312-50V9 Practice Questions

When you are getting information about a web server, it is very important to know the HTTP Methods (GET, POST, HEAD, PUT, DELETE, TRACE) that are available because there are two cr...

When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to...

You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. Y...

This asymmetry cipher is based on factoring the product of two large prime numbers. What cipher is described above?

Which of the following parameters describe LM Hash (see exhibit):

What is the process of logging, recording, and resolving events that take place in an organization?

The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary co...

You are performing a penetration test. You achieved access via a buffer overflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You f...

Which of the following describes the characteristics of a Boot Sector Virus?

You have several plain-text firewall logs that you must review to evaluate network traffic. You know that in order to do fast, efficient searches of the logs you must use regular e...

You've just been hired to perform a pen test on an organization that has been subjected to a large-scale attack. The CIO is concerned with mitigating threats and vulnerabilities to...

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version install...

Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company?

Which of the following is not a Bluetooth attack?

This phase will increase the odds of success in later phases of the penetration test. It is also the very first step in Information Gathering, and it will tell you what the "landsc...

The purpose of a __________ is to deny network access to local area networks and other information assets by unauthorized wireless devices.

The NMAP command above performs which of the following? > NMAP -sn 192.168.11.200-215

You are using NMAP to resolve domain names into IP addresses for a ping sweep later. Which of the following commands looks for IP addresses?

Which of the following is a command line packet analyzer similar to GUI-based Wireshark?

The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the central processing unit (CPU), rather than passing only the frames...

Which of the following is an extremely common IDS evasion technique in the web world?

Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise taking part in a data exchange?

Which of the following is a design pattern based on distinct pieces of software providing application functionality as services to other applications?

Which mode of IPSec should you use to assure security and confidentiality of data within the same LAN?

Which of the following is assured by the use of a hash?

Which of the following is the greatest threat posed by backups?

An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that ha...

In Risk Management, how is the term "likelihood" related to the concept of "threat?"

The chance of a hard drive failure is once every three years. The cost to buy a new hard drive is $300. It will require 10 hours to restore the OS and software to the new hard disk...

A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a...

While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser...

A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempti...

A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploit...

Which of the following is considered the best way to protect Personally Identifiable Information (PII) from Web application vulnerabilities?

Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications?

An Internet Service Provider (ISP) has a need to authenticate users connecting using analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Netw...

To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash...

To maintain compliance with regulatory requirements, a security audit of the systems on a network must be performed to determine their compliance with security policies. Which one...

Which of these options is the most secure procedure for storing backup tapes?

What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

Session splicing is an IDS evasion technique in which an attacker delivers data in multiple, smallsized packets to the target computer, making it very difficult for an IDS to detec...

Which of the following tools can be used for passive OS fingerprinting?

You are the Systems Administrator for a large corporate organization. You need to monitor all network traffic on your local network for suspicious activities and receive notificati...

What does a firewall check to prevent particular ports and applications from getting packets into an organization?

You work as a Security Analyst for a retail organization. In securing the company's network, you set up a firewall and an IDS. However, hackers are able to attack the network. Afte...

Which of the following types of firewalls ensures that the packets are part of the established session?

Which of the following incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an orga...

Ricardo wants to send secret messages to a competitor company. To secure these messages, he uses a technique of hiding a secret message within an ordinary message. The technique pr...

During a security audit of IT processes, an IS auditor found that there were no documented security procedures. What should the IS auditor do?

Which of the following statements regarding ethical hacking is incorrect?