Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design, and implementation?


A.     Penetration testing

B.     Social engineering

C.     Vulnerability scanning

D.     Access control list reviews


Correct Answer: A






When using Wireshark to acquire packet capture on a network, which device would enable the capture of all traffic on the wire?


A.     Network tap

B.     Layer 3 switch

C.     Network bridge

D.     Application firewall


Correct Answer: A




How does an operating system protect the passwords used for account logins?


A.     The operating system performs a one-way hash of the passwords.

B.     The operating system stores the passwords in a secret file that users cannot find.

C.     The operating system encrypts the passwords, and decrypts them when needed.

D.     The operating system stores all passwords in a protected segment of non-volatile memory.


Correct Answer: A




Which of the following programs is usually targeted at Microsoft Office products?


A.     Polymorphic virus

B.     Multipart virus

C.     Macro virus

D.     Stealth virus


Correct Answer: C




What is the main difference between a “Normal” SQL Injection and a “Blind” SQL Injection vulnerability?


A.     The request to the web server is not visible to the administrator of the vulnerable application.

B.     The attack is called “Blind” because, although the application properly filters user input, it is still vulnerable to code injection.

C.     The successful attack does not show an error message to the administrator of the affected application.

D.     The vulnerable application does not display errors with information about the injection results to the attacker.


Correct Answer: D




Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion?


A.     Regulatory compliance

B.     Peer review

C.     Change management

D.     Penetration testing


Correct Answer: C




Data hiding analysis can be useful in


A.     determining the level of encryption used to encrypt the data.

B.     detecting and recovering data that may indicate knowledge, ownership or intent.

C.     identifying the amount of central processing unit (cpu) usage over time to process the data.

D.     preventing a denial of service attack on a set of enterprise servers to prevent users from accessing the data.


Correct Answer: B




Smart cards use which protocol to transfer the certificate in a secure manner?


A.     Extensible Authentication Protocol (EAP)

B.     Point to Point Protocol (PPP)

C.     Point to Point Tunneling Protocol (PPTP)

D.     Layer 2 Tunneling Protocol (L2TP)


Correct Answer: A







A company firewall engineer has configured a new DMZ to allow public systems to be located away from the internal network. The engineer has three security zones set:


Ÿ   Untrust (Internet) – (Remote network =

Ÿ   DMZ (DMZ) – (

Ÿ   Trust (Intranet) – (


The engineer wants to configure remote desktop access from a fixed IP on the remote network to a remote desktop server in the DMZ. Which rule would best fit this requirement?


A.     Permit RDP 3389

B.     Permit RDP 3389

C.     Permit RDP 3389

D.     Permit RDP 3389


Correct Answer: B




When comparing the testing methodologies of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) the main difference is


A.     OWASP is for web applications and OSSTMM does not include web applications.

B.     OSSTMM is gray box testing and OWASP is black box testing.

C.     OWASP addresses controls and OSSTMM does not.

D.     OSSTMM addresses controls and OWASP does not.


Correct Answer: D


Free VCE & PDF File for ECCouncil 312-50 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.