312-50V9 Online Practice Questions and Answers

A software tester is randomly generating invalid inputs in an attempt to crash the program. Which of the following is a software testing technique used to determine if a software program properly handles a wide range of invalid input?

A. Mutating

B. Randomizing

C. Fuzzing

D. Bounding

Which of the following is a wireless network detector that is commonly found on Linux?

A. Kismet

B. Abel

C. Netstumbler

D. Nessus

What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

A. All are hacking tools developed by the legion of doom

B. All are tools that can be used not only by hackers, but also security personnel

C. All are DDOS tools

D. All are tools that are only effective against Windows

E. All are tools that are only effective against Linux

You are trying to break into a highly classified top-secret mainframe computer with highest security system

in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking doesn't work

in this case, because organizations such as banks are generally tight and secure when it comes to

protecting their systems.

In other words, you are trying to penetrate an otherwise impenetrable system.

How would you proceed?

A. Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network

B. Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information

C. Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000 or more "zombies" and "bots"

D. Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques

The network administrator contacts you and tells you that she noticed the temperature on the internal wireless router increases by more than 20% during weekend hours when the office was closed. She asks you to investigate the issue because she is busy dealing with a big conference and she doesn't have time to perform the task.

What tool can you use to view the network traffic being sent and received by the wireless router?

A. Wireshark

B. Nessus

C. Netcat

D. Netstat

A regional bank hires your company to perform a security assessment on their network after a recent data breach. The attacker was able to steal financial data from the bank by compromising only a single server.

Based on this information, what should be one of your key recommendations to the bank?

A. Place a front-end web server in a demilitarized zone that only handles external web traffic

B. Require all employees to change their passwords immediately

C. Move the financial data to another server on the same IP subnet

D. Issue new certificates to the web servers from the root certificate authority

The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the central processing unit (CPU), rather than passing only the frames that the controller is intended to receive.

Which of the following is being described?

A. promiscuous mode

B. port forwarding

C. multi-cast mode

D. WEM

During a security audit of IT processes, an IS auditor found that there were no documented security procedures. What should the IS auditor do?

A. Identify and evaluate existing practices

B. Create a procedures document

C. Conduct compliance testing

D. Terminate the audit

What two conditions must a digital signature meet?

A. Has to be unforgeable, and has to be authentic.

B. Has to be legible and neat.

C. Must be unique and have special characters.

D. Has to be the same number of characters as a physical signature and must be unique.

What network security concept requires multiple layers of security controls to be placed throughout an IT infrastructure, which improves the security posture of an organization to defend against malicious attacks or potential vulnerabilities?

A. Security through obscurity

B. Host-Based Intrusion Detection System

C. Defense in depth

D. Network-Based Intrusion Detection System

What is the name of the international standard that establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for evaluation?

A. Blue Book

B. ISO 26029

C. Common Criteria

D. The Wassenaar Agreement

A pentester is using Metasploit to exploit an FTP server and pivot to a LAN. How will the pentester pivot using Metasploit?

A. Issue the pivot exploit and set the meterpreter.

B. Reconfigure the network settings in the meterpreter.

C. Set the payload to propagate through the meterpreter.

D. Create a route statement in the meterpreter.

Which solution can be used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions?

A. Firewall

B. Honeypot

C. Core server

D. Layer 4 switch

An IT security engineer notices that the company's web server is currently being hacked. What should the engineer do next?

A. Unplug the network connection on the company's web server.

B. Determine the origin of the attack and launch a counterattack.

C. Record as much information as possible from the attack.

D. Perform a system restart on the company's web server.

Which of the following is an advantage of utilizing security testing methodologies to conduct a security audit?

A. They provide a repeatable framework.

B. Anyone can run the command line scripts.

C. They are available at low cost.

D. They are subject to government regulation.