New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

312-50 Ethical Hacking and Countermeasures Questions and Answers

Questions 4

Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?

Options:

A.

CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.

B.

CSIRT provides a computer security surveillance service to supply a government with important intelligence information on individuals travelling abroad.

C.

CSIRT provides a penetration testing service to support exception reporting on incidents worldwide by individuals and multi-national corporations.

D.

CSIRT provides a vulnerability assessment service to assist law enforcement agencies with profiling an individual's property or company's asset.

Buy Now
Questions 5

An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?

Options:

A.

He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.

B.

He will activate OSPF on the spoofed root bridge.

C.

He will repeat the same attack against all L2 switches of the network.

D.

He will repeat this action so that it escalates to a DoS attack.

Buy Now
Questions 6

When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?

Options:

A.

At least once a year and after any significant upgrade or modification

B.

At least once every three years or after any significant upgrade or modification

C.

At least twice a year or after any significant upgrade or modification

D.

At least once every two years and after any significant upgrade or modification

Buy Now
Questions 7

The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?

Options:

A.

An extensible security framework named COBIT

B.

A list of flaws and how to fix them

C.

Web application patches

D.

A security certification for hardened web applications

Buy Now
Questions 8

The chance of a hard drive failure is known to be once every four years. The cost of a new hard drive is $500. EF (Exposure Factor) is about 0.5. Calculate for the Annualized Loss Expectancy (ALE).

Options:

A.

$62.5

B.

$250

C.

$125

D.

$65.2

Buy Now
Questions 9

You work as a Security Analyst for a retail organization. In securing the company's network, you set up a firewall and an IDS. However, hackers are able to attack the network. After investigating, you discover that your IDS is not configured properly and therefore is unable to trigger alarms when needed. What type of alert is the IDS giving?

Options:

A.

False Negative

B.

False Positive

C.

True Negative

D.

True Positive

Buy Now
Questions 10

Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process. Which of the following is the correct bit size of the Diffie-Hellman (DH) group 5?

Options:

A.

768 bit key

B.

1025 bit key

C.

1536 bit key

D.

2048 bit key

Buy Now
Questions 11

Which initial procedure should an ethical hacker perform after being brought into an organization?

Options:

A.

Begin security testing.

B.

Turn over deliverables.

C.

Sign a formal contract with non-disclosure.

D.

Assess what the organization is trying to protect.

Buy Now
Questions 12

A computer technician is using a new version of a word processing software package when it is discovered that a special sequence of characters causes the entire computer to crash. The technician researches the bug and discovers that no one else experienced the problem. What is the appropriate next step?

Options:

A.

Ignore the problem completely and let someone else deal with it.

B.

Create a document that will crash the computer when opened and send it to friends.

C.

Find an underground bulletin board and attempt to sell the bug to the highest bidder.

D.

Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.

Buy Now
Questions 13

E-mail scams and mail fraud are regulated by which of the following?

Options:

A.

18 U.S.C. par. 1030 Fraud and Related activity in connection with Computers

B.

18 U.S.C. par. 1029 Fraud and Related activity in connection with Access Devices

C.

18 U.S.C. par. 1362 Communication Lines, Stations, or Systems

D.

18 U.S.C. par. 2510 Wire and Electronic Communications Interception and Interception of Oral Communication

Buy Now
Questions 14

A developer for a company is tasked with creating a program that will allow customers to update their billing and shipping information. The billing address field used is limited to 50 characters. What pseudo code would the developer use to avoid a buffer overflow attack on the billing address field?

Options:

A.

if (billingAddress = 50) {update field} else exit

B.

if (billingAddress != 50) {update field} else exit

C.

if (billingAddress >= 50) {update field} else exit

D.

if (billingAddress <= 50) {update field} else exit

Buy Now
Questions 15

A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use?

Options:

A.

-sO

B.

-sP

C.

-sS

D.

-sU

Buy Now
Questions 16

Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?

