312-50 Exam Dumps | A security analyst in an insurance company is assigned to test a new web application that will be used

Valid 312-50 Dumps shared by ExamDiscuss.com for Helping Passing 312-50 Exam! ExamDiscuss.com now offer the newest 312-50 exam dumps, the ExamDiscuss.com 312-50 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com 312-50 dumps with Test Engine here:

Access 312-50 Dumps Premium Version
(570 Q&As Dumps, 35%OFF Special Discount Code: freecram)

<< Prev Question Next Question >>

Question 110/480

A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application's search form and introduces the following code in the search input field:
IMG SRC=vbscript:msgbox("Vulnerable");> originalAttribute="SRC" originalPath="vbscript:msgbox ("Vulnerable");>"
When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable".
Which web applications vulnerability did the analyst discover?

A. Cross-site scripting

B. Command injection

C. SQL injection

D. Cross-site request forgery

Question List (480q): Question 1: You want to analyze packets on your wireless network. Which ...; Question 2: A company has publicly hosted web applications and an intern...; Question 3: Which of the following is an NMAP script that could help det...; Question 4: Which of the following is a component of a risk assessment?...; Question 5: It is a regulation that has a set of guidelines, which shoul...; Question 6: How can rainbow tables be defeated?...; Question 7: Which of the following identifies the three modes in which S...; Question 8: The following is a sample of output from a penetration teste...; Question 9: Which of the following algorithms provides better protection...; Question 10: Todd has been asked by the security officer to purchase a co...; Question 11: Jimmy is standing outside a secure entrance to a facility. H...; Question 12: A newly discovered flaw in a software application would be c...; Question 13: How does the Address Resolution Protocol (ARP) work?...; 1 commentQuestion 14: The precaution of prohibiting employees from bringing person...; Question 15: Which of the following BEST describes how Address Resolution...; Question 16: Which access control mechanism allows for multiple systems t...; Question 17: The purpose of a __________ is to deny network access to loc...; Question 18: Employees in a company are no longer able to access Internet...; Question 19: In the OSI model, where does PPTP encryption take place?...; Question 20: Eve stole a file named secret.txt, transferred it to her com...; Question 21: A common cryptographical tool is the use of XOR. XOR the fol...; Question 22: A hacker is attempting to use nslookup to query Domain Name ...; Question 23: A company recently hired your team of Ethical Hackers to tes...; Question 24: Which of the following programming languages is most vulnera...; Question 25: Bluetooth uses which digital modulation technique to exchang...; Question 26: Which of the following is a passive wireless packet analyzer...; Question 27: Which system consists of a publicly available set of databas...; Question 28: Which of the following is a primary service of the U.S. Comp...; Question 29: Which of the following cryptography attack methods is usuall...; Question 30: Security and privacy of/on information systems are two entit...; Question 31: When security and confidentiality of data within the same LA...; Question 32: Which of the following describes the characteristics of a Bo...; Question 33: Which of the following items is unique to the N-tier archite...; Question 34: You are a Network Security Officer. You have two machines. T...; Question 35: Which of the following is designed to verify and authenticat...; Question 36: You have compromised a server and successfully gained a root...; Question 37: Which of the following is the BEST way to protect Personally...; Question 38: A network security administrator is worried about potential ...; Question 39: A technician is resolving an issue where a computer is unabl...; Question 40: Which element of Public Key Infrastructure (PKI) verifies th...; Question 41: While testing the company's web applications, a tester attem...; Question 42: You're doing an internal security audit and you want to find...; Question 43: A hacker is attempting to see which IP addresses are current...; Question 44: How do employers protect assets with security policies perta...; Question 45: In the software security development life cycle process, thr...; Question 46: A certified ethical hacker (CEH) is approached by a friend w...; Question 47: What statement is true regarding LM hashes?...; Question 48: What is the correct PCAP filter to capture all TCP traffic g...; Question 49: During a recent security assessment, you discover the organi...; Question 50: Which of the following is a command line packet analyzer sim...; Question 51: Which of the following is an advantage of utilizing security...; Question 52: An attacker attaches a rogue router in a network. He wants t...; Question 53: If there is an Intrusion Detection System (IDS) in intranet,...; Question 54: While conducting a penetration test, the tester determines t...; Question 55: SOAP services use which technology to format information?...; Question 56: Which of the following is an application that requires a hos...; Question 57: Which solution can be used to emulate computer services, suc...; Question 58: It is a kind of malware (malicious software) that criminals ...; Question 59: Which type of