312-50V9 Exam Questions
613 real 312-50V9 exam questions with expert-verified answers and explanations. Page 6 of 13.
- Question #251Introduction to Ethical Hacking
Which of the following incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an orga...
incident handlingpreparation phaseincident responsesecurity planning - Question #252Cryptography
Ricardo wants to send secret messages to a competitor company. To secure these messages, he uses a technique of hiding a secret message within an ordinary message. The technique pr...
steganographysecurity through obscuritydata hidingcovert communication - Question #253Introduction to Ethical Hacking
During a security audit of IT processes, an IS auditor found that there were no documented security procedures. What should the IS auditor do?
security auditIS auditingundocumented procedurescompliance assessment - Question #254Introduction to Ethical Hacking
Which of the following statements regarding ethical hacking is incorrect?
ethical hackingrules of engagementpenetration testing methodologyhacking tools - Question #255Vulnerability Analysis
Craig received a report of all the computers on the network that showed all the missing patches and weak passwords. What type of software generated this report?
vulnerability scannerpatch managementweak passwordssecurity assessment - Question #256Cryptography
What two conditions must a digital signature meet?
digital signaturesauthenticationnon-repudiationPKI - Question #257Hacking Web Servers
An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The a...
DNS spoofingtraffic redirectionDNS poisoningDNS hijacking - Question #258Introduction to Ethical Hacking
If executives are found liable for not properly protecting their company's assets and information systems, what type of law would apply in this situation?
civil liabilitycorporate liabilityinformation security lawlegal frameworks - Question #259Vulnerability Analysis
What is the role of test automation in security testing?
test automationsecurity testingbenchmark testingmanual vs automated - Question #260Social Engineering
The company ABC recently discovered that their new product was released by the opposition before their premiere. They contract an investigator who discovered that the maid threw aw...
dumpster divingphysical securityinformation gatheringsocial engineering - Question #261Cryptography
The company ABC recently contracted a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and th...
data integrityhashingcryptographic hashdocument security - Question #262System Hacking
A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd. How can he use it?
/etc/passwdLinux authenticationpassword fileshadow passwords - Question #263System Hacking
Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands: [eve@localhost ~]$ john secret.txt Loaded 2 password hashes with no different...
John the Ripperpassword crackingLM hashoffline attack - Question #264Evading IDS, Firewalls, and Honeypots
What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports a...
firewalkingpacket filteringfirewall bypassport scanning - Question #265Introduction to Ethical Hacking
Seth is starting a penetration test from inside the network. He hasn't been given any information about the network. What type of test is he conducting?
penetration testing typesblackbox testinginternal testingtest methodology - Question #266Hacking Web Applications
Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers?
N-tier architectureapplication layerslogic tierweb application architecture - Question #267Scanning Networks
An attacker tries to do banner grabbing on a remote web server and executes the following command. $ nmap -sV host.domain.com -p 80 He gets the following output. Nmap scan report f...
banner grabbingnmap -sVservice version detectionweb server fingerprinting - Question #268Footprinting and Reconnaissance
_________ is a set of extensions to DNS that provide to DNS clients (resolvers) origin authentication of DNS data to reduce the threat of DNS poisoning, spoofing, and similar attac...
DNSSECDNS securityDNS poisoningzone integrity - Question #269Malware Threats
Sid is a judge for a programming contest. Before the code reaches him it goes through a restricted OS and is tested there. If it passes, then it moves onto Sid. What is this middle...
sandboxingcode execution isolationmalware analysissecurity testing - Question #270Social Engineering
An IT employee got a call from one of our best customers. The caller wanted to know about the company's network infrastructure, systems, and team. New opportunities of integration...
social engineeringinformation disclosuresecurity policypretexting - Question #271Introduction to Ethical Hacking
A well-intentioned researcher discovers a vulnerability on the web site of a major corporation. What should he do?
responsible disclosurevulnerability reportingethical hackingsecurity ethics - Question #272Social Engineering
In both pharming and phishing attacks an attacker can create websites that look similar to legitimate sites with the intent of collecting personal identifiable information from its...
pharmingphishingDNS poisoninghost file modification - Question #273Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries.) More generally, it is about constructing and an...
SSL/TLSasymmetric encryptionpublic key infrastructurecryptographic protocols - Question #274Hacking Wireless Networks
Which of these is capable of searching for and locating rogue access points?
rogue access pointsWIPSwireless intrusion preventionwireless security - Question #275System Hacking
Which of the following is considered an exploit framework and has the ability to perform automated attacks on services, ports, applications and unpatched security flaws in a comput...
