312-50V9 Exam Questions
613 real 312-50V9 exam questions with expert-verified answers and explanations. Page 8 of 13.
- Question #351Footprinting and Reconnaissance
A company recently hired your team of Ethical Hackers to test the security of their network systems. The company wants to have the attack be as realistic as possible. They did not...
black box testingreconnaissancepenetration testing phasesinformation gathering - Question #352Scanning Networks
TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. Which of the following tools...
OS fingerprintingpassive reconnaissancetcpdumpTCP/IP stack fingerprinting - Question #353Introduction to Ethical Hacking
The chance of a hard drive failure is known to be once every four years. The cost of a new hard drive is $500. EF (Exposure Factor) is about 0.5. Calculate for the Annualized Loss...
ALESLEAROrisk quantification - Question #354Introduction to Ethical Hacking
Backing up data is a security must. However, it also have certain level of risks when mishandled. Which of the following is the greatest threat posed by backups?
backup securityunencrypted backupsdata theftdata protection - Question #355Introduction to Ethical Hacking
What kind of risk will remain even if all theoretically possible safety measures would be applied?
residual riskrisk managementsecurity controlsrisk assessment - Question #356Evading IDS, Firewalls, and Honeypots
While doing a Black box pen test via the TCP port (80), you noticed that the traffic gets blocked when you tried to pass IRC traffic from a web enabled host. However, you also noti...
stateful firewalltraffic inspectionfirewall typesTCP state tracking - Question #357Scanning Networks
It is a widely used standard for message logging. It permits separation of the software that generates messages, the system that stores them, and the software that reports and anal...
syslogevent loggingnetwork protocolslog management - Question #358Scanning Networks
While doing a technical assessment to determine network vulnerabilities, you used the TCP XMAS scan. What would be the response of all open ports?
TCP XMAS scanport scanningTCP flagsopen port behavior - Question #359Footprinting and Reconnaissance
Which of the following tools is used by pen testers and analysts specifically to analyze links between data using link analysis and graphs?
Maltegolink analysisOSINTreconnaissance tools - Question #360Introduction to Ethical Hacking
If you are to determine the attack surface of an organization, which of the following is the BEST thing to do?
attack surfacenetwork scanningDMZsecurity assessment - Question #361Scanning Networks
What is the best Nmap command to use when you want to list all devices in the same network quickly after you successfully identified a server whose IP address is 10.10.0.5?
Nmapfast scannetwork discoverysubnet scanning - Question #362Scanning Networks
You've just discovered a server that is currently active within the same network with the machine you recently compromised. You ping it but it did not respond. What could be the ca...
ICMPpingfirewall rulesnetwork troubleshooting - Question #363Footprinting and Reconnaissance
What tool should you use when you need to analyze extracted metadata from files you collected when you were in the initial stage of penetration test (information gathering)?
Metagoofilmetadata extractionOSINT toolsinformation gathering - Question #364Introduction to Ethical Hacking
Which of the following is NOT an ideal choice for biometric controls?
biometricsphysical securityauthentication factorsaccess control - Question #365Introduction to Ethical Hacking
While you were gathering information as part of security assessments for one of your clients, you were able to gather data that show your client is involved with fraudulent activit...
ethical conductlegal obligationspenetration testing ethicsincident response - Question #366Evading IDS, Firewalls, and Honeypots
In order to prevent particular ports and applications from getting packets into an organization, what does a firewall check?
firewallpacket filteringtransport layerapplication layer headers - Question #367Enumeration
Suppose you've gained access to your client's hybrid network. On which port should you listen to in order to know which Microsoft Windows workstations has its file sharing enabled?
SMBport 445file sharingWindows enumeration - Question #368Malware Threats
Which of the following BEST describes the mechanism of a Boot Sector Virus?
boot sector virusMBRmalware mechanismsvirus types - Question #369Introduction to Ethical Hacking
What is the term coined for logging, recording and resolving events in a company?
incident managementsecurity policyevent loggingCSIRT - Question #370Cryptography
XOR is a common cryptographic tool. 10110001 XOR 00111010 is?
XOR operationbinary arithmeticsymmetric encryptioncryptographic primitives - Question #371Malware Threats
A server has been infected by a certain type of Trojan. The hacker intended to utilize it to send and host junk mails. What type of Trojan did the hacker use?
botnet Trojanspam relayTrojan typesmalware classification - Question #372Social Engineering
First thing you do every office day is to check your email inbox. One morning, you received an email from your best friend and the subject line is quite strange. What should you do...
phishing emailsecurity awarenessincident responsesocial engineering defense - Question #373System Hacking
LM hash is a compromised password hashing function. Which of the following parameters describe LM Hash:?
LM hashpassword hashingWindows authenticationhash weaknesses - Question #374Introduction to Ethical Hacking
Defining rules, collaborating human workforce, creating a backup plan, and testing the plans are within what phase of the Incident Handling Process?
incident handlingpreparation phaseIR lifecyclesecurity planning - Question #375Sniffing
Which of the following BEST describes how Address Resolution Protocol (ARP) works?
