312-50Preview

An incident investigator asks to receive a copy of the event logs from all firewalls, proxy servers, and Intrusion Detection Systems (IDS) on the network of an organization that has experienced a possible breach of security. When the investigator attempts to correlate the information in all of the logs, the sequence of many of the logged events do not match up.
What is the most likely cause?

A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use?

You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly.
What is the best nmap command you will use?

Which of the following is considered an acceptable option when managing a risk?

Which of the following Nmap commands would be used to perform a stack fingerprinting?

During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability?

Which type of intrusion detection system can monitor and alert on attacks, but cannot stop them?

A circuit level gateway works at which of the following layers of the OSI Model?

When setting up a wireless network, an administrator enters a pre-shared key for security. Which of the following is true?

A person approaches a network administrator and wants advice on how to send encrypted email from home. The end user does not want to have to pay for any license fees or manage server services. Which of the following is the most secure encryption protocol that the network administrator should recommend?

Which of the following is a client-server tool utilized to evade firewall inspection?

Advanced encryption standard is an algorithm used for which of the following?

Which of the following is a common Service Oriented Architecture (SOA) vulnerability?

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?

Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?

Which of the following is considered the best way to protect Personally Identifiable Information (PII) from Web application vulnerabilities?

When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what it is meant by processing?

Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection?

A penetration tester is attempting to scan an internal corporate network from the internet without alerting the border sensor. Which is the most efficient technique should the tester consider using?

The precaution of prohibiting employees from bringing personal computing devices into a facility is what type of security control?

Which of the following items of a computer system will an anti-virus program scan for viruses?

Based on the following extract from the log of a compromised machine, what is the hacker really trying to steal?

Which of the following LM hashes represent a password of less than 8 characters? (Choose two.)

You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet. How will you achieve this without raising suspicion?