Metasploitexploit frameworkautomated attacksvulnerability exploitation - Question #276Cryptography
Sophia travels a lot and worries that her laptop containing confidential documents might be stolen. What is the best protection that will work for her?
full disk encryptiondata protectionlaptop securityencryption at rest - Question #277Scanning Networks
The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122, 192.168.1.123 and 192...
nmap subnettingCIDR notationsubnet masknetwork scanning range - Question #278System Hacking
Bob learned that his username and password for a popular game has been compromised. He contacts the company and resets all the information. The company suggests he use two-factor a...
two-factor authenticationmulti-factor authenticationbiometricsauthentication factors - Question #279System Hacking
Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error has taken place. Which of the following is most likely taking place?
Data Execution PreventionDEPbuffer overflownon-executable memory - Question #280SQL Injection
Attempting an injection attack on a web server based on responses to True/False questions is called which of the following?
blind SQL injectionboolean-based SQLiinference attackweb application attack - Question #281Evading IDS, Firewalls, and Honeypots
In order to have an anonymous Internet surf, which of the following is best choice?
Tor networkanonymitynetwork anonymizationprivacy tools - Question #282Evading IDS, Firewalls, and Honeypots
A penetration test was done at a company. After the test, a report was written and given to the company's IT authorities. A section from the report is shown below: - Access List sh...
stateful firewallDMZWAFVLAN security - Question #283Hacking Web Applications
Websites and web portals that provide web services commonly use the Simple Object Access Protocol SOAP. Which of the following is an incorrect definition or characteristics in the...
SOAPweb servicesXMLHTTP protocol - Question #284Sniffing
An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?
STP manipulationSPAN portL2 attacknetwork sniffing - Question #285Introduction to Ethical Hacking
A large mobile telephony and data network operator has a data that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center...
hardeningdefense in depthsecurity policyperimeter security - Question #286Introduction to Ethical Hacking
When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what it is meant by processing?
biometricsauthenticationprocessing speedaccess control - Question #287Introduction to Ethical Hacking
Due to a slow down of normal network operations, IT department decided to monitor internet traffic for all of the employees. From a legal stand point, what would be troublesome to...
employee monitoringprivacy lawethicslegal compliance - Question #288Social Engineering
In many states sending spam is illegal. Thus, the spammers have techniques to try and ensure that no one knows they sent the spam out to thousands of users at a time. Which of the...
mail relayingspamopen relayemail origin spoofing - Question #289Scanning Networks
You are an Ethical Hacker who is auditing the ABC company. When you verify the NOC one of the machines has 2 connections, one wired and the other wireless. When you verify the conf...
static routinggateway configurationnetwork routingdual-homed host - Question #290Scanning Networks
What is the correct process for the TCP three-way handshake connection establishment and connection termination?
TCP handshakeSYN-ACKconnection establishmentTCP/IP - Question #291Scanning Networks
Emil uses nmap to scan two hosts using this command. nmap -sS -T4 -O 192.168.99.1 192.168.99.7 He receives this output: Nmap scan report for 192.168.99.1 Host is up (0.00082s laten...
nmapSYN scanOS detectionport scanning - Question #292Scanning Networks
You're doing an internal security audit and you want to find out what ports are open on all the servers. What is the best way to find out?
nmapport scanningnetwork auditopen ports - Question #293Social Engineering
Jimmy is standing outside a secure entrance to a facility. He is pretending to have a tense conversation on his cell phone as an authorized employee badges in. Jimmy, while still o...
tailgatingphysical securitysocial engineeringunauthorized access - Question #294Cryptography
Which protocol is used for setting up secured channels between two devices, typically in VPNs?
IPSecVPNsecure channeltunneling protocol - Question #295System Hacking
In cryptanalysis and computer security, 'pass the hash' is a hacking technique that allows an attacker to authenticate to a remote server/service by using the underlying NTLM and/o...
pass the hashNTLMLM hashMetasploit psexec - Question #296Scanning Networks
Which of the following Nmap commands will produce the following output? Output: Nmap scan report for 192.168.1.1 Host is up (0.00042s latency). Not shown: 65530 open|filtered ports...
nmapUDP scanTCP/UDP combined scanall-port scanning - Question #297Evading IDS, Firewalls, and Honeypots
Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?
msfencodeAV evasionMetasploitpayload encoding - Question #298Scanning Networks
You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax?
hping2ICMP scanping sweepnetwork scanning - Question #299Hacking Wireless Networks
Which of the following is a passive wireless packet analyzer that works on Linux-based systems?
Kismetwireless analyzerpassive scanningpacket capture - Question #300Scanning Networks
The establishment of a TCP connection involves a negotiation called 3 way handshake. What type of message sends the client to the server in order to begin this negotiation?
TCP SYNthree-way handshakeconnection initiationTCP/IP