Ensurepass

QUESTION 321

Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design, and implementation?

 

A.     Penetration testing

B.     Social engineering

C.     Vulnerability scanning

D.     Access control list reviews

 

Correct Answer: A

 

 

 

 

QUESTION 322

When using Wireshark to acquire packet capture on a network, which device would enable the capture of all traffic on the wire?

 

A.     Network tap

B.     Layer 3 switch

C.     Network bridge

D.     Application firewall

 

Correct Answer: A

 

 

QUESTION 323

How does an operating system protect the passwords used for account logins?

 

A.     The operating system performs a one-way hash of the passwords.

B.     The operating system stores the passwords in a secret file that users cannot find.

C.     The operating system encrypts the passwords, and decrypts them when needed.

D.     The operating system stores all passwords in a protected segment of non-volatile memory.

 

Correct Answer: A

 

 

QUESTION 324

Which of the following programs is usually targeted at Microsoft Office products?

 

A.     Polymorphic virus

B.     Multipart virus

C.     Macro virus

D.     Stealth virus

 

Correct Answer: C

 

 

QUESTION 325

What is the main difference between a “Normal” SQL Injection and a “Blind” SQL Injection vulnerability?

 

A.     The request to the web server is not visible to the administrator of the vulnerable application.

B.     The attack is called “Blind” because, although the application properly filters user input, it is still vulnerable to code injection.

C.     The successful attack does not show an error message to the administrator of the affected application.

D.     The vulnerable application does not display errors with information about the injection results to the attacker.

 

Correct Answer: D

 

 

QUESTION 326

Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion?

 

A.     Regulatory compliance

B.     Peer review

C.     Change management

D.     Penetration testing

 

Correct Answer: C

 

 

QUESTION 327

Data hiding analysis can be useful in

 

A.     determining the level of encryption used to encrypt the data.

B.     detecting and recovering data that may indicate knowledge, ownership or intent.

C.     identifying the amount of central processing unit (cpu) usage over time to process the data.

D.     preventing a denial of service attack on a set of enterprise servers to prevent users from accessing the data.

 

Correct Answer: B

 

 

QUESTION 328

Smart cards use which protocol to transfer the certificate in a secure manner?

 

A.     Extensible Authentication Protocol (EAP)

B.     Point to Point Protocol (PPP)

C.     Point to Point Tunneling Protocol (PPTP)

D.     Layer 2 Tunneling Protocol (L2TP)

 

Correct Answer: A

 

 

 

 

 

QUESTION 329

A company firewall engineer has configured a new DMZ to allow public systems to be located away from the internal network. The engineer has three security zones set:

 

Ÿ   Untrust (Internet) – (Remote network = 217.77.88.0/24)

Ÿ   DMZ (DMZ) – (11.12.13.0/24)

Ÿ   Trust (Intranet) – (192.168.0.0/24)

 

The engineer wants to configure remote desktop access from a fixed IP on the remote network to a remote desktop server in the DMZ. Which rule would best fit this requirement?

 

A.     Permit 217.77.88.0/24 11.12.13.0/24 RDP 3389

B.     Permit 217.77.88.12 11.12.13.50 RDP 3389

C.     Permit 217.77.88.12 11.12.13.0/24 RDP 3389

D.     Permit 217.77.88.0/24 11.12.13.50 RDP 3389

 

Correct Answer: B

 

 

QUESTION 330

When comparing the testing methodologies of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) the main difference is

 

A.     OWASP is for web applications and OSSTMM does not include web applications.

B.     OSSTMM is gray box testing and OWASP is black box testing.

C.     OWASP addresses controls and OSSTMM does not.

D.     OSSTMM addresses controls and OWASP does not.

 

Correct Answer: D

 

Free VCE & PDF File for ECCouncil 312-50 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.