312-50 Ethical Hacking and Countermeasures Questions and Answers

Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?

An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?

When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?

The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?

The chance of a hard drive failure is known to be once every four years. The cost of a new hard drive is $500. EF (Exposure Factor) is about 0.5. Calculate for the Annualized Loss Expectancy (ALE).

You work as a Security Analyst for a retail organization. In securing the company's network, you set up a firewall and an IDS. However, hackers are able to attack the network. After investigating, you discover that your IDS is not configured properly and therefore is unable to trigger alarms when needed. What type of alert is the IDS giving?

Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process. Which of the following is the correct bit size of the Diffie-Hellman (DH) group 5?

Which initial procedure should an ethical hacker perform after being brought into an organization?

A computer technician is using a new version of a word processing software package when it is discovered that a special sequence of characters causes the entire computer to crash. The technician researches the bug and discovers that no one else experienced the problem. What is the appropriate next step?

E-mail scams and mail fraud are regulated by which of the following?

A developer for a company is tasked with creating a program that will allow customers to update their billing and shipping information. The billing address field used is limited to 50 characters. What pseudo code would the developer use to avoid a buffer overflow attack on the billing address field?

A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use?

Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?

One advantage of an application-level firewall is the ability to

Which tool can be used to silently copy files from USB devices?

A company is using Windows Server 2003 for its Active Directory (AD). What is the most efficient way to crack the passwords for the AD users?

A security engineer is attempting to map a company’s internal network. The engineer enters in the following NMAP command:

NMAP –n –sS –P0 –p 80 ***.***.**.**

What type of scan is this?

The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASP's Top Ten Project Most Critical Web Application Security Risks?

A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records?

When security and confidentiality of data within the same LAN is of utmost priority, which IPSec mode should you implement?

Bob received this text message on his mobile phone: ““Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: scottsmelby@yahoo.com””. Which statement below is true?

Shellshock had the potential for an unauthorized user to gain access to a server. It affected many internet-facing services, which OS did it not directly affect?

What are two things that are possible when scanning UDP ports? (Choose two.)

Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers?

Which method of password cracking takes the most time and effort?

What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or PowerShell (.ps1) script?

Which of the following is a preventive control?

Which of the following techniques will identify if computer files have been changed?

A covert channel is a channel that

Which results will be returned with the following Google search query?

site:target.com -site:Marketing.target.com accounting

John the Ripper is a technical assessment tool used to test the weakness of which of the following?

A company has publicly hosted web applications and an internal Intranet protected by a firewall. Which technique will help protect against enumeration?

Which of the following lists are valid data-gathering activities associated with a risk assessment?

What is one thing a tester can do to ensure that the software is trusted and is not changing or tampering with critical data on the back end of a system it is loaded on?

A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching what times the bank employees come into work and leave from work, searching the bank's job postings (paying special attention to IT related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in?

Which of the following is considered an acceptable option when managing a risk?

A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer decides to start by using netcat to port 80.

The engineer receives this output:

Which of the following is an example of what the engineer performed?

Which of the following is a component of a risk assessment?

To send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?

An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker's next step be before starting work on this job?

A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response?

A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take?

A consultant has been hired by the V.P. of a large financial organization to assess the company's security posture. During the security testing, the consultant comes across child pornography on the V.P.'s computer. What is the consultant's obligation to the financial organization?

Which of the following is a symmetric cryptographic standard?

During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability?

Windows file servers commonly hold sensitive files, databases, passwords and more. Which of the following choices would be a common vulnerability that usually exposes them?

Which type of antenna is used in wireless communication?

Which of the following conditions must be given to allow a tester to exploit a Cross-Site Request Forgery (CSRF) vulnerable web application?

At a Windows Server command prompt, which command could be used to list the running services?

How can telnet be used to fingerprint a web server?

When creating a security program, which approach would be used if senior management is supporting and enforcing the security policy?

WPA2 uses AES for wireless data encryption at which of the following encryption levels?

A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed like an electrician and waits in the lobby for an employee to pass through the main access gate, then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform?

A company has hired a security administrator to maintain and administer Linux and Windows-based systems. Written in the nightly report file is the following:

Firewall log files are at the expected value of 4 MB. The current time is 12am. Exactly two hours later the size has decreased considerably. Another hour goes by and the log files have shrunk in size again.

Which of the following actions should the security administrator take?

A security consultant decides to use multiple layers of anti-virus defense, such as end user desktop anti-virus and E-mail gateway. This approach can be used to mitigate which kind of attack?

How can a policy help improve an employee's security awareness?

A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?

Which statement is TRUE regarding network firewalls preventing Web Application attacks?

Which set of access control solutions implements two-factor authentication?

Fingerprinting VPN firewalls is possible with which of the following tools?

An attacker has been successfully modifying the purchase price of items purchased on the company's web site. The security administrators verify the web server and Oracle database have not been compromised directly. They have also verified the Intrusion Detection System (IDS) logs and found no attacks that could have caused this. What is the mostly likely way the attacker has been able to modify the purchase price?

For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using a digital signature, the message digest is encrypted with which key?

Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?

Which of the following is an application that requires a host application for replication?

Which of the following programs is usually targeted at Microsoft Office products?

Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?

Bluetooth uses which digital modulation technique to exchange information between paired devices?

In order to show improvement of security over time, what must be developed?

Which of the following describes the characteristics of a Boot Sector Virus?