ARPMAC address resolutionbroadcast requestLayer 2 protocol - Question #376Social Engineering
Which of the following is a form of penetration testing that relies heavily on human interaction and often involves tricking people into breaking normal security procedures?
social engineeringhuman manipulationsecurity awarenesspenetration testing - Question #377Evading IDS, Firewalls, and Honeypots
What tool and process are you going to use in order to remain undetected by an IDS while pivoting and passing traffic over a server you've compromised and gained root access to?
Cryptcattraffic encryptionIDS evasionpivoting - Question #378System Hacking
You've just gained root access to a Centos 6 server after days of trying. What tool should you use to maintain access?
persistencemaintaining accesspost-exploitationuser account creation - Question #379Malware Threats
What type of malware is it that restricts access to a computer system that it infects and demands that the user pay a certain amount of money, cryptocurrency, etc. to the operators...
ransomwaremalware typescryptocurrency extortionaccess restriction - Question #380Hacking Mobile Platforms
The following are types of Bluetooth attack EXCEPT_____?
Bluetooth attacksBluejackingBluesnarfingwireless attack types - Question #381Hacking Web Applications
Which of the following is the BEST approach to prevent Cross-site Scripting (XSS) flaws?
XSS preventioninput validationoutput encodingweb security - Question #382Sniffing
A possibly malicious sequence of packets that were sent to a web server has been captured by an Intrusion Detection System (IDS) and was saved to a PCAP file. As a network administ...
PCAP analysisprotocol analyzerIDSpacket capture - Question #383Cryptography
Which of the following is the BEST way to protect Personally Identifiable Information (PII) from being exploited due to vulnerabilities of varying web applications?
PII protectionencrypted communicationsdata in transitweb application security - Question #384Hacking Wireless Networks
A new wireless client that is 802.11 compliant cannot connect to a wireless network given that the client can see the network and it has compatible hardware and software installed....
MAC address filtering802.11WAP associationwireless access control - Question #385Sniffing
This configuration allows NIC to pass all traffic it receives to the Central Processing Unit (CPU), instead of passing only the frames that the controller is intended to receive. S...
promiscuous modeNICpacket sniffingnetwork interface - Question #386Cryptography
Which of the following is designed to verify and authenticate individuals taking part in a data exchange within an enterprise?
PKIauthenticationdigital certificatesenterprise identity - Question #387Vulnerability Analysis
A software tester is randomly generating invalid inputs in an attempt to crash the program. Which of the following is a software testing technique used to determine if a software p...
fuzzingsoftware testinginvalid inputvulnerability testing - Question #388System Hacking
What would you type on the Windows command line in order to launch the Computer Management Console provided that you are logged in as an admin?
Windows commandscompmgmt.mscsystem consoleadmin tools - Question #389Hacking Wireless Networks
Which of the following is a wireless network detector that is commonly found on Linux?
Kismetwireless detectionLinux toolsnetwork discovery - Question #390Cryptography
Which specific element of security testing is being assured by using hash?
hashingdata integritycryptographic hashsecurity properties - Question #391Introduction to Ethical Hacking
Which of the following is a restriction being enforced in "white box testing?"
white box testingpenetration testingsecurity methodologytesting types - Question #392Vulnerability Analysis
Which of the following is a vulnerability in GNU's bash shell (discovered in September of 2014) that gives attackers access to run remote commands on a vulnerable system?
Shellshockbash vulnerabilityremote code executionCVE-2014-6271 - Question #393Cryptography
When security and confidentiality of data within the same LAN is of utmost priority, which IPSec mode should you implement?
IPSecESP transport modedata confidentialityLAN security - Question #394Scanning Networks
Jack was attempting to fingerprint all machines in the network using the following Nmap syntax: invictus@victim_server:~$ nmap -T4 -0 10.10.0.0/24 TCP/IP fingerprinting (for OS sca...
NmapOS fingerprintingroot privilegesnetwork scanning - Question #395Hacking Web Applications
While performing online banking using a Web browser, Kyle receives an email that contains an image of a well-crafted art. Upon clicking the image, a new tab on the web browser open...
CSRFcross-site request forgerysession exploitationweb browser security - Question #396Hacking Web Applications
A hacker was able to easily gain access to a website. He was able to log in via the frontend user login form of the website using default or commonly used credentials. This exploit...
default credentialsauthentication bypassdatabase hardeningweb login security - Question #397Introduction to Ethical Hacking
Supposed you are the Chief Network Engineer of a certain Telco. Your company is planning for a big business expansion and it requires that your network authenticate users connectin...
RADIUSAAA protocolnetwork authenticationVPN security - Question #398Cryptography
Which type of cryptography does SSL, IKE and PGP belongs to?
public key cryptographySSLPGPIKE - Question #399Evading IDS, Firewalls, and Honeypots
A recent security audit revealed that there were indeed several occasions that the company's network was breached. After investigating, you discover that your IDS is not configured...
false negativeIDS alert typesintrusion detectionIDS configuration - Question #400Evading IDS, Firewalls, and Honeypots
Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?
dual-homedIDS hardware requirementsproxy servernetwork security appliance