Options:

A.

Truecrypt

B.

Sub7

C.

Nessus

D.

Clamwin

Buy Now
Questions 17

One advantage of an application-level firewall is the ability to

Options:

A.

filter packets at the network level.

B.

filter specific commands, such as http:post.

C.

retain state information for each packet.

D.

monitor tcp handshaking.

Buy Now
Questions 18

Which tool can be used to silently copy files from USB devices?

Options:

A.

USB Grabber

B.

USB Dumper

C.

USB Sniffer

D.

USB Snoopy

Buy Now
Questions 19

A company is using Windows Server 2003 for its Active Directory (AD). What is the most efficient way to crack the passwords for the AD users?

Options:

A.

Perform a dictionary attack.

B.

Perform a brute force attack.

C.

Perform an attack with a rainbow table.

D.

Perform a hybrid attack.

Buy Now
Questions 20

A security engineer is attempting to map a company’s internal network. The engineer enters in the following NMAP command:

NMAP –n –sS –P0 –p 80 ***.***.**.**

What type of scan is this?

Options:

A.

Quick scan

B.

Intense scan

C.

Stealth scan

D.

Comprehensive scan

Buy Now
Questions 21

The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASP's Top Ten Project Most Critical Web Application Security Risks?

Options:

A.

Injection

B.

Cross Site Scripting

C.

Cross Site Request Forgery

D.

Path disclosure

Buy Now
Questions 22

A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records?

Options:

A.

Locate type=ns

B.

Request type=ns

C.

Set type=ns

D.

Transfer type=ns

Buy Now
Questions 23

When security and confidentiality of data within the same LAN is of utmost priority, which IPSec mode should you implement?

Options:

A.

AH Tunnel mode

B.

AH promiscuous

C.

ESP transport mode

D.

ESP confidential

Buy Now
Questions 24

Bob received this text message on his mobile phone: ““Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: scottsmelby@yahoo.com””. Which statement below is true?

Options:

A.

This is probably a legitimate message as it comes from a respectable organization.

B.

Bob should write to scottsmelby@yahoo.com to verify the identity of Scott.

C.

This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.

D.

This is a scam because Bob does not know Scott.

Buy Now
Questions 25

Shellshock had the potential for an unauthorized user to gain access to a server. It affected many internet-facing services, which OS did it not directly affect?

Options:

A.

Windows

B.

Unix

C.

Linux

D.

OS X

Buy Now
Questions 26

What are two things that are possible when scanning UDP ports? (Choose two.)

Options:

A.

A reset will be returned

B.

An ICMP message will be returned

C.

The four-way handshake will not be completed

D.

An RFC 1294 message will be returned

E.

Nothing

Buy Now
Questions 27

Which tier in the N-tier application architecture is responsible for moving and processing data between the tiers?

Options:

A.

Application Layer

B.

Data tier

C.

Presentation tier

D.

Logic tier

Buy Now
Questions 28

Which method of password cracking takes the most time and effort?

Options:

A.

Brute force

B.

Rainbow tables

C.

Dictionary attack

D.

Shoulder surfing

Buy Now
Questions 29

What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or PowerShell (.ps1) script?

Options:

A.

User Access Control (UAC)

B.

Data Execution Prevention (DEP)

C.

Address Space Layout Randomization (ASLR)

D.

Windows firewall

Buy Now
Questions 30

Which of the following is a preventive control?

Options:

A.

Smart card authentication

B.

Security policy

C.

Audit trail

D.

Continuity of operations plan

Buy Now
Questions 31

Which of the following techniques will identify if computer files have been changed?

Options:

A.

Network sniffing

B.

Permission sets

C.

Integrity checking hashes

D.

Firewall alerts

Buy Now
Questions 32

A covert channel is a channel that

Options:

A.

transfers information over, within a computer system, or network that is outside of the security policy.

B.

transfers information over, within a computer system, or network that is within the security policy.