security document is written with specific ste...; Question 60: Which of the following is one of the most effective ways to ...; Question 61: _________ is a set of extensions to DNS that provide to DNS ...; Question 62: What is the main advantage that a network-based IDS/IPS syst...; Question 63: Which of the following is considered the best way to protect...; Question 64: A bank stores and processes sensitive privacy information re...; Question 65: Rebecca commonly sees an error on her Windows system that st...; Question 66: A hacker searches in Google for filetype:pcf to find Cisco V...; 1 commentQuestion 67: An Intrusion Detection System (IDS) has alerted the network ...; Question 68: Which of the following is considered an acceptable option wh...; Question 69: Which tool is used to automate SQL injections and exploit a ...; Question 70: Bob learned that his username and password for a popular gam...; Question 71: To determine if a software program properly handles a wide r...; Question 72: An NMAP scan of a server shows port 69 is open. What risk co...; Question 73: Sophia travels a lot and worries that her laptop containing ...; Question 74: What is the benefit of performing an unannounced Penetration...; Question 75: In order to have an anonymous Internet surf, which of the fo...; Question 76: Which type of access control is used on a router or firewall...; Question 77: A security engineer has been asked to deploy a secure remote...; Question 78: A software tester is randomly generating invalid inputs in a...; Question 79: Cryptography is the practice and study of techniques for sec...; Question 80: A large company intends to use Blackberry for corporate mobi...; Question 81: Which of the following parameters describe LM Hash (see exhi...; Question 82: A security policy will be more accepted by employees if it i...; Question 83: Company A and Company B have just merged and each has its ow...; Question 84: What is the role of test automation in security testing?...; Question 85: Which of the following items of a computer system will an an...; Question 86: When purchasing a biometric system, one of the consideration...; Question 87: It has been reported to you that someone has caused an infor...; Question 88: What is a "Collision attack" in cryptography?...; Question 89: WPA2 uses AES for wireless data encryption at which of the f...; Question 90: In order to prevent particular ports and applications from g...; Question 91: The establishment of a TCP connection involves a negotiation...; Question 92: If you are to determine the attack surface of an organizatio...; Question 93: In 2007, this wireless security algorithm was rendered usele...; Question 94: Which vital role does the U.S. Computer Security Incident Re...; Question 95: Which of the following is considered an exploit framework an...; Question 96: Which of the statements concerning proxy firewalls is correc...; Question 97: At a Windows Server command prompt, which command could be u...; Question 98: Which of the following techniques will identify if computer ...; Question 99: An organization hires a tester to do a wireless penetration ...; Question 100: Which of the following levels of algorithms does Public Key ...; Question 101: A developer for a company is tasked with creating a program ...; Question 102: A tester has been using the msadc.pl attack script to execut...; Question 103: Which of the following processes evaluates the adherence of ...; Question 104: The chance of a hard drive failure is once every three years...; Question 105: What is the main difference between a "Normal" SQL Injection...; Question 106: How is sniffing broadly categorized?...; Question 107: A covert channel is a channel that...; Question 108: Which of the following types of firewall inspects only heade...; Question 109: Which of the following is a wireless network detector that i...; Question 110: A security analyst in an insurance company is assigned to te...; Question 111: Which technical characteristic do Ethereal/Wireshark, TCPDum...; Question 112: While performing online banking using a Web browser, a user ...; Question 113: A network administrator received an administrative alert at ...; Question 114: Which of the following is the BEST approach to prevent Cross...; Question 115: You have successfully compromised a machine on the network a...; Question 116: Which of the following is a component of a risk assessment?...; Question 117: An NMAP scan of a server shows port 25 is open. What risk co...; Question 118: Smart cards use which protocol to transfer the certificate i...; Question 119: One of the Forbes 500 companies has been subjected to a larg...; Question 120: A company's security policy states that all Web browsers mus...; Question 121: Which of the following network attacks relies on sending an ...; Question 122: What technique is used to perform a Connection Stream Parame...; Question 123: One way to defeat a multi-level security solution is to leak...; Question 124: What does a firewall check to prevent particular ports and a...; Question 125: When you are testing a web application, it is very useful to...; Question 126: A Network Administrator was recently promoted to Chief Secur...; Question 127: You have compromised a server on a network and successfully ...; Question 128: Craig received a report of all the computers on the network ...; Question 129: . .......is an attack type for a rogue Wi-Fi access point th...; Question 130: Which of the following is a