312-50V9 Exam Questions
613 real 312-50V9 exam questions with expert-verified answers and explanations. Page 7 of 13.
- Question #301Cryptography
Internet Protocol Security IPSec is actually a suite of protocols. Each protocol within the suite provides different functionality. Collective IPSec does everything except.
IPSecnetwork protocolsOSI layersencryption - Question #302System Hacking
Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?
OTPcounter-based authenticationMFAtoken authentication - Question #303Sniffing
An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the...
rogue routerman-in-the-middlerouting protocolsnetwork security - Question #304Footprinting and Reconnaissance
Look at the following output. What did the hacker accomplish? ; <<>> DiG 9.7.-P1 <<>> axfr domam.com @192.168.1.105 ;; global options: +cmd domain.com. 3600 IN SOA srv1.domain.com....
DNS zone transferAXFRDNS enumerationDiG - Question #305Introduction to Ethical Hacking
What network security concept requires multiple layers of security controls to be placed throughout an IT infrastructure, which improves the security posture of an organization to...
defense in depthlayered securitysecurity controlsIT infrastructure - Question #306Hacking Web Applications
Scenario: 1. Victim opens the attacker's web site. 2. Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make $1000 in a day?'. 3. V...
clickjackingiframeUI redressingweb attack - Question #307Scanning Networks
If there is an Intrusion Detection System (IDS) in intranet, which port scanning technique cannot be used?
IDS evasionport scanningTCP connect scanintrusion detection - Question #308Cryptography
What is correct about digital signatures?
digital signatureshash functiondocument integrityPKI - Question #309Introduction to Ethical Hacking
What is not a PCI compliance recommendation?
PCI DSScompliancecardholder datasecurity policy - Question #310Evading IDS, Firewalls, and Honeypots
Which Intrusion Detection System is best applicable for large environments where critical assets on the network need extra security and is ideal for observing sensitive network seg...
NIDSintrusion detectionnetwork monitoringIDS placement - Question #311Scanning Networks
An attacker is using nmap to do a ping sweep and a port scanning in a subnet of 254 addresses. In which order should he perform these steps?
ping sweepport scanningnmaphost discovery - Question #312System Hacking
What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or PowerShell (.ps1) script?
DEPscript executionWindows securitymalicious scripts - Question #313Cryptography
Which of the following areas is considered a strength of symmetric key cryptography when compared with asymmetric algorithms?
symmetric encryptioncryptography performanceAESkey management - Question #314System Hacking
By using a smart card and pin, you are using a two-factor authentication that satisfies
two-factor authenticationsmart cardPINauthentication factors - Question #315Cryptography
What is the difference between the AES and RSA algorithms?
AESRSAsymmetric vs asymmetricencryption algorithms - Question #316System Hacking
Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in-bounds checking mechanism? Code: #include <string.h> int...
buffer overflowC++bounds checkingmemory safety - Question #317Scanning Networks
The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the host 10.0.0.3. Also he needs to permit all FTP traffic to the rest of...
ACLrouter configurationimplicit denyaccess control list - Question #318Social Engineering
Bob received this text message on his mobile phone: ""Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: [email protected]"". Which...
phishingsmishingsocial engineeringimpersonation - Question #319System Hacking
In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information. How ca...
privilege escalationaccess controlinternal auditaccount compromise - Question #320Scanning Networks
Which of the following will perform an Xmas scan using NMAP?
nmapXmas scanport scanning flagsTCP scan types - Question #321Sniffing
As an Ethical Hacker you are capturing traffic from your customer network with Wireshark and you need to find and verify just SMTP traffic. What command in Wireshark will help you...
WiresharkSMTPpacket filteringport 25 - Question #322Cryptography
Which service in a PKI will vouch for the identity of an individual or company?
PKICertificate Authoritydigital certificatesidentity verification - Question #323Introduction to Ethical Hacking
In IPv6 what is the major difference concerning application layer vulnerabilities compared to IPv4?
IPv6application layerdual-stacknetwork security - Question #324Footprinting and Reconnaissance
In which phase of the ethical hacking process can Google hacking be employed? This is a technique that involves manipulating a search string with specific operators to search for v...
Google hackingreconnaissanceOSINTsearch operators - Question #325Introduction to Ethical Hacking
Which type of security feature stops vehicles from crashing through the doors of a building?
physical securitybollardsperimeter securityvehicle barriers - Question #326Hacking Wireless Networks
........is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communic...
Evil Twinrogue access pointwireless eavesdroppingphishing - Question #327Introduction to Ethical Hacking
Which access control mechanism allows for multiple systems to use a central authentication server (CAS) that permits users to authenticate once and gain access to multiple systems?