C.

transfers information via a communication path within a computer system, or network for transfer of data.

D.

transfers information over, within a computer system, or network that is encrypted.

Buy Now
Questions 33

Which results will be returned with the following Google search query?

site:target.com -site:Marketing.target.com accounting

Options:

A.

Results matching all words in the query

B.

Results matching “accounting” in domain target.com but not on the site Marketing.target.com

C.

Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting

D.

Results for matches on target.com and Marketing.target.com that include the word “accounting”

Buy Now
Questions 34

John the Ripper is a technical assessment tool used to test the weakness of which of the following?

Options:

A.

Usernames

B.

File permissions

C.

Firewall rulesets

D.

Passwords

Buy Now
Questions 35

A company has publicly hosted web applications and an internal Intranet protected by a firewall. Which technique will help protect against enumeration?

Options:

A.

Reject all invalid email received via SMTP.

B.

Allow full DNS zone transfers.

C.

Remove A records for internal hosts.

D.

Enable null session pipes.

Buy Now
Questions 36

Which of the following lists are valid data-gathering activities associated with a risk assessment?

Options:

A.

Threat identification, vulnerability identification, control analysis

B.

Threat identification, response identification, mitigation identification

C.

Attack profile, defense profile, loss profile

D.

System profile, vulnerability identification, security determination

Buy Now
Questions 37

What is one thing a tester can do to ensure that the software is trusted and is not changing or tampering with critical data on the back end of a system it is loaded on?

Options:

A.

Proper testing

B.

Secure coding principles

C.

Systems security and architecture review

D.

Analysis of interrupts within the software

Buy Now
Questions 38

A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching what times the bank employees come into work and leave from work, searching the bank's job postings (paying special attention to IT related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in?

Options:

A.

Information reporting

B.

Vulnerability assessment

C.

Active information gathering

D.

Passive information gathering

Buy Now
Questions 39

Which of the following is considered an acceptable option when managing a risk?

Options:

A.

Reject the risk.

B.

Deny the risk.

C.

Mitigate the risk.

D.

Initiate the risk.

Buy Now
Questions 40

A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer decides to start by using netcat to port 80.

The engineer receives this output:

Which of the following is an example of what the engineer performed?

Options:

A.

Cross-site scripting

B.

Banner grabbing

C.

SQL injection

D.

Whois database query

Buy Now
Questions 41

Which of the following is a component of a risk assessment?

Options:

A.

Physical security

B.

Administrative safeguards

C.

DMZ

D.

Logical interface

Buy Now
Questions 42

To send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?

Options:

A.

Recipient's private key

B.

Recipient's public key

C.

Master encryption key

D.

Sender's public key

Buy Now
Questions 43

An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker's next step be before starting work on this job?

Options:

A.

Start by foot printing the network and mapping out a plan of attack.

B.

Ask the employer for authorization to perform the work outside the company.

C.

Begin the reconnaissance phase with passive information gathering and then move into active information gathering.

D.

Use social engineering techniques on the friend's employees to help identify areas that may be susceptible to attack.

Buy Now
Questions 44

A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response?

Options:

A.

Say no; the friend is not the owner of the account.

B.

Say yes; the friend needs help to gather evidence.

C.

Say yes; do the job for free.

D.

Say no; make sure that the friend knows the risk she’s asking the CEH to take.

Buy Now
Questions 45

A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take?

Options:

A.

Threaten to publish the penetration test results if not paid.

B.

Follow proper legal procedures against the company to request payment.

C.

Tell other customers of the financial problems with payments from this company.

D.

Exploit some of the vulnerabilities found on the company webserver to deface it.

Buy Now
Questions 46

A consultant has been hired by the V.P. of a large financial organization to assess the company's security posture. During the security testing, the consultant comes across child pornography on the V.P.'s computer. What is the consultant's obligation to the financial organization?

Options:

A.

Say nothing and continue with the security testing.

