312-50V9 Online Practice Questions and Answers

What is the best Nmap command to use when you want to list all devices in the same network quickly after you successfully identified a server whose IP address is 10.10.0.5?

A. nmap -T4 -F 10.10.0.0/24

B. nmap -T4 -q 10.10.0.0/24

C. nmap -T4 -O 10.10.0.0/24

D. nmap -T4 -r 10.10.1.0/24

Sandra is the security administrator of XYZ.com. One day she notices that the XYZ.com Oracle database server has been compromised and customer information along with financial data has been stolen. The financial loss will be estimated in millions of dollars if the database gets into the hands of competitors. Sandra wants to report this crime to the law enforcement agencies immediately. Which organization coordinates computer crime investigations throughout the United States?

A. NDCA

B. NICP

C. CIRP

D. NPC

E. CIA

Your company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved with human trafficking.

What should you do?

A. Immediately stop work and contact the proper legal authorities.

B. Copy the data to removable media and keep it in case you need it.

C. Confront the client in a respectful manner and ask her about the data.

D. Ignore the data and continue the assessment until completed as agreed.

Using Windows CMD, how would an attacker list all the shares to which the current user context has access?

A. NET USE

B. NET CONFIG

C. NET FILE

D. NET VIEW

Which of the following is a protocol specifically designed for transporting event messages?

A. SYSLOG

B. SMS

C. SNMP

D. ICMP

Which of the following tools is used to analyze the files produced by several packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek?

A. tcptrace

B. tcptraceroute

C. Nessus

D. OpenVAS

What mechanism in Windows prevents a user from accidentally executing a potentially malicious batch (.bat) or PowerShell (.ps1) script?

A. User Access Control (UAC)

B. Data Execution Prevention (DEP)

C. Address Space Layout Randomization (ASLR)

D. Windows firewall

Which system consists of a publicly available set of databases that contain domain name registration contact information?

A. WHOIS

B. IANA

C. CAPTCHA

D. IETF

What statement is true regarding LM hashes?

A. LM hashes consist in 48 hexadecimal characters.

B. LM hashes are based on AES128 cryptographic standard.

C. Uppercase characters in the password are converted to lowercase.

D. LM hashes are not generated when the password length exceeds 15 characters.

An attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file?

A. Timing attack

B. Replay attack

C. Memory trade-off attack

D. Chosen plain-text attack