312-50V9 Exam Questions
613 real 312-50V9 exam questions with expert-verified answers and explanations. Page 4 of 13.
- Question #151Hacking Web Applications
The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?
OWASPweb application securityvulnerability listsecurity framework - Question #152Cryptography
In the OSI model, where does PPTP encryption take place?
PPTPOSI modeldata link layerVPN encryption - Question #153Session Hijacking
Which of the following is an example of IP spoofing?
IP spoofingman-in-the-middleARP poisoningnetwork attacks - Question #154Cryptography
For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using...
digital signaturemessage digestprivate key encryptionnon-repudiation - Question #155Cryptography
Some passwords are stored using specialized encryption algorithms known as hashes. Why is this an appropriate method?
password hashingone-way hashnon-reversible encryptionpassword storage - Question #156Cryptography
Company A and Company B have just merged and each has its own Public Key Infrastructure (PKI). What must the Certificate Authorities (CAs) establish so that the private PKIs for Co...
PKIcross certificationcertificate authoritytrust model - Question #157Cryptography
Which of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?
root CAPKIcertificate authoritydigital certificates - Question #158Cryptography
A network security administrator is worried about potential man-in-the-middle attacks when users access a corporate web site from their workstations. Which of the following is the...
man-in-the-middle preventionmutual TLSPKI certificatesweb security - Question #159Cryptography
Which of the following levels of algorithms does Public Key Infrastructure (PKI) use?
PKIRSAkey strengthasymmetric encryption - Question #160Cryptography
Which of the following is a characteristic of Public Key Infrastructure (PKI)?
PKIpublic-key cryptosystemkey distributiondigital signatures - Question #161Introduction to Ethical Hacking
Which security strategy requires using several, varying methods to protect IT systems against attacks?
defense in depthlayered securitysecurity strategyIT protection - Question #162Hacking Web Applications
SOAP services use which technology to format information?
SOAPXMLweb servicesAPI protocols - Question #163Cryptography
Which of the following can take an arbitrary length of input and produce a message digest output of 160 bit?
SHA-1message digesthash functionscryptographic algorithms - Question #164Cryptography
Which element of Public Key Infrastructure (PKI) verifies the applicant?
PKIregistration authoritycertificate authoritypublic key infrastructure - Question #165Introduction to Ethical Hacking
Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?
CSIRTincident responsecybersecurity organizationsgovernment security - Question #166Introduction to Ethical Hacking
How do employers protect assets with security policies pertaining to employee surveillance activities?
security policyemployee surveillanceworkplace monitoringlegal compliance - Question #167Introduction to Ethical Hacking
Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion?
change managementconfiguration controlsecurity policiesdocumentation - Question #168Vulnerability Analysis
Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?
PCI DSSNessusvulnerability scanningcompliance tools - Question #169Introduction to Ethical Hacking
When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?
PCI DSSpenetration testing frequencycompliance requirementssecurity testing - Question #170Introduction to Ethical Hacking
Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy o...
Sarbanes-Oxley ActSOXfinancial complianceregulatory compliance - Question #171Introduction to Ethical Hacking
How can a policy help improve an employee's security awareness?
security awarenesssecurity policyemployee trainingorganizational security - Question #172Introduction to Ethical Hacking
Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design,...
penetration testingsecurity ROIcomprehensive assessmentsecurity posture - Question #173Introduction to Ethical Hacking
Which of the following guidelines or standards is associated with the credit card industry?
PCI DSScredit card securityindustry standardsregulatory compliance - Question #174Introduction to Ethical Hacking
International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining
ISO 27002security controlsinformation security standardscompliance guidance - Question #175Introduction to Ethical Hacking
Which type of security document is written with specific step-by-step details?
security procedurespolicy documentationsecurity governancestep-by-step documentation - Question #176Introduction to Ethical Hacking
An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker...
authorizationprofessional ethicsengagement scopeconflict of interest - Question #177Introduction to Ethical Hacking
A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from f...
professional ethicslegal remediescode of conductethical hacker obligations - Question #178Introduction to Ethical Hacking
Which initial procedure should an ethical hacker perform after being brought into an organization?