B.

Stop work immediately and contact the authorities.

C.

Delete the pornography, say nothing, and continue security testing.

D.

Bring the discovery to the financial organization's human resource department.

Buy Now
Questions 47

Which of the following is a symmetric cryptographic standard?

Options:

A.

DSA

B.

PKI

C.

RSA

D.

3DES

Buy Now
Questions 48

During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability?

Options:

A.

The web application does not have the secure flag set.

B.

The session cookies do not have the HttpOnly flag set.

C.

The victim user should not have an endpoint security solution.

D.

The victim's browser must have ActiveX technology enabled.

Buy Now
Questions 49

Windows file servers commonly hold sensitive files, databases, passwords and more. Which of the following choices would be a common vulnerability that usually exposes them?

Options:

A.

Cross-site scripting

B.

SQL injection

C.

Missing patches

D.

CRLF injection

Buy Now
Questions 50

Which type of antenna is used in wireless communication?

Options:

A.

Omnidirectional

B.

Parabolic

C.

Uni-directional

D.

Bi-directional

Buy Now
Questions 51

Which of the following conditions must be given to allow a tester to exploit a Cross-Site Request Forgery (CSRF) vulnerable web application?

Options:

A.

The victim user must open the malicious link with an Internet Explorer prior to version 8.

B.

The session cookies generated by the application do not have the HttpOnly flag set.

C.

The victim user must open the malicious link with a Firefox prior to version 3.

D.

The web application should not use random tokens.

Buy Now
Questions 52

At a Windows Server command prompt, which command could be used to list the running services?

Options:

A.

Sc query type= running

B.

Sc query \\servername

C.

Sc query

D.

Sc config

Buy Now
Questions 53

How can telnet be used to fingerprint a web server?

Options:

A.

telnet webserverAddress 80

HEAD / HTTP/1.0

B.

telnet webserverAddress 80

PUT / HTTP/1.0

C.

telnet webserverAddress 80

HEAD / HTTP/2.0

D.

telnet webserverAddress 80

PUT / HTTP/2.0

Buy Now
Questions 54

When creating a security program, which approach would be used if senior management is supporting and enforcing the security policy?

Options:

A.

A bottom-up approach

B.

A top-down approach

C.

A senior creation approach

D.

An IT assurance approach

Buy Now
Questions 55

WPA2 uses AES for wireless data encryption at which of the following encryption levels?

Options:

A.

64 bit and CCMP

B.

128 bit and CRC

C.

128 bit and CCMP

D.

128 bit and TKIP

Buy Now
Questions 56

A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed like an electrician and waits in the lobby for an employee to pass through the main access gate, then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform?

Options:

A.

Man trap

B.

Tailgating

C.

Shoulder surfing

D.

Social engineering

Buy Now
Questions 57

A company has hired a security administrator to maintain and administer Linux and Windows-based systems. Written in the nightly report file is the following:

Firewall log files are at the expected value of 4 MB. The current time is 12am. Exactly two hours later the size has decreased considerably. Another hour goes by and the log files have shrunk in size again.

Which of the following actions should the security administrator take?

Options:

A.

Log the event as suspicious activity and report this behavior to the incident response team immediately.

B.

Log the event as suspicious activity, call a manager, and report this as soon as possible.

C.

Run an anti-virus scan because it is likely the system is infected by malware.

D.

Log the event as suspicious activity, continue to investigate, and act according to the site's security policy.

Buy Now
Questions 58

A security consultant decides to use multiple layers of anti-virus defense, such as end user desktop anti-virus and E-mail gateway. This approach can be used to mitigate which kind of attack?

Options:

A.

Forensic attack

B.

ARP spoofing attack

C.

Social engineering attack

D.

Scanning attack

Buy Now
Questions 59

How can a policy help improve an employee's security awareness?

Options:

A.

By implementing written security procedures, enabling employee security training, and promoting the benefits of security

B.