form of penetration testing that...; Question 131: XOR is a common cryptographic tool. 10110001 XOR 00111010 is...; Question 132: A Security Engineer at a medium-sized accounting firm has be...; Question 133: Which type of intrusion detection system can monitor and ale...; Question 134: What is correct about digital signatures?...; Question 135: John the Ripper is a technical assessment tool used to test ...; Question 136: Which of the following is optimized for confidential communi...; Question 137: Which of the following describes a component of Public Key I...; Question 138: A new wireless client is configured to join a 802.11 network...; Question 139: A company has five different subnets: 192.168.1.0, 192.168.2...; Question 140: The company ABC recently contracted a new accountant. The ac...; Question 141: While doing a technical assessment to determine network vuln...; Question 142: Least privilege is a security concept that requires that a u...; Question 143: An attacker with access to the inside network of a small com...; Question 144: In IPv6 what is the major difference concerning application ...; Question 145: Which command lets a tester enumerate alive systems in a cla...; Question 146: Websites and web portals that provide web services commonly ...; Question 147: Which of the following tools is used to detect wireless LANs...; Question 148: What is the main reason the use of a stored biometric is vul...; Question 149: To maintain compliance with regulatory requirements, a secur...; Question 150: When comparing the testing methodologies of Open Web Applica...; Question 151: An attacker has installed a RAT on a host. The attacker want...; Question 152: A pentester is using Metasploit to exploit an FTP server and...; Question 153: What is a successful method for protecting a router from pot...; Question 154: An attacker is trying to redirect the traffic of a small off...; Question 155: What would you type on the Windows command line in order to ...; Question 156: The security concept of "separation of duties" is most simil...; Question 157: When setting up a wireless network, an administrator enters ...; Question 158: A network administrator discovers several unknown files in t...; Question 159: How can a policy help improve an employee's security awarene...; 1 commentQuestion 160: Which of the following is an example of an asymmetric encryp...; Question 161: In cryptanalysis and computer security, 'pass the hash' is a...; Question 162: Some passwords are stored using specialized encryption algor...; Question 163: What is the most secure way to mitigate the theft of corpora...; Question 164: How can a rootkit bypass Windows 7 operating system's kernel...; Question 165: Scenario: 1. Victim opens the attacker's web site. 2. Attack...; Question 166: During a wireless penetration test, a tester detects an acce...; Question 167: Which of the following programs is usually targeted at Micro...; Question 168: The network administrator for a company is setting up a webs...; Question 169: Which of the following areas is considered a strength of sym...; 1 commentQuestion 170: Sid is a judge for a programming contest. Before the code re...; Question 171: The Heartbleed bug was discovered in 2014 and is widely refe...; Question 172: Which of the following business challenges could be solved b...; Question 173: An Internet Service Provider (ISP) has a need to authenticat...; Question 174: Internet Protocol Security IPSec is actually a suite of prot...; Question 175: Your team has won a contract to infiltrate an organization. ...; Question 176: During a blackbox pen test you attempt to pass IRC traffic o...; Question 177: When does the Payment Card Industry Data Security Standard (...; Question 178: A penetration tester is conducting a port scan on a specific...; Question 179: A penetration test was done at a company. After the test, a ...; Question 180: What is the main disadvantage of the scripting languages as ...; Question 181: Look at the following output. What did the hacker accomplish...; Question 182: Which cipher encrypts the plain text digit (bit or byte) one...; Question 183: Pentest results indicate that voice over IP traffic is trave...; Question 184: From the two screenshots below, which of the following is oc...; Question 185: Which of the following descriptions is true about a static N...; Question 186: As an Ethical Hacker you are capturing traffic from your cus...; Question 187: In which phase of the ethical hacking process can Google hac...; Question 188: A regional bank hires your company to perform a security ass...; Question 189: You work as a Security Analyst for a retail organization. In...; Question 190: Which initial procedure should an ethical hacker perform aft...; Question 191: A security analyst is performing an audit on the network to ...; Question 192: After trying multiple exploits, you've gained root access to...; Question 193: Which of the following examples best represents a logical or...; Question 194: Knowing the nature of backup tapes, which of the following i...; Question 195: A hacker is attempting to see which ports have been left ope...; Question 196: Which of the following tools can be used for passive OS fing...; 1 commentQuestion 197: A circuit level gateway works at which of the following laye...; Question 198: Which of the following is a low-tech way of gaining unauthor...; Question 199: A hacker was able to easily gain access to a website. He was...; Question 200: A hacker was