engagement proceduresNDApenetration testing processformal contract - Question #179Introduction to Ethical Hacking
A consultant has been hired by the V.P. of a large financial organization to assess the company's security posture. During the security testing, the consultant comes across child p...
legal obligationsmandatory reportingethical conductincident handling - Question #180Introduction to Ethical Hacking
A computer technician is using a new version of a word processing software package when it is discovered that a special sequence of characters causes the entire computer to crash....
responsible disclosurevulnerability disclosureethical conductbug reporting - Question #181Introduction to Ethical Hacking
A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof...
ethicsauthorizationlegal boundariesprofessional conduct - Question #182Introduction to Ethical Hacking
This international organization regulates billions of transactions daily and provides security guidelines to protect personally identifiable information (PII). These security contr...
PCIPIIcomplianceregulatory frameworks - Question #183Introduction to Ethical Hacking
Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover informati...
ethicslegal obligationsincident reportingprofessional conduct - Question #184Malware Threats
Jesse receives an email with an attachment labeled "Court_Notice_21206.zip". Inside the zip file is a file named "Court_Notice_21206.docx.exe" disguised as a word document. Upon ex...
TrojanC2 communicationmalware deliverysocial engineering - Question #185Footprinting and Reconnaissance
Which tool allows analysts and pen testers to examine links between data using graphs and link analysis?
MaltegoOSINTlink analysisreconnaissance tools - Question #186Hacking Web Applications
While using your bank's online servicing you notice the following string in the URL bar: =21" You observe that if you modify the Damount & Camount values and submit the request, th...
parameter tamperinginput validationURL manipulationweb vulnerabilities - Question #187Introduction to Ethical Hacking
Perspective clients want to see sample reports from previous penetration tests. What should you do next?
confidentialityNDAreport handlingprofessional ethics - Question #188Evading IDS, Firewalls, and Honeypots
During a blackbox pen test you attempt to pass IRC traffic over port 80/TCP from a compromised web enabled host. The traffic gets blocked; however, outbound HTTP traffic is unimped...
firewall typesdeep packet inspectionprotocol identificationport evasion - Question #189Social Engineering
Jimmy is standing outside a secure entrance to a facility. He is pretending to have a tense conversation on his cell phone as an authorized employee badges in. Jimmy, while still o...
tailgatingpiggybackingphysical securitysocial engineering - Question #190System Hacking
You've gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password....
CHNTPWoffline password attackWindows authenticationLiveCD - Question #191System Hacking
An attacker has installed a RAT on a host. The attacker wants to ensure that when a user Which file does the attacker need to modify?
RAThosts filepersistenceDNS manipulation - Question #192System Hacking
After trying multiple exploits, you've gained root access to a Centos 6 server. To ensure you maintain access, what would you do first?
persistencepost-exploitationmaintaining accessprivilege escalation - Question #193System Hacking
What is the Shellshock bash vulnerability attempting to do on an vulnerable Linux host? env x=`(){ :;};echo exploit` bash -c 'cat /etc/passwd'
Shellshockbash vulnerabilitycommand injection/etc/passwd - Question #194Enumeration
Using Windows CMD, how would an attacker list all the shares to which the current user context has access?
NET USEWindows sharesnetwork enumerationCMD commands - Question #195Cryptography
A common cryptographical tool is the use of XOR. XOR the following binary values: 10110001 00111010
XORbinary operationsbitwise operatorscryptography fundamentals - Question #196Cryptography
Which of the following is the successor of SSL?
TLSSSLsecure protocolstransport security - Question #197Session Hijacking
You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a sequence number?
TCP sequence numberssession hijackingMITMTCP protocol - Question #198Footprinting and Reconnaissance
Your team has won a contract to infiltrate an organization. The company wants to have the attack be as realistic as possible; therefore, they did not provide any information beside...
reconnaissancefootprintingblack-box testingpenetration testing methodology - Question #199Introduction to Ethical Hacking
Which regulation defines security and privacy controls for Federal information systems and organizations?
NIST-800-53compliancefederal securityregulatory frameworks - Question #200Sniffing
How does the Address Resolution Protocol (ARP) work?
ARPMAC address resolutionnetwork protocolbroadcast request