312-50V9 Practice Questions

Some passwords are stored using specialized encryption algorithms known as hashes. Why is this an appropriate method?

Company A and Company B have just merged and each has its own Public Key Infrastructure (PKI). What must the Certificate Authorities (CAs) establish so that the private PKIs for Co...

Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?

A network security administrator is worried about potential man-in-the-middle attacks when users access a corporate web site from their workstations. Which of the following is the...

Which of the following levels of algorithms does Public Key Infrastructure (PKI) use?

Which of the following is a characteristic of Public Key Infrastructure (PKI)?

Which security strategy requires using several, varying methods to protect IT systems against attacks?

SOAP services use which technology to format information?

Which of the following can take an arbitrary length of input and produce a message digest output of 160 bit?

Which element of Public Key Infrastructure (PKI) verifies the applicant?

Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?

How do employers protect assets with security policies pertaining to employee surveillance activities?

Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion?

Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?

When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?

Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy o...

How can a policy help improve an employee's security awareness?

Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design,...

Which of the following guidelines or standards is associated with the credit card industry?

International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining

Which type of security document is written with specific step-by-step details?

An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker...

A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from f...

Which initial procedure should an ethical hacker perform after being brought into an organization?

A consultant has been hired by the V.P. of a large financial organization to assess the company's security posture. During the security testing, the consultant comes across child p...

A computer technician is using a new version of a word processing software package when it is discovered that a special sequence of characters causes the entire computer to crash....

A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof...

This international organization regulates billions of transactions daily and provides security guidelines to protect personally identifiable information (PII). These security contr...

Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover informati...

Jesse receives an email with an attachment labeled "Court_Notice_21206.zip". Inside the zip file is a file named "Court_Notice_21206.docx.exe" disguised as a word document. Upon ex...

Which tool allows analysts and pen testers to examine links between data using graphs and link analysis?

While using your bank's online servicing you notice the following string in the URL bar: =21" You observe that if you modify the Damount & Camount values and submit the request, th...

Perspective clients want to see sample reports from previous penetration tests. What should you do next?

During a blackbox pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimped...

Jimmy is standing outside a secure entrance to a facility. He is pretending to have a tense conversation on his cell phone as an authorized employee badges in. Jimmy, while still o...

You've gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password....

An attacker has installed a RAT on a host. The attacker wants to ensure that when a user Which file does the attacker need to modify?

After trying multiple exploits, you've gained root access to a Centos 6 server. To ensure you maintain access, what would you do first?

What is the Shellshock bash vulnerability attempting to do on an vulnerable Linux host? env x=`(){ :;};echo exploit` bash -c 'cat /etc/passwd'

Using Windows CMD, how would an attacker list all the shares to which the current user context has access?

A common cryptographical tool is the use of XOR. XOR the following binary values: 10110001 00111010

Which of the following is the successor of SSL?

You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence number?

Your team has won a contract to infiltrate an organization. The company wants to have the attack be as realistic as possible; therefore, they did not provide any information beside...

Which regulation defines security and privacy controls for Federal information systems and organizations?

How does the Address Resolution Protocol (ARP) work?

You are performing information gathering for an important penetration test. You have found pdf, doc, and images in your objective. You decide to extract metadata from these files a...

When you are collecting information to perform a data analysis, Google commands are very useful to find sensitive information and files. These files may contain information about p...

What is a "Collision attack" in cryptography?

You are tasked to perform a penetration test. While you are performing information gathering, you find an employee list in Google. You find the receptionist's email, and you send h...