setting up a wireless network, an administrator enters a pre-shared key for security. Which of the following is true?
pre-shared keywireless securitysymmetric keyWPA - Question #136Cryptography
An attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file?
chosen plaintext attackpublic key cryptographycryptanalysisasymmetric encryption - Question #137Cryptography
Which of the following processes of PKI (Public Key Infrastructure) ensures that a trust relationship exists and that a certificate is still valid for specific operations?
PKIcertificate validationtrust chaincertificate lifecycle - Question #138Cryptography
Which of the following describes a component of Public Key Infrastructure (PKI) where a copy of a private key is stored to provide third-party access and to facilitate recovery ope...
key escrowPKIprivate key storagekey recovery - Question #139System Hacking
To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settin...
system hardeningattack surface reductionsecurity configurationunnecessary services - Question #140Hacking Web Applications
Which of the following is a common Service Oriented Architecture (SOA) vulnerability?
SOAXML denial of serviceweb servicesSOAP vulnerabilities - Question #141Introduction to Ethical Hacking
The intrusion detection system at a software development company suddenly generates multiple alerts regarding attacks against the company's external webserver, VPN concentrator, an...
incident responsealert triageIDSprioritization - Question #142Hacking Web Servers
An IT security engineer notices that the company's web server is currently being hacked. What should the engineer do next?
incident responseweb server attackevidence collectionforensics - Question #143Introduction to Ethical Hacking
Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?
CSIRTincident responsesecurity servicestrusted reporting - Question #144Hacking Web Applications
Which of the following items is unique to the N-tier architecture method of designing software applications?
N-tier architectureapplication designlayer separationsoftware architecture - Question #145Scanning Networks
If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may b...
hpingTCP pingICMP disabledhost discovery - Question #146Scanning Networks
Which of the following descriptions is true about a static NAT?
static NATone-to-one mappingnetwork address translationNAT types - Question #147Denial of Service
Which of the following network attacks takes advantage of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack?
teardrop attackfragment reassemblyTCP/IP stacknetwork attack - Question #148Scanning Networks
Employees in a company are no longer able to access Internet web sites on their computers. The network administrator is able to successfully ping IP address of web servers on the I...
DNS resolutionfirewall rulesTCP/UDP port 53network troubleshooting - Question #149Hacking Web Applications
While testing the company's web applications, a tester attempts to insert the following test script into the search area on the company's web site: <script>alert(" Testing Testing...
cross-site scriptingXSSJavaScript injectionweb vulnerability - Question #150Introduction to Ethical Hacking
Which of the following is an advantage of utilizing security testing methodologies to conduct a security audit?
security testing methodologyrepeatable frameworksecurity auditpenetration testing