Most Up-to-date 312-50v9 Software 2021

NEW QUESTION 1
During a security audit of IT processes, an IS auditor found that there was no documented security procedures. What should the IS auditor do?

• A. Terminate the audit.


• B. Identify and evaluate existing practices.


• C. Create a procedures document


• D. Conduct compliance testing

Answer: B

NEW QUESTION 2
An attacker gains access to a Web server’s database and display the contents of the table that holds all of the names, passwords, and other user information. The attacker did this by entering information into the Web site's user login page that the software's designers did not expect to be entered. This is an example of what kind of software design problem?

• A. Insufficient security management


• B. Insufficient database hardening


• C. Insufficient exception handling


• D. Insufficient input validation

Answer: D

NEW QUESTION 3
The “Gray box testing” methodology enforces what kind of restriction?

• A. Only the external operation of a system is accessible to the tester.


• B. Only the internal operation of a system is known to the tester.


• C. The internal operation of a system is completely known to the tester.


• D. The internal operation of a system is only partly accessible to the tester.

Answer: D

NEW QUESTION 4
Which of the following isthe greatest threat posed by backups?

• A. An un-encrypted backup can be misplaced or stolen


• B. A back is incomplete because no verification was performed.


• C. A backup is the source of Malware or illicit information.


• D. A backup is unavailable duringdisaster recovery.

Answer: A

NEW QUESTION 5
Which tool allows analysis and pen testers to examine links between data using graphs and link analysis?

• A. Metasploit


• B. Maltego


• C. Wireshark


• D. Cain &Abel

Answer: B

NEW QUESTION 6
You are performing information gathering for an important penetration test. You have found pdf, doc, and images in your objective. You decide to extract metadata from these files and analyze it.
What tool will help you with the task?

• A. Armitage


• B. Dimitry


• C. cdpsnarf


• D. Metagoofil

Answer: D

NEW QUESTION 7
Which of the following is designed to indentify malicious attempts to penetrate systems?

• A. Proxy


• B. Router


• C. Firewall


• D. Intrusion Detection System

Answer: D

NEW QUESTION 8
Which of the following statements regarding ethical hacking is incorrect?

• A. Testing should be remotely performed offsite.


• B. Ethical hackers should never use tools that have potential of exploiting vulnerabilities in theorganizations IT system.


• C. Ethical hacking should not involve writing to or modifying the target systems.


• D. An organization should use ethical hackers who do not sell hardware/software or other consulting services.

Answer: B

NEW QUESTION 9
The phase will increase the odds of success in later phases of the penetration test. It is also the very first step in Information Gathering, and it will tell you what the“landscape” looks like.
What is the most important phase of ethical hacking in which you need to spend a considerable amount of time?

• A. Network Mapping


• B. Gaining access


• C. Footprinting


• D. Escalating privileges

Answer: C

NEW QUESTION 10
Which of the followingtypes of firewalls ensures that the packets are part of the established session?

• A. Switch-level firewall


• B. Stateful inspection firewall


• C. Application-level firewall


• D. Circuit-level firewall

Answer: B

NEW QUESTION 11
You’ve just been hired to perform a pentest on an organization that has been subjected to a large-scale attack. The CIO is concerned with mitigating threats and vulnerabilities to totally eliminate risk.
What is one of the first thing you should to when the job?

• A. Start the wireshark application to start sniffing network traffic.


• B. Establish attribution to suspected attackers.


• C. Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to acceptable levels.


• D. Interview all employees in the company to rule out possible insider threats.

Answer: C

NEW QUESTION 12
Which of the following statements is TRUE?

• A. Sniffers operation on Layer 3 of the OSI model


• B. Sniffers operation on Layer 2 of the OSI model


• C. Sniffers operation on the Layer 1 of the OSI model


• D. Sniffers operation on both Layer 2 & Layer 3 of the OSImodel

Answer: D

NEW QUESTION 13
Under the “Post-attach Phase and Activities,” it is the responsibility of the tester to restore the system to a pre-test state.
Which of the following activities should not be included in this phase? I.Removing all files uploaded on the system
II.Cleaning all registry entries III.Mapping of network state
IV.Removing all tools and maintaining backdoor for reporting

• A. III


• B. IV


• C. III and IV


• D. All should be included.

Answer: A

NEW QUESTION 14
An Intrusion Detection System(IDS) has alerted the network administrator to a possibly malicious sequence of packets went to a Web server in the network’s external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file.
What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

• A. Protocol analyzer


• B. Intrusion Prevention System (IPS)


• C. Vulnerability scanner


• D. Network sniffer

Answer: B

NEW QUESTION 15
What does a firewall check to prevent particularports and applications from getting packets into an organizations?

• A. Transport layer port numbers and application layer headers


• B. Network layer headers and the session layer port numbers


• C. Application layer port numbers and the transport layer headers


• D. Presentation layer headers and the session layer port numbers

Answer: A

NEW QUESTION 16
Perspective clients wantto see sample reports from previous penetration tests. What should you do next?

• A. Share full reports, not redacted.


• B. Share full reports, with redacted.


• C. Decline but, provide references.


• D. Share reports, after NDA is signed.

Answer: B

NEW QUESTION 17
The heartland bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2004-1060. Thisbug affects the OpenSSL implementation of the transport Layer security (TLS) protocols defined in RFC6520.
What types of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?

• A. Root


• B. Private


• C. Shared


• D. Public

Answer: A

NEW QUESTION 18
You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line.
Which command would you use?

• A. c:services.msc


• B. c:ncpa.cp


• C. c:compmgmt.msc


• D. c:gpedit

Answer: C

NEW QUESTION 19
You are tasked to perform a penetration test. While you are performinginformation gathering, you find ab employee list in Google. You find receptionist’s email, and you send her an email changing the source email to her boss’s email ( boss@company ). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected.
What testing method did you use?

• A. Piggybacking


• B. Tailgating


• C. Evesdropping


• D. Social engineering

Answer: D

NEW QUESTION 20
Using Windows CMD, how would an attacker list all the shares to which the current user context hasaccess?

• A. NET CONFIG


• B. NET USE


• C. NET FILE


• D. NET VIEW

Answer: D

NEW QUESTION 21
......