able to sniff packets on a company's wireless n...; Question 201: During a penetration test, a tester finds a target that is r...; Question 202: This asymmetry cipher is based on factoring the product of t...; Question 203: Which of the following tools performs comprehensive tests ag...; Question 204: Your next door neighbor, that you do not get along with, is ...; Question 205: Which of the following can take an arbitrary length of input...; Question 206: Which of these is capable of searching for and locating rogu...; Question 207: While checking the settings on the internet browser, a techn...; Question 208: What is the best description of SQL Injection?...; Question 209: It is a widely used standard for message logging. It permits...; Question 210: Due to a slow down of normal network operations, IT departme...; Question 211: For messages sent through an insecure channel, a properly im...; Question 212: A medium-sized healthcare IT business decides to implement a...; Question 213: When creating a security program, which approach would be us...; Question 214: An attacker has been successfully modifying the purchase pri...; Question 215: Seth is starting a penetration test from inside the network....; Question 216: What is the correct process for the TCP three-way handshake ...; Question 217: Which tool would be used to collect wireless packet data?...; Question 218: Which of the following will perform an Xmas scan using NMAP?...; Question 219: Which of the following BEST describes the mechanism of a Boo...; Question 220: What is the way to decide how a packet will move from an unt...; Question 221: A computer technician is using a new version of a word proce...; Question 222: This phase will increase the odds of success in later phases...; Question 223: Which of the following is a serious vulnerability in the pop...; Question 224: Which of the following tools would be the best choice for ac...; Question 225: When you are collecting information to perform a data analys...; Question 226: Jimmy is standing outside a secure entrance to a facility. H...; Question 227: A security consultant is trying to bid on a large contract t...; Question 228: In both pharming and phishing attacks an attacker can create...; Question 229: Which NMAP command combination would let a tester scan every...; Question 230: An ethical hacker for a large security research firm perform...; Question 231: Which of the following settings enables Nessus to detect whe...; Question 232: It is a short-range wireless communication technology that a...; Question 233: Which of the following defines the role of a root Certificat...; Question 234: Which results will be returned with the following Google sea...; Question 235: Which mode of IPSec should you use to assure security and co...; Question 236: Which security strategy requires using several, varying meth...; Question 237: Which Intrusion Detection System is best applicable for larg...; Question 238: What is the best defense against privilege escalation vulner...; Question 239: When you return to your desk after a lunch break, you notice...; Question 240: Which type of scan is used on the eye to measure the layer o...; Question 241: Which of these options is the most secure procedure for stor...; Question 242: You are using NMAP to resolve domain names into IP addresses...; Question 243: This tool is an 802.11 WEP and WPA-PSK keys cracking program...; Question 244: Which of the following ensures that updates to policies, pro...; Question 245: This configuration allows NIC to pass all traffic it receive...; Question 246: A hacker has successfully infected an internet-facing server...; Question 247: If a tester is attempting to ping a target that exists but r...; Question 248: The following is part of a log file taken from the machine o...; Question 249: What network security concept requires multiple layers of se...; Question 250: An attacker gains access to a Web server's database and disp...; Question 251: Which type of cryptography does SSL, IKE and PGP belongs to?...; Question 252: Which of the following is a characteristic of Public Key Inf...; Question 253: An enterprise recently moved to a new office and the new nei...; Question 254: Which specific element of security testing is being assured ...; Question 255: The use of technologies like IPSec can help guarantee the fo...; Question 256: You've just gained root access to a Centos 6 server after da...; Question 257: A Certificate Authority (CA) generates a key pair that will ...; Question 258: Which of the following is a restriction being enforced in "w...; Question 259: Which of the following is a design pattern based on distinct...; Question 260: The configuration allows a wired or wireless network interfa...; Question 261: Attempting an injection attack on a web server based on resp...; Question 262: Which of the following is used to indicate a single-line com...; Question 263: To send a PGP encrypted message, which piece of information ...; Question 264: As a Certified Ethical Hacker, you were contracted by a priv...; Question 265: An incident investigator asks to receive a copy of the event...; Question 266: The "gray box testing" methodology enforces what kind of res...; Question 267: A big company, who wanted to test their security infrastruct...; Question 268: What information should an IT system analysis provide to the...; Question 269: Which of the following is the least-likely physical characte...; Question 270: What term describes