312-50V9 Practice Questions

Craig received a report of all the computers on the network that showed all the missing patches and weak passwords. What type of software generated this report?

What two conditions must a digital signature meet?

An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The a...

If executives are found liable for not properly protecting their company's assets and information systems, what type of law would apply in this situation?

What is the role of test automation in security testing?

The company ABC recently discovered that their new product was released by the opposition before their premiere. They contract an investigator who discovered that the maid threw aw...

The company ABC recently contracted a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and th...

A hacker has managed to gain access to a Linux host and stolen the password file from /etc/passwd. How can he use it?

Eve stole a file named secret.txt, transferred it to her computer and she just entered these commands: [eve@localhost ~]$ john secret.txt Loaded 2 password hashes with no different...

What is the way to decide how a packet will move from an untrusted outside host to a protected inside that is behind a firewall, which permits the hacker to determine which ports a...

Seth is starting a penetration test from inside the network. He hasn't been given any information about the network. What type of test is he conducting?

Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers?

An attacker tries to do banner grabbing on a remote web server and executes the following command. $ nmap -sV host.domain.com -p 80 He gets the following output. Nmap scan report f...

_________ is a set of extensions to DNS that provide to DNS clients (resolvers) origin authentication of DNS data to reduce the threat of DNS poisoning, spoofing, and similar attac...

Sid is a judge for a programming contest. Before the code reaches him it goes through a restricted OS and is tested there. If it passes, then it moves onto Sid. What is this middle...

An IT employee got a call from one of our best customers. The caller wanted to know about the company's network infrastructure, systems, and team. New opportunities of integration...

A well-intentioned researcher discovers a vulnerability on the web site of a major corporation. What should he do?

In both pharming and phishing attacks an attacker can create websites that look similar to legitimate sites with the intent of collecting personal identifiable information from its...

Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries.) More generally, it is about constructing and an...

Which of these is capable of searching for and locating rogue access points?

Which of the following is considered an exploit framework and has the ability to perform automated attacks on services, ports, applications and unpatched security flaws in a comput...

Sophia travels a lot and worries that her laptop containing confidential documents might be stolen. What is the best protection that will work for her?

The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122, 192.168.1.123 and 192...

Bob learned that his username and password for a popular game has been compromised. He contacts the company and resets all the information. The company suggests he use two-factor a...

Rebecca commonly sees an error on her Windows system that states that a Data Execution Prevention (DEP) error has taken place. Which of the following is most likely taking place?

Attempting an injection attack on a web server based on responses to True/False questions is called which of the following?

In order to have an anonymous Internet surf, which of the following is best choice?

A penetration test was done at a company. After the test, a report was written and given to the company's IT authorities. A section from the report is shown below: - Access List sh...

Websites and web portals that provide web services commonly use the Simple Object Access Protocol SOAP. Which of the following is an incorrect definition or characteristics in the...

An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?

A large mobile telephony and data network operator has a data that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center...

When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what it is meant by processing?

Due to a slow down of normal network operations, IT department decided to monitor internet traffic for all of the employees. From a legal stand point, what would be troublesome to...

In many states sending spam is illegal. Thus, the spammers have techniques to try and ensure that no one knows they sent the spam out to thousands of users at a time. Which of the...

You are an Ethical Hacker who is auditing the ABC company. When you verify the NOC one of the machines has 2 connections, one wired and the other wireless. When you verify the conf...

What is the correct process for the TCP three-way handshake connection establishment and connection termination?

Emil uses nmap to scan two hosts using this command. nmap -sS -T4 -O 192.168.99.1 192.168.99.7 He receives this output: Nmap scan report for 192.168.99.1 Host is up (0.00082s laten...

You're doing an internal security audit and you want to find out what ports are open on all the servers. What is the best way to find out?

Jimmy is standing outside a secure entrance to a facility. He is pretending to have a tense conversation on his cell phone as an authorized employee badges in. Jimmy, while still o...

Which protocol is used for setting up secured channels between two devices, typically in VPNs?

In cryptanalysis and computer security, 'pass the hash' is a hacking technique that allows an attacker to authenticate to a remote server/service by using the underlying NTLM and/o...

Which of the following Nmap commands will produce the following output? Output: Nmap scan report for 192.168.1.1 Host is up (0.00042s latency). Not shown: 65530 open|filtered ports...

Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

You want to do an ICMP scan on a remote computer using hping2. What is the proper syntax?

Which of the following is a passive wireless packet analyzer that works on Linux-based systems?

The establishment of a TCP connection involves a negotiation called 3 way handshake. What type of message sends the client to the server in order to begin this negotiation?

Internet Protocol Security IPSec is actually a suite of protocols. Each protocol within the suite provides different functionality. Collective IPSec does everything except.

Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?

An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the...

Look at the following output. What did the hacker accomplish? ; <<>> DiG 9.7.-P1 <<>> axfr domam.com @192.168.1.105 ;; global options: +cmd domain.com. 3600 IN SOA srv1.domain.com....