Single Sign-OnCASauthenticationaccess control - Question #328System Hacking
What attack is used to crack passwords by using a precomputed table of hashed passwords?
rainbow tablepassword crackingprecomputed hasheshash attack - Question #329Introduction to Ethical Hacking
Your next door neighbor, that you do not get along with, is having issues with their network, so he yells to his spouse the network's SSID and password and you hear them both clear...
security ethicsunauthorized accessresponsible disclosureprofessional conduct - Question #330Vulnerability Analysis
Shellshock had the potential for an unauthorized user to gain access to a server. It affected many internet- facing services, which OS did it not directly affect?
Shellshockbash vulnerabilityOS securityCVE - Question #331Hacking Wireless Networks
You want to analyze packets on your wireless network. Which program would you use?
WiresharkAirpcapwireless packet capturenetwork sniffing - Question #332Introduction to Ethical Hacking
It has been reported to you that someone has caused an information spillage on their computer. You go to the computer, disconnect it from the network, remove the keyboard and mouse...
incident handlingcontainmentincident responseinformation security - Question #333System Hacking
What is the code written for? #!/usr/bin/python import socket buffer=["A"] counter=50 while len(buffer)<=100: buffer.apend ("A"*counter) counter=counter+50 commands=["HELP","STATS....
buffer overflowfuzzingPython exploitsocket programming - Question #334Introduction to Ethical Hacking
An enterprise recently moved to a new office and the new neighborhood is a little risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours. What is th...
physical securityCCTVperimeter monitoringsurveillance - Question #335Cryptography
Which of the following is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal condi...
HeartbleedOpenSSLSSL/TLScryptographic vulnerability - Question #336Cryptography
There are several ways to gain insight on how a cryptosystem works with the goal of reverse engineering the process. A term describes when two pieces of data result in the same val...
hash collisionhash functioncryptographycollision attack - Question #337Introduction to Ethical Hacking
Which of the following security policies defines the use of VPN for gaining access to an internal corporate network?
VPNremote access policysecurity policynetwork access - Question #338Introduction to Ethical Hacking
One of the Forbes 500 companies has been subjected to a large scale attack. You are one of the shortlisted pen testers that they may hire. During the interview with the CIO, he emp...
risk managementpenetration testingethicsrisk reduction - Question #339Scanning Networks
Which of the following is an NMAP script that could help detect HTTP Methods such as GET, POST, HEAD, PUT, DELETE, TRACE?
NMAPNSE scriptsHTTP methodsweb scanning - Question #340Footprinting and Reconnaissance
Which of the following is the most important phase of ethical hacking wherein you need to spend considerable amount of time?
footprintingreconnaissanceethical hacking phasesinformation gathering - Question #341Hacking Wireless Networks
It is a short-range wireless communication technology that allows mobile phones, computers and other devices to connect and communicate. This technology intends to replace cables c...
Bluetoothshort-range wirelesswireless protocolsdevice pairing - Question #342Malware Threats
Matthew received an email with an attachment named "YouWon$10Grand.zip." The zip file contains a file named "HowToClaimYourPrize.docx.exe." Out of excitement and curiosity, Matthew...
TrojanC2 communicationmalware persistenceAPPDATA directory - Question #343Enumeration
Which among the following is a Windows command that a hacker can use to list all the shares to which the current user context has access?
NET USEWindows commandsnetwork sharesSMB enumeration - Question #344Introduction to Ethical Hacking
What is the approximate cost of replacement and recovery operation per year of a hard drive that has a value of $300 given that the technician who charges $10/hr would need 10 hour...
ALESLEAROquantitative risk assessment - Question #345Introduction to Ethical Hacking
Knowing the nature of backup tapes, which of the following is the MOST RECOMMENDED way of storing backup tapes?
backup storageoffsite backupdisaster recoverydata protection - Question #346Vulnerability Analysis
Which of the following tools would MOST LIKELY be used to perform security audit on various of forms of network systems?
vulnerability scannersecurity auditnetwork assessmentpenetration testing tools - Question #347Introduction to Ethical Hacking
Security and privacy of/on information systems are two entities that requires lawful regulations. Which of the following regulations defines security and privacy controls for Feder...
NIST SP 800-53security controlsfederal complianceinformation security regulations - Question #348Introduction to Ethical Hacking
A big company, who wanted to test their security infrastructure, wants to hire elite pen testers like you. During the interview, they asked you to show sample reports from previous...
penetration testing ethicsclient confidentialityprofessional conductreport handling - Question #349Introduction to Ethical Hacking
You are about to be hired by a well known Bank to perform penetration tests. Which of the following documents describes the specifics of the testing, the associated violations, and...
terms of engagementpenetration testinglegal documentationscope definition - Question #350Introduction to Ethical Hacking
The practical realities facing organizations today make risk response strategies essential. Which of the following is NOT one of the five basic responses to risk?
risk responserisk managementrisk treatmentsecurity policy