the amount of risk that remains after th...; Question 271: This international organization regulates billions of transa...; Question 272: Your company was hired by a small healthcare provider to per...; Question 273: Jack was attempting to fingerprint all machines in the netwo...; Question 274: Which of the following is an example of IP spoofing?...; Question 275: Defining rules, collaborating human workforce, creating a ba...; Question 276: Which property ensures that a hash function will not produce...; Question 277: TCP/IP stack fingerprinting is the passive collection of con...; Question 278: In order to show improvement of security over time, what mus...; Question 279: You are about to be hired by a well known Bank to perform pe...; Question 280: The use of alert thresholding in an IDS can reduce the volum...; Question 281: Which of the following tools is used by pen testers and anal...; Question 282: Which of the following security policies defines the use of ...; Question 283: Which of the following scanning tools is specifically design...; Question 284: What type of OS fingerprinting technique sends specially cra...; Question 285: A new wireless client that is 802.11 compliant cannot connec...; Question 286: Jesse receives an email with an attachment labeled "Court_No...; Question 287: Which of the following is a detective control?...; Question 288: Which of the following incident handling process phases is r...; Question 289: A tester has been hired to do a web application security tes...; Question 290: Which of the following problems can be solved by using Wires...; Question 291: An IT employee got a call from one of our best customers. Th...; Question 292: What are the three types of compliance that the Open Source ...; Question 293: What is the name of the international standard that establis...; Question 294: Port scanning can be used as part of a technical assessment ...; Question 295: Which regulation defines security and privacy controls for F...; Question 296: If the final set of security controls does not eliminate all...; Question 297: Which of the following is a common Service Oriented Architec...; Question 298: A large mobile telephony and data network operator has a dat...; Question 299: A company's Web development team has become aware of a certa...; Question 300: You are logged in as a local admin on a Windows 7 system and...; Question 301: A computer science student needs to fill some information in...; Question 302: A consultant has been hired by the V.P. of a large financial...; Question 303: What is the process of logging, recording, and resolving eve...; Question 304: You want to do an ICMP scan on a remote computer using hping...; Question 305: While performing online banking using a Web browser, Kyle re...; Question 306: Which of the following can the administrator do to verify th...; Question 307: Session splicing is an IDS evasion technique in which an att...; Question 308: #!/usr/bin/python import socket buffer=["A"] counter=50 whil...; Question 309: Fingerprinting VPN firewalls is possible with which of the f...; Question 310: Which of the following is a client-server tool utilized to e...; Question 311: By using a smart card and pin, you are using a two-factor au...; Question 312: A well-intentioned researcher discovers a vulnerability on t...; Question 313: While you were gathering information as part of security ass...; 1 commentQuestion 314: There are several ways to gain insight on how a cryptosystem...; Question 315: Which of the following tools will scan a network to perform ...; Question 316: What kind of risk will remain even if all theoretically poss...; Question 317: You have several plain-text firewall logs that you must revi...; Question 318: The "white box testing" methodology enforces what kind of re...; Question 319: What results will the following command yield: 'NMAP -sS -O ...; Question 320: Which of the following statements regarding ethical hacking ...; Question 321: A recent security audit revealed that there were indeed seve...; Question 322: First thing you do every office day is to check your email i...; Question 323: A company is using Windows Server 2003 for its Active Direct...; Question 324: A penetration tester is conducting a port scan on a specific...; Question 325: Which of the following is the structure designed to verify a...; Question 326: Which tool can be used to silently copy files from USB devic...; Question 327: Which security control role does encryption meet?...; Question 328: Which United States legislation mandates that the Chief Exec...; Question 329: An attacker uses a communication channel within an operating...; Question 330: The following are types of Bluetooth attack EXCEPT_____?...; Question 331: When you are getting information about a web server, it is v...; Question 332: A penetration tester is attempting to scan an internal corpo...; Question 333: A security engineer is attempting to map a company's interna...; Question 334: What two conditions must a digital signature meet?...; Question 335: Which of the following Nmap commands will produce the follow...; Question 336: Which Metasploit Framework tool can help penetration tester ...; Question 337: Which of the following techniques does a vulnerability scann...; Question 338: During a security audit of IT processes, an IS auditor found...; Question 339: Which type of scan measures a person's external features thr...; Question 340: Risks = Threats x Vulnerabilities is referred to as