EC-COUNCIL EC-COUNCIL Certifications 312-50V10 Questions & Answers

• Question 521:

  The precaution of prohibiting employees from bringing personal computing devices into a facility is what type of security control?

  A. Physical

  B. Procedural

  C. Technical

  D. Compliance

  Correct Answer: B

• Question 522:

  A security administrator notices that the log file of the company's webserver contains suspicious entries:

  

  Based on source code analysis, the analyst concludes that the login.php script is vulnerable to

  A. command injection.

  B. SQL injection.

  C. directory traversal.

  D. LDAP injection.

  Correct Answer: B

• Question 523:

  During a wireless penetration test, a tester detects an access point using WPA2 encryption. Which of the following attacks should be used to obtain the key?

  A. The tester must capture the WPA2 authentication handshake and then crack it.

  B. The tester must use the tool inSSIDer to crack it using the ESSID of the network.

  C. The tester cannot crack WPA2 because it is in full compliance with the IEEE 802.11i standard.

  D. The tester must change the MAC address of the wireless network card and then use the AirTraf tool to obtain the key.

  Correct Answer: A

• Question 524:

  When utilizing technical assessment methods to assess the security posture of a network, which of the following techniques would be most effective in determining whether end-user security training would be beneficial?

  A. Vulnerability scanning

  B. Social engineering

  C. Application security testing

  D. Network sniffing

  Correct Answer: B

• Question 525:

  Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?

  A. Restore a random file.

  B. Perform a full restore.

  C. Read the first 512 bytes of the tape.

  D. Read the last 512 bytes of the tape.

  Correct Answer: B

  A full restore is required.

• Question 526:

  A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?

  A. Perform a vulnerability scan of the system.

  B. Determine the impact of enabling the audit feature.

  C. Perform a cost/benefit analysis of the audit feature.

  D. Allocate funds for staffing of audit log review.

  Correct Answer: B

• Question 527:

  From the two screenshots below, which of the following is occurring?

  

  A. 10.0.0.253 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against

  10.0.0.2.

  B. 10.0.0.253 is performing an IP scan against 10.0.0.2, 10.0.0.252 is performing a port scan against

  10.0.0.2.

  C. 10.0.0.2 is performing an IP scan against 10.0.0.0/24, 10.0.0.252 is performing a port scan against

  10.0.0.2.

  D. 10.0.0.252 is performing an IP scan against 10.0.0.2, 10.0.0.252 is performing a port scan against

  10.0.0.2.

  Correct Answer: A

• Question 528:

  On a Linux device, which of the following commands will start the Nessus client in the background so that the Nessus server can be configured?

  A. nessus +

  B. nessus *s

  C. nessus and

  D. nessus -d

  Correct Answer: C

• Question 529:

  Which set of access control solutions implements two-factor authentication?

  A. USB token and PIN

  B. Fingerprint scanner and retina scanner

  C. Password and PIN

  D. Account and password

  Correct Answer: A

• Question 530:

  Which property ensures that a hash function will not produce the same hashed value for two different messages?

  A. Collision resistance

  B. Bit length

  C. Key strength

  D. Entropy

  Correct Answer: A