312-50V9 Practice Questions

Which statement is TRUE regarding network firewalls preventing Web Application attacks?

Which of the following programs is usually targeted at Microsoft Office products?

Bluetooth uses which digital modulation technique to exchange information between paired devices?

In order to show improvement of security over time, what must be developed?

Passive reconnaissance involves collecting information through which of the following?

How can rainbow tables be defeated?

The following is a sample of output from a penetration tester's machine targeting a machine with the IP address of 192.168.1.106: What is most likely taking place?

Which statement best describes a server type under an N-tier architecture?

If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this sec...

A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other mach...

Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/ IP specifications?

Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network's IDS?

When comparing the testing methodologies of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) the main difference is

Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?

What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?

Which of the following algorithms provides better protection against brute force attacks by using a 160-bit message digest?

Which cipher encrypts the plain text digit (bit or byte) one by one?

Which of the following types of firewall inspects only header information in network traffic?

During a penetration test, the tester conducts an ACK scan using NMAP against the external interface of the DMZ firewall. NMAP reports that port 80 is unfiltered. Based on this res...

Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results? TCP p...

Which of the following is an example of an asymmetric encryption implementation?

A hacker was able to sniff packets on a company's wireless network. The following information was discovered: The Key 10110010 01001011 The Cyphertext 01100101 01011010 Using the E...

Which of the following cryptography attack methods is usually performed without the use of a computer?

Which of the following is a strong post designed to stop a car?

A Network Administrator was recently promoted to Chief Security Officer at a local university. One of employee's new responsibilities is to manage the implementation of an RFID car...

What is the most secure way to mitigate the theft of corporate information from a laptop that was left in a hotel room?

Which system consists of a publicly available set of databases that contain domain name registration contact information?

A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, r...

The following is part of a log file taken from the machine on the network with the IP address of 192.168.1.106: Time:Mar 13 17:30:15 Port:20 Source:192.168.1.103 Destination:192.16...

A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer...

An NMAP scan of a server shows port 69 is open. What risk could this pose?

What information should an IT system analysis provide to the risk assessor?

Which results will be returned with the following Google search query? site:target.com -site:Marketing.target.com accounting

A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should...

Which of the following is a preventive control?

A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the ne...

An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network's external DMZ. The packet...

An attacker gains access to a Web server's database and displays the contents of the table that holds all of the names, passwords, and other user information. The attacker did this...

Which of the following is a protocol specifically designed for transporting event messages?

Which of the following security operations is used for determining the attack surface of an organization?

The security concept of "separation of duties" is most similar to the operation of which type of security device?

The "black box testing" methodology enforces which kind of restriction?

The "gray box testing" methodology enforces what kind of restriction?

The "white box testing" methodology enforces what kind of restriction?

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version install...

What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response?

Which of the following lists are valid data-gathering activities associated with a risk assessment?

A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior...

Which of the following is a detective control?

Which of the following is a component of a risk assessment?