Ensurepass

QUESTION 401

Which of the following algorithms provides better protection against brute force attacks by using a 160-bit message digest?

 

A.     MD5

B.     SHA-1

C.     RC4

D.     MD4

Correct Answer: B

 

 

QUESTION 402

Company A and Company B have just merged and each has its own Public Key Infrastructure (PKI). What must the Certificate Authorities (CAs) establish so that the private PKIs for Company A and Company B trust one another and each private PKI can validate digital certificates from the other company?

 

A.     Poly key exchange

B.     Cross certification

C.     Poly key reference

D.     Cross-site exchange

 

Correct Answer: B

 

 

QUESTION 403

What is the best defense against privilege escalation vulnerability?

 

A.     Patch systems regularly and upgrade interactive login privileges at the system administrator level.

B.     Run administrator and applications on least privileges and use a content registry for tracking.

C.     Run services with least privileged accounts and implement multi-factor authentication and authorization.

D.     Review user roles and administrator privileges for maximum utilization of automation services.

 

Correct Answer: C

 

 

QUESTION 404

Fingerprinting VPN firewalls is possible with which of the following tools?

 

A.     Angry IP

B.     Nikto

C.     Ike-scan

D.     Arp-scan

 

Correct Answer: C

 

 

 

 

QUESTION 405

A company has publicly hosted web applications and an internal Intranet protected by a firewall. Which technique will help protect against enumeration?

 

A.     Reject all invalid email received via SMTP.

B.     Allow full DNS zone transfers.

C.     Remove A records for internal hosts.

D.     Enable null session pipes.

 

Correct Answer: C

 

 

QUESTION 406

Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?

 

A.     CSIRT provides an incident response service to enable a reliable and trusted single point of contact for reporting computer security incidents worldwide.

B.     CSIRT provides a computer security surveillance service to supply a government with important intelligence information on individuals travelling abroad.

C.     CSIRT provides a penetration testing service to support exception reporting on incidents worldwide by individuals and multi-national corporations.

D.     CSIRT provides a vulnerability assessment service to assist law enforcement agencies with profiling an individual’s property or company’s asset.

 

Correct Answer: A

 

 

QUESTION 407

Which of the following is a client-server tool utilized to evade firewall inspection?

 

A.     tcp-over-dns

B.     kismet

C.     nikto

D.     hping

 

Correct Answer: A

 

 

QUESTION 408

Which of the following is a symmetric cryptographic standard?

 

A.     DSA

B.     PKI

C.     RSA

D.     3DES

 

Correct Answer: D

 

 

QUESTION 409

Which of the following cryptography attack methods is usually performed without the use of a computer?

 

A.     Ciphertext-only attack

B.     Chosen key attack

C.     Rubber hose attack

D.     Rainbow table attack

 

Correct Answer: C

 

 

QUESTION 410

What technique is used to perform a Connection Stream Parameter Pollution (CSPP) attack?

 

A.     Injecting parameters into a connection string using semicolons as a separator.

B.     Inserting malicious JavaScript code into input parameters.

C.     Setting a user’s session identifier (SID) to an explicit known value.

D.     Adding multiple parameters with the same name in HTTP requests.

 

Correct Answer: A

 

Free VCE & PDF File for ECCouncil 312-50 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.