Braindump2go 312-50v9 Dumps,312-50v9 Exam Questions,312-50v9 PDF Dumps,312-50v9 VCE Dumps,EC-Council [July-2017-New]Braindump2go 312-50v9 Exam Dumps(PDF and VCE) 589Q Free Offer[51-60]

[July-2017-New]Braindump2go 312-50v9 Exam Dumps(PDF and VCE) 589Q Free Offer[51-60]

2017 July New 312-50v9 Exam Dumps with PDF and VCE Free Updated in www.Braindump2go.com Today!

1.|2017 New 312-50v9 Exam Dumps (VCE & PDF) 589Q&As Download:
https://www.braindump2go.com/312-50v9.html

2.|2017 New 312-50v9 Exam Questions & Answers Download:
https://drive.google.com/drive/folders/0B75b5xYLjSSNWml5eng1ZVh6aHM?usp=sharing

QUESTION 51
Which of the following techniques does a vulnerability scanner use in order to detect a vulnerability on a target service?

A.    Port scanning
B.    Banner grabbing
C.    Injecting arbitrary data
D.    Analyzing service response

Answer: D

QUESTION 52
Which of the following business challenges could be solved by using a vulnerability scanner?

A.    Auditors want to discover if all systems are following a standard naming convention.
B.    A web server was compromised and management needs to know if any further systems were compromised.
C.    There is an emergency need to remove administrator access from multiple machines for an employee that quit.
D.    There is a monthly requirement to test corporate compliance with host application usage and security policies.

Answer: D

QUESTION 53
A security policy will be more accepted by employees if it is consistent and has the support of

A.    coworkers.
B.    executive management.
C.    the security officer.
D.    a supervisor.

Answer: B

QUESTION 54
A company has hired a security administrator to maintain and administer Linux and Windows-based systems. Written in the nightly report file is the following:
– Firewall log files are at the expected value of 4 MB.
– The current time is 12am. Exactly two hours later the size has decreased considerably.
– Another hour goes by and the log files have shrunk in size again.
Which of the following actions should the security administrator take?

A.    Log the event as suspicious activity and report this behavior to the incident response team immediately.
B.    Log the event as suspicious activity, call a manager, and report this as soon as possible.
C.    Run an anti-virus scan because it is likely the system is infected by malware.
D.    Log the event as suspicious activity, continue to investigate, and act according to the site’s security policy.

Answer: D
Explanation:

QUESTION 55
Which type of scan measures a person’s external features through a digital video camera?

A.    Iris scan
B.    Retinal scan
C.    Facial recognition scan
D.    Signature kinetics scan

Answer: C

QUESTION 56
WPA2 uses AES for wireless data encryption at which of the following encryption levels?

A.    64 bit and CCMP
B.    128 bit and CRC
C.    128 bit and CCMP
D.    128 bit and TKIP

Answer: C

QUESTION 57
An attacker uses a communication channel within an operating system that is neither designed nor intended to transfer information. What is the name of the communications channel?

A.    Classified
B.    Overt
C.    Encrypted
D.    Covert

Answer: D

QUESTION 58
What technique is used to perform a Connection Stream Parameter Pollution (CSPP) attack?

A.    Injecting parameters into a connection string using semicolons as a separator
B.    Inserting malicious Javascript code into input parameters
C.    Setting a user’s session identifier (SID) to an explicit known value
D.    Adding multiple parameters with the same name in HTTP requests

Answer: A

QUESTION 59
A newly discovered flaw in a software application would be considered which kind of security vulnerability?

A.    Input validation flaw
B.    HTTP header injection vulnerability
C.    0-day vulnerability
D.    Time-to-check to time-to-use flaw

Answer: C

QUESTION 60
During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability?

A.    The web application does not have the secure flag set.
B.    The session cookies do not have the HttpOnly flag set.
C.    The victim user should not have an endpoint security solution.
D.    The victim’s browser must have ActiveX technology enabled.

Answer: B

QUESTION 61
The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities?

A.    An attacker, working slowly enough, can evade detection by the IDS.
B.    Network packets are dropped if the volume exceeds the threshold.
C.    Thresholding interferes with the IDS’ ability to reassemble fragmented packets.
D.    The IDS will not distinguish among packets originating from different sources.

