312-50v10 | The Renew Guide To 312-50v10 vce

Question No: 2

What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?

A. Black-box

B. Announced

C. White-box

D. Grey-box

Answer: D

Question No: 3

Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.

What should you do?

A. Confront the client in a respectful manner and ask her about the data.

B. Copy the data to removable media and keep it in case you need it.

C. Ignore the data and continue the assessment until completed as agreed.

D. Immediately stop work and contact the proper legal authorities.

Answer: D

Question No: 4

The following is part of a log file taken from the machine on the network with the IP address of 192.168.0.110:

What type of activity has been logged?

A. Teardrop attack targeting 192.168.0.110

B. Denial of service attack targeting 192.168.0.105

C. Port scan targeting 192.168.0.110

D. Port scan targeting 192.168.0.105

Answer: C

Question No: 5

You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity. What tool would you most likely select?

A. Snort

B. Nmap

C. Cain & Abel

D. Nessus

Answer: A

Question No: 6

You are the Network Admin, and you get a compliant that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL.

What may be the problem?

A. Traffic is Blocked on UDP Port 53

B. Traffic is Blocked on UDP Port 80

C. Traffic is Blocked on UDP Port 54

D. Traffic is Blocked on UDP Port 80

Answer: A

Question No: 7

You are doing an internal security audit and intend to find out what ports are open on all the servers. What is the best way to find out?

A. Scan servers with Nmap

B. Scan servers with MBSA

C. Telnet to every port on each server

D. Physically go to each server

Answer: A

Question No: 8

An IT employee got a call from one of our best customers. The caller wanted to know about the company's network infrastructure, systems, and team. New opportunities of integration are in sight for both company and customer. What should this employee do?

A. The employees cannot provide any information; but, anyway, he/she will provide the name of the person in charge.

B. Since the company's policy is all about Customer Service, he/she will provide information.

C. Disregarding the call, the employee should hang up.

D. The employee should not provide any information without previous management authorization.

Answer: D

Question No: 9

You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8.

While monitoring the data, you find a high number of outbound connections. You see that IPu2021s owned by XYZ (Internal) and private IPu2021s are communicating to a Single Public IP. Therefore, the Internal IPu2021s are sending data to the Public IP.

After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised.

What kind of attack does the above scenario depict?

A. Botnet Attack

B. Spear Phishing Attack

C. Advanced Persistent Threats

D. Rootkit Attack

Answer: A

Question No: 10

In which of the following password protection technique, random strings of characters are added to the password before calculating their hashes?

A. Keyed Hashing

B. Key Stretching

C. Salting

D. Double Hashing

Answer: C

Question No: 11

What is not a PCI compliance recommendation?

A. Use a firewall between the public network and the payment card data.

B. Use encryption to protect all transmission of card holder data over any public network.

C. Rotate employees handling credit card transactions on a yearly basis to different departments.

D. Limit access to card holder data to as few individuals as possible.

Answer: C