EC-Council 312-50v9 Study Guides 2021

Act now and download your 312 50v9 pdf today! Do not waste time for the worthless 312 50v9 pdf tutorials. Download 312 50v9 pdf with real questions and answers and begin to learn 312 50v9 pdf with a classic professional.

Also have 312-50v9 free dumps questions for you:

NEW QUESTION 1
In 2007, this wireless security algorithm was rendered useless by capturing packets and discovering the passkey in a matter of seconds. This security flaw led to a network invasion of TJ Maxx and data theft through a technique known wardriving.
Which algorithm is this referring to?

  • A. Wired Equivalent Privacy (WEP)
  • B. Temporal Key Integrity Protocol (TRIP)
  • C. Wi-Fi Protected Access (WPA)
  • D. Wi-Fi Protected Access 2(WPA2)

Answer: A

NEW QUESTION 2
To maintain compliance with regulatory requirements, a security audit of the systems on a network must be performed to determine their compliance with security policies. Which one of the following tools would most likely be used in such as audit?

  • A. Port scanner
  • B. Protocol analyzer
  • C. Vulnerability scanner
  • D. Intrusion Detection System

Answer: C

NEW QUESTION 3
A company’s Web development team has become aware ofa certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.
What kind of web application vulnerability likely exists in their software?

  • A. Web site defacement vulnerability
  • B. SQL injection vulnerability
  • C. Cross-site Scripting vulnerability
  • D. Cross-site Request Forgery vulnerability

Answer: C

NEW QUESTION 4
During a security audit of IT processes, an IS auditor found that there was no documented security procedures. What should the IS auditor do?

  • A. Terminate the audit.
  • B. Identify and evaluate existing practices.
  • C. Create a procedures document
  • D. Conduct compliance testing

Answer: B

NEW QUESTION 5
The “Gray box testing” methodology enforces what kind of restriction?

  • A. Only the external operation of a system is accessible to the tester.
  • B. Only the internal operation of a system is known to the tester.
  • C. The internal operation of a system is completely known to the tester.
  • D. The internal operation of a system is only partly accessible to the tester.

Answer: D

NEW QUESTION 6
The configuration allows a wired or wireless network interface controller to pass all trafice it receives to thecentral processing unit (CPU), rather than passing only the frames that the controller is intended to receive.
Which of the following is being described?

  • A. WEM
  • B. Multi-cast mode
  • C. Promiscuous mode
  • D. Port forwarding

Answer: B

NEW QUESTION 7
You are the Systems Administrator for a large corporate organization. You need to monitor all network traffic on your local network for suspicious activities and receive notifications when an attack is occurring. Which tool would allow you to accomplish this goal?

  • A. Host-based IDS
  • B. Firewall
  • C. Network-Based IDS
  • D. Proxy

Answer: C

NEW QUESTION 8
You work as a Security Analyst for a retail organization. In securing the company's network, you set up a firewall and an IDS. However, hackers are able to attack the network. After investigating, you discover that your IDS is not configured properly and therefore is unable to trigger alarms when needed. What type of alert is the IDS giving?

  • A. False Negative
  • B. True Negative
  • C. True Positive
  • D. False Positive

Answer: A

NEW QUESTION 9
Which tool allows analysis and pen testers to examine links between data using graphs and link analysis?

  • A. Metasploit
  • B. Maltego
  • C. Wireshark
  • D. Cain &Abel

Answer: B

NEW QUESTION 10
You are tasked to perform a penetration test. While you are performinginformation gathering, you find ab employee list in Google. You find receptionist’s email, and you send her an email changing the source email to her boss’s email ( boss@company ). In this email, you ask for a pdf with information. She reads your email and sends back a pdf with links. You exchange the pdf links with your malicious links (these links contain malware) and send back the modified pdf, saying that the links don’t work. She reads your email, opens the links, and her machine gets infected.
What testing method did you use?

  • A. Piggybacking
  • B. Tailgating
  • C. Evesdropping
  • D. Social engineering

Answer: D

NEW QUESTION 11
During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal Network.
What is this type of DNS configuration commonly called?

  • A. DNS Scheme
  • B. DynDNS
  • C. Split DNS
  • D. DNSSEC

Answer: C

NEW QUESTION 12
This international organizationregulates billions of transactions daily and provides security guidelines to protect personally identifiable information (PII). These security controls provide a baseline and prevent low-level hackers sometimes known as script kiddies from causing a data breach.
Which of the following organizations is being described?

  • A. Payment Card Industry (PCI)
  • B. International Security Industry Organization (ISIO)
  • C. Institute of Electrical and Electronics Engineers (IEEE)
  • D. Center for Disease Control (CDC)

Answer: B

NEW QUESTION 13
Jesse receives an email with an attachment labeled “Court_Notice_21206.zip”. Inside the zip file is a file named “Court_Notice_21206.docx.exe” disguised as a word document.Upon execution, a windows appears stating, “This word document is corrupt.” In the background, the file copies itself to Jesse APPDATAlocal directory and begins to beacon to a C2 server to download additional malicious binaries. What type of malware has Jesse encountered?

  • A. Trojan
  • B. Worm
  • C. Key-Logger
  • D. Micro Virus

Answer: A

NEW QUESTION 14
To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used randomly generate invalid input in an attempt to crash the program.
What term is commonly used when referring to this type of testing?

  • A. Bounding
  • B. Mutating
  • C. Puzzing
  • D. Randomizing

Answer: C

NEW QUESTION 15
Which of the following is a low-tech way of gaining unauthorized access to systems?

  • A. Sniffing
  • B. Social engineering
  • C. Scanning
  • D. Eavesdropping

Answer: B

NEW QUESTION 16
Which of the following is considered the best way to prevent Personally Identifiable Information (PII) from web application vulnerabilities?

  • A. Use encrypted communications protocols to transmit PII
  • B. Use full disk encryption on all hard drives to protect PII
  • C. Use cryptographic storage to store all PII
  • D. Use a security token to log onto into all Web application that use PII

Answer: A

NEW QUESTION 17
The “white box testing” methodology enforces what kind of restriction?

  • A. The internal operation of a system is completely known to the tester.
  • B. Only the internal operation of a system is known to the tester.
  • C. Only the external operation of a system is accessible to the tester.
  • D. The internal operation of a system is only partly accessible to the tester.

Answer: A

Thanks for reading the newest 312-50v9 exam dumps! We recommend you to try the PREMIUM Certleader 312-50v9 dumps in VCE and PDF here: https://www.certleader.com/312-50v9-dumps.html (125 Q&As Dumps)