Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil 312-50 - Certified Ethical Hacker Exam

ECCouncil 312-50 Premium Access     Download Demo    
Page: 7 / 13
Total 614 questions

A covert channel is a channel that

A.

transfers information over, within a computer system, or network that is outside of the security policy.

B.

transfers information over, within a computer system, or network that is within the security policy.

C.

transfers information via a communication path within a computer system, or network for transfer of data.

D.

transfers information over, within a computer system, or network that is encrypted.

Which of the following lists are valid data-gathering activities associated with a risk assessment?

A.

Threat identification, vulnerability identification, control analysis

B.

Threat identification, response identification, mitigation identification

C.

Attack profile, defense profile, loss profile

D.

System profile, vulnerability identification, security determination

Which results will be returned with the following Google search query?

site:target.com -site:Marketing.target.com accounting

A.

Results matching all words in the query

B.

Results matching “accounting” in domain target.com but not on the site Marketing.target.com

C.

Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting

D.

Results for matches on target.com and Marketing.target.com that include the word “accounting”

What is one thing a tester can do to ensure that the software is trusted and is not changing or tampering with critical data on the back end of a system it is loaded on?

A.

Proper testing

B.

Secure coding principles

C.

Systems security and architecture review

D.

Analysis of interrupts within the software

When utilizing technical assessment methods to assess the security posture of a network, which of the following techniques would be most effective in determining whether end-user security training would be beneficial?

A.

Vulnerability scanning

B.

Social engineering

C.

Application security testing

D.

Network sniffing

A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed?

A.

white box

B.

grey box

C.

red box

D.

black box

How can rainbow tables be defeated?

A.

Password salting

B.

Use of non-dictionary words

C.

All uppercase character passwords

D.

Lockout accounts under brute force password cracking attempts

An NMAP scan of a server shows port 25 is open. What risk could this pose?

A.

Open printer sharing

B.

Web portal data leak

C.

Clear text authentication

D.

Active mail relay

An NMAP scan of a server shows port 69 is open. What risk could this pose?

A.

Unauthenticated access

B.

Weak SSL version

C.

Cleartext login

D.

Web portal data leak

A security consultant decides to use multiple layers of anti-virus defense, such as end user desktop anti-virus and E-mail gateway. This approach can be used to mitigate which kind of attack?

A.

Forensic attack

B.

ARP spoofing attack

C.

Social engineering attack

D.

Scanning attack