Which three statements are true of social engineering? (Choose three.)
A. Social engineering largely leverages most people's "good nature" and "desire to help" to obtain the information that is needed.
B. Social engineering can be achieved through seemingly normal situations or appearances to obtain access to resources or physical locations otherwise off-limits to personnel.
C. Social engineering is easy to spot and should be called out immediately in front of everyone to unveil a fraud.
D. Social engineering leverages greed and disgruntled feelings of employees.
What is the difference between brute-forcing and password spraying?
A. Brute-forcing refers to extracting AES keys from memory, and password spraying is attempting all possible passwords from a dictionary of common passwords.
B. Brute-forcing is calculating the most likely password for a user, based on the user's birthday, anniversary, and children's birthdays. Password spraying means to try every password based on a dictionary.
C. Brute-forcing is coercing users to give you their password, and password spraying refers to gathering credentials through phishing campaigns.
D. Brute-forcing is an attempt of every possible password on certain accounts, and password spraying is attempting only a couple common passwords on every possible account.
What statement best describes a reconnaissance attack?
A. A reconnaissance attack is nothing more than script kiddies playing around with software tools.
B. A reconnaissance attack is an attempt to gather information about an intended victim before attempting a more intrusive attack.
C. Reconnaissance attacks pose no threat to the infrastructure.
D. Reconnaissance attacks are easy to identify and can be suppressed with minimal effort.
Which two statements are true? (Choose two.)
A. Security engineers that need to locate vulnerabilities in a managed environment commonly use vulnerability scanners, such as Nessus and OpenVAS.
B. Attackers use vulnerability scanners such as Nessus and OpenVAS to locate vulnerabilities in potential target hosts.
C. Vulnerability scanners, such as Nessus and OpenVAS, are safe to experiment with on a production network environment.
D. Vulnerability scanners, such as Nessus and OpenVAS, should never be used on a production network for any reason.
What are three threats to a vulnerable application during a buffer overflow attack? (Choose three.)
A. corruption of data
B. crash the application
C. execution of malicious code
D. iframe injection
E. cross-site-scripting execution
What are two reasons that client systems may be targeted with client-side attacks? (Choose two.)
A. Client systems often contain large amounts of confidential data.
B. Client-side systems typically reside on the open Internet and are easy targets.
C. Users of client systems may be susceptible to social engineering techniques.
D. Client systems may be used effectively as pivots.
E. Client-side systems do not have effective attack defense software.
A local exploit requires which of the following?
A. physical access to the vulnerable system
B. access to the same IP subnet as the vulnerable system
C. prior access to the vulnerable system
D. access to the same domain as the vulnerable system
What two are the result of typing cat myfile.txt 2> file_output.log from the command line? (Choose two.)
A. The contents of myfile.txt will be displayed on the terminal.
B. The contents of myfile.txt will be sent to file_output.log.
C. Any errors that are associated with displaying the file are sent to file_output.log.
D. The contents of file_output.log will overwrite the contents of myfile.txt.
E. The command will generate an error due to invalid syntax.
Which variable stores a list of the directories that the system searches for commands when you execute them from the command line?
A. dir /
B. */dir-list
C. $PATH
D. $searchdir
What tool or command can you use to view running processes?
A. show proc
B. top
C. procdisp
D. execrun
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 210-250 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.