Answer: A

QUESTION 62
What is the main advantage that a network-based IDS/IPS system has over a host-based solution?

A.    They do not use host system resources.
B.    They are placed at the boundary, allowing them to inspect all traffic.
C.    They are easier to install and configure.
D.    They will not interfere with user interfaces.

Answer: A

QUESTION 63
The network administrator for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronically over the Internet. Customers visiting the site will need to encrypt the data with HTTPS. Which type of certificate is used to encrypt and decrypt the data?

A.    Asymmetric
B.    Confidential
C.    Symmetric
D.    Non-confidential

Answer: A

QUESTION 64
When an alert rule is matched in a network-based IDS like snort, the IDS does which of the following?

A.    Drops the packet and moves on to the next one
B.    Continues to evaluate the packet until all rules are checked
C.    Stops checking rules, sends an alert, and lets the packet continue
D.    Blocks the connection with the source IP address in the packet

Answer: B

QUESTION 65
Which type of intrusion detection system can monitor and alert on attacks, but cannot stop them?

A.    Detective
B.    Passive
C.    Intuitive
D.    Reactive

Answer: B

QUESTION 66
An organization hires a tester to do a wireless penetration test. Previous reports indicate that the last test did not contain management or control packets in the submitted traces. Which of the following is the most likely reason for lack of management or control packets?

A.    The wireless card was not turned on.
B.    The wrong network card drivers were in use by Wireshark.
C.    On Linux and Mac OS X, only 802.11 headers are received in promiscuous mode.
D.    Certain operating systems and adapters do not collect the management or control packets.

Answer: D

QUESTION 67
From the two screenshots below, which of the following is occurring?
First one:
1 [10.0.0.253]# nmap -sP 10.0.0.0/24
3 Starting Nmap
5 Host 10.0.0.1 appears to be up.
6 MAC Address: 00:09:5B:29:FD:96 (Netgear)
7 Host 10.0.0.2 appears to be up.
8 MAC Address: 00:0F:B5:96:38:5D (Netgear)
9 Host 10.0.0.4 appears to be up.
10 Host 10.0.0.5 appears to be up.
11 MAC Address: 00:14:2A:B1:1E:2E (Elitegroup Computer System Co.)
12 Nmap finished: 256 IP addresses (4 hosts up) scanned in 5.399 seconds
Second one:
1 [10.0.0.252]# nmap -sO 10.0.0.2
3 Starting Nmap 4.01 at 2006-07-14 12:56 BST
4 Interesting protocols on 10.0.0.2:
5 (The 251 protocols scanned but not shown below are
6 in state: closed)
7 PROTOCOL STATE SERVICE
8 1 open icmp
9 2 open|filtered igmp
10 6 open tcp
11 17 open udp
12 255 open|filtered unknown
14 Nmap finished: 1 IP address (1 host up) scanned in
15 1.259 seconds
1 [10.0.0.253]# nmap -sP
1 [10.0.0.253]# nmap -sP

A.    10.0.0.253 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against 10.0.0.2.
B.    10.0.0.253 is performing an IP scan against 10.0.0.2, 10.0.0.252 is performing a port scan against 10.0.0.2.
C.    10.0.0.2 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against 10.0.0.2.
D.    10.0.0.252 is performing an IP scan against 10.0.0.2, 10.0.0.252 is performing a port scan against 10.0.0.2.

Answer: A
Explanation:

QUESTION 68
Pentest results indicate that voice over IP traffic is traversing a network. Which of the following tools will decode a packet capture and extract the voice conversations?

A.    Cain
B.    John the Ripper
C.    Nikto
D.    Hping

Answer: A

QUESTION 69
Which technical characteristic do Ethereal/Wireshark, TCPDump, and Snort have in common?

A.    They are written in Java.
B.    They send alerts to security monitors.
C.    They use the same packet analysis engine.
D.    They use the same packet capture utility.

Answer: D


!!!RECOMMEND!!!

1.|2017 New 312-50v9 Exam Dumps (VCE & PDF) 589Q&As Download:
https://www.braindump2go.com/312-50v9.html

2.|2017 New 312-50v9 Study Guide Video:
https://youtu.be/U8B7_OOPx00

Related Post