Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil 312-50 - Certified Ethical Hacker Exam

ECCouncil 312-50 Premium Access     Download Demo    
Page: 8 / 13
Total 614 questions

Which of the following processes evaluates the adherence of an organization to its stated security policy?

A.

Vulnerability assessment

B.

Penetration testing

C.

Risk assessment

D.

Security auditing

What is the main advantage that a network-based IDS/IPS system has over a host-based solution?

A.

They do not use host system resources.

B.

They are placed at the boundary, allowing them to inspect all traffic.

C.

They are easier to install and configure.

D.

They will not interfere with user interfaces.

What technique is used to perform a Connection Stream Parameter Pollution (CSPP) attack?

A.

Injecting parameters into a connection string using semicolons as a separator

B.

Inserting malicious Javascript code into input parameters

C.

Setting a user's session identifier (SID) to an explicit known value

D.

Adding multiple parameters with the same name in HTTP requests

What is the main difference between a “Normal” SQL Injection and a “Blind” SQL Injection vulnerability?

A.

The request to the web server is not visible to the administrator of the vulnerable application.

B.

The attack is called “Blind” because, although the application properly filters user input, it is still vulnerable to code injection.

C.

The successful attack does not show an error message to the administrator of the affected application.

D.

The vulnerable application does not display errors with information about the injection results to the attacker.

Which of the following business challenges could be solved by using a vulnerability scanner?

A.

Auditors want to discover if all systems are following a standard naming convention.

B.

A web server was compromised and management needs to know if any further systems were compromised.

C.

There is an emergency need to remove administrator access from multiple machines for an employee that quit.

D.

There is a monthly requirement to test corporate compliance with host application usage and security policies.

What is the name of the international standard that establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for evaluation?

A.

Blue Book

B.

ISO 26029

C.

Common Criteria

D.

The Wassenaar Agreement

At a Windows Server command prompt, which command could be used to list the running services?

A.

Sc query type= running

B.

Sc query \\servername

C.

Sc query

D.

Sc config

A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed like an electrician and waits in the lobby for an employee to pass through the main access gate, then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform?

A.

Man trap

B.

Tailgating

C.

Shoulder surfing

D.

Social engineering

A company has hired a security administrator to maintain and administer Linux and Windows-based systems. Written in the nightly report file is the following:

Firewall log files are at the expected value of 4 MB. The current time is 12am. Exactly two hours later the size has decreased considerably. Another hour goes by and the log files have shrunk in size again.

Which of the following actions should the security administrator take?

A.

Log the event as suspicious activity and report this behavior to the incident response team immediately.

B.

Log the event as suspicious activity, call a manager, and report this as soon as possible.

C.

Run an anti-virus scan because it is likely the system is infected by malware.

D.

Log the event as suspicious activity, continue to investigate, and act according to the site's security policy.

A security policy will be more accepted by employees if it is consistent and has the support of

A.

coworkers.

B.

executive management.

C.

the security officer.

D.

a supervisor.