312-50V9 Online Practice Questions and Answers

Which of the following is a form of penetration testing that relies heavily on human interaction and often involves tricking people into breaking normal security procedures?

A. Social Engineering

B. Piggybacking

C. Tailgating

D. Eavesdropping

Which definition among those given below best describes a covert channel?

A. A server program using a port that is not well known.

B. Making use of a protocol in a way it is not intended to be used.

C. It is the multiplexing taking place on a communication link.

D. It is one of the weak channels used by WEP which makes it insecure

You've gained physical access to a Windows 2008 R2 server which has an accessible disc drive. When you attempt to boot the server and log in, you are unable to guess the password. In your tool kit you have an Ubuntu 9.10 Linux LiveCD. Which Linux based tool has the ability to change any user's password or to activate disabled Windows accounts?

A. CHNTPW

B. Cain and Abel

C. SET

D. John the Ripper

The purpose of a __________ is to deny network access to local area networks and other information assets by unauthorized wireless devices.

A. Wireless Intrusion Prevention System

B. Wireless Access Point

C. Wireless Access Control List

D. Wireless Analyzer

What term describes the amount of risk that remains after the vulnerabilities are classified and the countermeasures have been deployed?

A. Residual risk

B. Inherent risk

C. Deferred risk

D. Impact risk

As an Ethical Hacker you are capturing traffic from your customer network with Wireshark and you need to find and verify just SMTP traffic. What command in Wireshark will help you to find this kind of traffic?

A. request smtp 25

B. tcp.port eq 25

C. smtp port

D. tcp.contains port 25

John the Ripper is a technical assessment tool used to test the weakness of which of the following?

A. Usernames

B. File permissions

C. Firewall rulesets

D. Passwords

Which of the following does proper basic configuration of snort as a network intrusion detection system require?

A. Limit the packets captured to the snort configuration file.

B. Capture every packet on the network segment.

C. Limit the packets captured to a single segment.

D. Limit the packets captured to the /var/log/snort directory.

Which of the following describes a component of Public Key Infrastructure (PKI) where a copy of a private key is stored to provide third-party access and to facilitate recovery operations?

A. Key registry

B. Recovery agent

C. Directory

D. Key escrow

Which of the following is an advantage of utilizing security testing methodologies to conduct a security audit?

A. They provide a repeatable framework.

B. Anyone can run the command line scripts.

C. They are available at low cost.

D. They are subject to government regulation.