312-50v13 exam

Which is the first step followed by Vulnerability Scanners for scanning a network?A . OS DetectionB . Firewall detectionC . TCP/UDP Port scanningD . Checking if the remote host is aliveView AnswerAnswer: D Explanation: Vulnerability scanning solutions perform vulnerability penetration tests on the organizational network in three steps:

A large mobile telephony and data network operator has a data center that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems. What is the best security policy concerning this setup?A . Network elements must...

In the field of cryptanalysis, what is meant by a “rubber-hose” attack?A . Forcing the targeted keystream through a hardware-accelerated device such as an ASIC.B . A backdoor placed into a cryptographic algorithm by its creator.C . Extraction of cryptographic secrets through coercion or torture.D . Attempting to decrypt ciphertext...

A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?A . Perform a vulnerability scan of the system.B . Determine the impact of enabling...

Although FTP traffic is not encrypted by default, which layer 3 protocol would allow for end-to-end encryption of the connection?A . SFTPB . IpsecC . SSLD . FTPSView AnswerAnswer: B Explanation: https://en.wikipedia.org/wiki/IPsec Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data...

The “Gray-box testing” methodology enforces what kind of restriction?A . Only the external operation of a system is accessible to the tester.B . The internal operation of a system in only partly accessible to the tester.C . Only the internal operation of a system is known to the tester.D ....

Which system consists of a publicly available set of databases that contain domain name registration contact information?A . WHOISB . CAPTCHAC . IANAD . IETFView AnswerAnswer: A

Which of the following is not a Bluetooth attack?A . BluedrivingB . BluesmackingC . BluejackingD . BluesnarfingView AnswerAnswer: A Explanation: https://github.com/verovaleros/bluedriving Bluedriving is a bluetooth wardriving utility. It can capture bluetooth devices, lookup their services, get GPS information and present everything in a nice web page. It can search for...

User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the...

What is the known plaintext attack used against DES which gives the result that encrypting plaintext with one DES key followed by encrypting it with a second DES key is no more secure than using a single key?A . Man-in-the-middle attackB . