Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

312-50Free trial

By eccouncil

Verified

25Q per page

Question 26

What is one thing a tester can do to ensure that the software is trusted and is not changing or tampering with critical data on the back end of a system it is loaded on?

A: Proper testing
B: Secure coding principles
C: Systems security and architecture review
D: Analysis of interrupts within the software

—

Question 27

The following is a sample of output from a penetration tester's machine targeting a machine with the IP address of 192.168.1.106:

What is most likely taking place?

A: Ping sweep of the 192.168.1.106 network
B: Remote service brute force attempt
C: Port scan of 192.168.1.106
D: Denial of service attack on 192.168.1.106

—

Question 28

An NMAP scan of a server shows port 25 is open. What risk could this pose?

A: Open printer sharing
B: Web portal data leak
C: Clear text authentication
D: Active mail relay

—

Question 29

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System
(OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS?

A: The host is likely a Windows machine.
B: The host is likely a Linux machine.
C: The host is likely a router.
D: The host is likely a printer.

—

Question 30

What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response?

A: Passive
B: Reflective
C: Active
D: Distributive

—

Question 31

Which of the following lists are valid data-gathering activities associated with a risk assessment?

A: Threat identification, vulnerability identification, control analysis
B: Threat identification, response identification, mitigation identification
C: Attack profile, defense profile, loss profile
D: System profile, vulnerability identification, security determination

—

Question 32

A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed?

A: white box
B: grey box
C: red box
D: black box

—

Question 33

Which of the following is a detective control?

A: Smart card authentication
B: Security policy
C: Audit trail
D: Continuity of operations plan

—

Question 34

Which of the following examples best represents a logical or technical control?

A: Security tokens
B: Heating and air conditioning
C: Smoke and fire alarms
D: Corporate security policy

—

Question 35

How can telnet be used to fingerprint a web server?

A: telnet webserverAddress 80 HEAD / HTTP/1.0
B: telnet webserverAddress 80 PUT / HTTP/1.0
C: telnet webserverAddress 80 HEAD / HTTP/2.0
D: telnet webserverAddress 80 PUT / HTTP/2.0

—

Question 36

A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed like an electrician and waits in the lobby for an employee to pass through the main access gate, then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform?

A: Man trap
B: Tailgating
C: Shoulder surfing
D: Social engineering

—

Question 37

A security consultant decides to use multiple layers of anti-virus defense, such as end user desktop anti-virus and E-mail gateway. This approach can be used to mitigate which kind of attack?

A: Forensic attack
B: ARP spoofing attack
C: Social engineering attack
D: Scanning attack

—

Question 38

Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP?

A: Metasploit scripting engine
B: Nessus scripting engine
C: NMAP scripting engine
D: SAINT scripting engine

—

Question 39

Which of the following scanning tools is specifically designed to find potential exploits in Microsoft Windows products?

A: Microsoft Security Baseline Analyzer
B: Retina
C: Core Impact
D: Microsoft Baseline Security Analyzer

—

Question 40

A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed. Which security policy must the security analyst check to see if dial-out modems are allowed?

A: Firewall-management policy
B: Acceptable-use policy
C: Remote-access policy
D: Permissive policy

—

Question 41

A security consultant is trying to bid on a large contract that involves penetration testing and reporting. The company accepting bids wants proof of work so the consultant prints out several audits that have been performed. Which of the following is likely to occur as a result?

A: The consultant will ask for money on the bid because of great work.
B: The consultant may expose vulnerabilities of other companies.
C: The company accepting bids will want the same type of format of testing.
D: The company accepting bids will hire the consultant because of the great work performed.

—

That’s the end of your free questions

You’ve reached the preview limit for 312-50

Consider upgrading to gain full access!

Page 2 of 9 • Questions 26-50 of 205

←

1 2 3 4 5

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!