the:...; Question 341: Which of the following is the most important phase of ethica...; Question 342: Which of the following types of firewalls ensures that the p...; Question 343: Advanced encryption standard is an algorithm used for which ...; Question 344: Which of the following is assured by the use of a hash?...; Question 345: After gaining access to the password hashes used to protect ...; Question 346: Which of the following conditions must be given to allow a t...; Question 347: When utilizing technical assessment methods to assess the se...; Question 348: While using your bank's online servicing you notice the foll...; Question 349: Which of the following is an extremely common IDS evasion te...; Question 350: You are the Systems Administrator for a large corporate orga...; Question 351: Which tier in the N-tier application architecture is respons...; Question 352: A company has hired a security administrator to maintain and...; Question 353: You have successfully gained access to a linux server and wo...; Question 354: ICMP ping and ping sweeps are used to check for active syste...; Question 355: Which of the following is a hardware requirement that either...; Question 356: During a penetration test, the tester conducts an ACK scan u...; Question 357: You've just been hired to perform a pen test on an organizat...; Question 358: Which of the following tools is used to analyze the files pr...; Question 359: Which of the following programming languages is most suscept...; Question 360: You are an Ethical Hacker who is auditing the ABC company. W...; Question 361: What is the best Nmap command to use when you want to list a...; Question 362: Which of the following viruses tries to hide from anti-virus...; Question 363: You have successfully gained access to your client's interna...; Question 364: Which of the following network attacks takes advantage of we...; Question 365: Which of the following is the successor of SSL?...; Question 366: A pentester gains access to a Windows application server and...; Question 367: Which of the following open source tools would be the best c...; Question 368: PGP, SSL, and IKE are all examples of which type of cryptogr...; Question 369: Which set of access control solutions implements two-factor ...; Question 370: The intrusion detection system at a software development com...; Question 371: What is the approximate cost of replacement and recovery ope...; Question 372: Which of the following statements is TRUE?...; Question 373: It is a short-range wireless communication technology intend...; Question 374: Which of the following resources does NMAP need to be used a...; Question 375: Which of the following is designed to identify malicious att...; Question 376: Which protocol is used for setting up secured channels betwe...; Question 377: Which tool allows analysts and pen testers to examine links ...; Question 378: A security consultant decides to use multiple layers of anti...; Question 379: What type of malware is it that restricts access to a comput...; Question 380: An attacker has captured a target file that is encrypted wit...; Question 381: Diffie-Hellman (DH) groups determine the strength of the key...; Question 382: Which of the following is a vulnerability in GNU's bash shel...; Question 383: The Open Web Application Security Project (OWASP) testing me...; Question 384: Backing up data is a security must. However, it also have ce...; Question 385: Which of the following is a preventive control?...; Question 386: What tool should you use when you need to analyze extracted ...; Question 387: The company ABC recently discovered that their new product w...; Question 388: A hacker, who posed as a heating and air conditioning specia...; Question 389: Which NMAP feature can a tester implement or adjust while sc...; Question 390: An IT security engineer notices that the company's web serve...; Question 391: Which of the following processes of PKI (Public Key Infrastr...; Question 392: Which of the following parameters enables NMAP's operating s...; Question 393: Using Windows CMD, how would an attacker list all the shares...; Question 394: While performing data validation of web content, a security ...; Question 395: The practical realities facing organizations today make risk...; Question 396: When analyzing the IDS logs, the system administrator notice...; Question 397: Supposed you are the Chief Network Engineer of a certain Tel...; Question 398: You've just discovered a server that is currently active wit...; Question 399: What is the outcome of the comm"nc -l -p 2222 | nc 10.1.0.43...; Question 400: Ricardo wants to send secret messages to a competitor compan...; Question 401: Low humidity in a data center can cause which of the followi...; Question 402: What is one thing a tester can do to ensure that the softwar...; Question 403: Passive reconnaissance involves collecting information throu...; Question 404: Which of the following tools would MOST LIKELY be used to pe...; Question 405: The security administrator of ABC needs to permit Internet t...; Question 406: In many states sending spam is illegal. Thus, the spammers h...; Question 407: Which statement is TRUE regarding network firewalls preventi...; Question 408: You are performing information gathering for an important pe...; Question 409: A botnet can be managed through which of the following?...; Question 410: What are the three types of authentication?...; Question 411: Nation-state threat actors often discover