By using informal networks of communication, establishing secret passing procedures, and immediately terminating employees

C.

By sharing security secrets with employees, enabling employees to share secrets, and establishing a consultative help line

D.

By decreasing an employee's vacation time, addressing ad-hoc employment clauses, and ensuring that managers know employee strengths

Buy Now
Questions 60

A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?

Options:

A.

Paros Proxy

B.

BBProxy

C.

BBCrack

D.

Blooover

Buy Now
Questions 61

Which statement is TRUE regarding network firewalls preventing Web Application attacks?

Options:

A.

Network firewalls can prevent attacks because they can detect malicious HTTP traffic.

B.

Network firewalls cannot prevent attacks because ports 80 and 443 must be opened.

C.

Network firewalls can prevent attacks if they are properly configured.

D.

Network firewalls cannot prevent attacks because they are too complex to configure.

Buy Now
Questions 62

Which set of access control solutions implements two-factor authentication?

Options:

A.

USB token and PIN

B.

Fingerprint scanner and retina scanner

C.

Password and PIN

D.

Account and password

Buy Now
Questions 63

Fingerprinting VPN firewalls is possible with which of the following tools?

Options:

A.

Angry IP

B.

Nikto

C.

Ike-scan

D.

Arp-scan

Buy Now
Questions 64

An attacker has been successfully modifying the purchase price of items purchased on the company's web site. The security administrators verify the web server and Oracle database have not been compromised directly. They have also verified the Intrusion Detection System (IDS) logs and found no attacks that could have caused this. What is the mostly likely way the attacker has been able to modify the purchase price?

Options:

A.

By using SQL injection

B.

By changing hidden form values

C.

By using cross site scripting

D.

By utilizing a buffer overflow attack

Buy Now
Questions 65

For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using a digital signature, the message digest is encrypted with which key?

Options:

A.

Sender's public key

B.

Receiver's private key

C.

Receiver's public key

D.

Sender's private key

Buy Now
Questions 66

Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?

Options:

A.

Restore a random file.

B.

Perform a full restore.

C.

Read the first 512 bytes of the tape.

D.

Read the last 512 bytes of the tape.

Buy Now
Questions 67

Which of the following is an application that requires a host application for replication?

Options:

A.

Micro

B.

Worm

C.

Trojan

D.

Virus

Buy Now
Questions 68

Which of the following programs is usually targeted at Microsoft Office products?

Options:

A.

Polymorphic virus

B.

Multipart virus

C.

Macro virus

D.

Stealth virus

Buy Now
Questions 69

Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function?

Options:

A.

Fast processor to help with network traffic analysis

B.

They must be dual-homed

C.

Similar RAM requirements

D.

Fast network interface cards

Buy Now
Questions 70

Bluetooth uses which digital modulation technique to exchange information between paired devices?

Options:

A.

PSK (phase-shift keying)

B.

FSK (frequency-shift keying)

C.

ASK (amplitude-shift keying)

D.

QAM (quadrature amplitude modulation)

Buy Now
Questions 71

In order to show improvement of security over time, what must be developed?

Options:

A.

Reports

B.

Testing tools

C.

Metrics

D.

Taxonomy of vulnerabilities

Buy Now
Questions 72

Which of the following describes the characteristics of a Boot Sector Virus?

Options:

A.

Moves the MBR to another location on the RAM and copies itself to the original location of the MBR

B.

Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR

C.

Modifies directory table entries so that directory entries point to the virus code instead of the actual program

D.

Overwrites the original MBR and only executes the new virus code

Buy Now
Exam Code: 312-50
Exam Name: Ethical Hacking and Countermeasures
Last Update: Dec 26, 2024
Questions: 765
312-50 pdf

312-50 PDF

$25.5  $84.99
312-50 Engine

312-50 Testing Engine

$30  $99.99
312-50 PDF + Engine

312-50 PDF + Testing Engine

$40.5  $134.99