Ensurepass

QUESTION 301

Which initial procedure should an ethical hacker perform after being brought into an organization?

 

A.     Begin security testing.

B.     Turn over deliverables.

C.     Sign a formal contract with non-disclosure.

D.     Assess what the organization is trying to protect.

 

Correct Answer: C

 

 

QUESTION 302

Which of the following guidelines or standards is associated with the credit card industry?

 

A.     Control Objectives for Information and Related Technology (COBIT)

B.     Sarbanes-Oxley Act (SOX)

C.     Health Insurance Portability and Accountability Act (HIPAA)

D.     Payment Card Industry Data Security Standards (PCI DSS)

 

Correct Answer: D

 

 

QUESTION 303

An attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file?

 

A.     Timing attack

B.     Replay attack

C.     Memory trade-off attack

D.     Chosen plain-text attack

 

Correct Answer: D

 

 

QUESTION 304

Which tool can be used to silently copy files from USB devices?

 

A.     USB Grabber

B.     USB Dumper

C.     USB Sniffer

D.     USB Snoopy

 

Correct Answer: B

 

 

QUESTION 305

How can a rootkit bypass Windows 7 operating system’s kernel mode, code signing policy?

 

A.     Defeating the scanner from detecting any code change at the kernel.

B.     Replacing patch system calls with its own version that hides the rootkit (attacker’s) actions.

C.     Performing common services for the application process and re
placing real applications with fake ones.

D.     Attaching itself to the master boot record in a hard drive and changing the machine’s boot sequence/options.

 

Correct Answer: D

 

 

 

 

 

QUESTION 306

A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?

 

A.     Perform a vulnerability scan of the system.

B.     Determine the impact of enabling the audit feature.

C.     Perform a cost/benefit analysis of the audit feature.

D.     Allocate funds for staffing of audit log review.

 

Correct Answer: B

 

 

QUESTION 307

A consultant has been hired by the V.P. of a large financial organization to assess the company’s security posture. During the security testing, the consultant comes across child pornography on the V.P.’s computer. What is the consultant’s obligation to the financial organization?

 

A.     Say nothing and continue with the security testing.

B.     Stop work immediately and contact the authorities.

C.     Delete the pornography, say nothing, and continue security testing.

D.     Bring the discovery to the financial organization’s human resource department.

 

Correct Answer: B

 

 

QUESTION 308

How is sniffing broadly categorized?

 

A.     Active and passive.

B.     Broadcast and unicast.

C.     Unmanaged and managed.

D.     Filtered and unfiltered.

 

Correct Answer: A

 

 

QUESTION 309

An engineer is learning to write exploits in C++ and is using the exploit tool Backtrack. The engineer wants to compile the newest C++ exploit and name it calc.exe. Which command would the engineer use to accomplish this?

 

A.     g++ hackersExploit.cpp -o calc.exe

B.     g++ hackersExploit.py -o calc.exe

C.     g++ -i hackersExploit.pl -o calc.exe

D.     g++ –compile -i hackersExploit.cpp -o calc.exe

 

Correct Answer: A

 

 

QUESTION 310

A computer technician is using a new version of a word processing software package when it is discovered that a special sequence of characters causes the entire computer to crash. The technician researches the bug and discovers that no one else experienced the problem. What is the appropriate next step?

 

A.     Ignore the problem completely and let someone else deal with it.

B.     Create a document that will crash the computer when opened and send it to friends.

C.     Find an underground bulletin board and attempt to sell the bug to the highest bidder.

D.     Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.

 

Correct Answer: D

 

Free VCE & PDF File for ECCouncil 312-50 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.