vulnerabilities an...; Question 412: Which of the following does proper basic configuration of sn...; Question 413: A hacker has managed to gain access to a Linux host and stol...; Question 414: Which method of password cracking takes the most time and ef...; Question 415: Which of the following is a strong post designed to stop a c...; Question 416: LM hash is a compromised password hashing function. Which of...; Question 417: You just set up a security system in your network. In what k...; Question 418: A possibly malicious sequence of packets that were sent to a...; Question 419: Which command line switch would be used in NMAP to perform o...; Question 420: A penetration tester was hired to perform a penetration test...; Question 421: Which among the following is a Windows command that a hacker...; Question 422: You have successfully comprised a server having an IP addres...; Question 423: What is not a PCI compliance recommendation?...; Question 424: During a penetration test, a tester finds that the web appli...; Question 425: What is the primary drawback to using advanced encryption st...; Question 426: What is the term coined for logging, recording and resolving...; Question 427: The fundamental difference between symmetric and asymmetric ...; Question 428: One advantage of an application-level firewall is the abilit...; Question 429: An attacker changes the profile information of a particular ...; Question 430: Emil uses nmap to scan two hosts using this command. nmap -s...; Question 431: Firewalk has just completed the second phase (the scanning p...; Question 432: A company firewall engineer has configured a new DMZ to allo...; Question 433: What tool and process are you going to use in order to remai...; Question 434: What mechanism in Windows prevents a user from accidentally ...; Question 435: What is the difference between the AES and RSA algorithms?...; Question 436: It is a vulnerability in GNU's bash shell, discovered in Sep...; Question 437: env x=`(){ :;};echo exploit` bash -c 'cat /etc/passwd' What ...; Question 438: How does an operating system protect the passwords used for ...; Question 439: Which of the following is an example of two factor authentic...; Question 440: A consultant is hired to do physical penetration testing at ...; Question 441: Which Open Web Application Security Project (OWASP) implemen...; Question 442: Windows file servers commonly hold sensitive files, database...; Question 443: > NMAP -sn 192.168.11.200-215 The NMAP command above perf...; Question 444: Which method can provide a better return on IT security inve...; Question 445: A security administrator notices that the log file of the co...; 1 commentQuestion 446: Shellshock had the potential for an unauthorized user to gai...; Question 447: A penetration tester is hired to do a risk assessment of a c...; Question 448: You've gained physical access to a Windows 2008 R2 server wh...; Question 449: International Organization for Standardization (ISO) standar...; Question 450: A certified ethical hacker (CEH) completed a penetration tes...; Question 451: What is the most common method to exploit the "Bash Bug" or ...; Question 452: The network administrator contacts you and tells you that sh...; Question 453: The "black box testing" methodology enforces which kind of r...; Question 454: An attacker tries to do banner grabbing on a remote web serv...; Question 455: An engineer is learning to write exploits in C++ and is usin...; Question 456: The Open Web Application Security Project (OWASP) is the wor...; Question 457: It is an entity or event with the potential to adversely imp...; Question 458: What attack is used to crack passwords by using a precompute...; Question 459: When an alert rule is matched in a network-based IDS like sn...; Question 460: Bob received this text message on his mobile phone: ""Hello,...; Question 461: Which statement best describes a server type under an N-tier...; Question 462: Which protocol and port number might be needed in order to s...; Question 463: Initiating an attack against targeted businesses and organiz...; Question 464: Which service in a PKI will vouch for the identity of an ind...; Question 465: To reduce the attack surface of a system, administrators sho...; Question 466: In an internal security audit, the white hat hacker gains co...; 2 commentQuestion 467: The chance of a hard drive failure is known to be once every...; Question 468: If executives are found liable for not properly protecting t...; Question 469: When using Wireshark to acquire packet capture on a network,...; Question 470: Which of the following is the BEST way to defend against net...; Question 471: Perspective clients want to see sample reports from previous...; Question 472: An attacker sniffs encrypted traffic from the network and is...; Question 473: Which type of antenna is used in wireless communication?...; Question 474: On a Linux device, which of the following commands will star...; Question 475: Which of the following guidelines or standards is associated...; Question 476: Your company performs penetration tests and security assessm...; Question 477: Suppose you've gained access to your client's hybrid network...; Question 478: Under the "Post-attack Phase and Activities", it is the resp...; Question 479: A person approaches a network administrator and wants advice...; Question 480: A server has been infected by a certain type of Trojan. The ...

Question 110/480

LEAVE A REPLY

Download PDF File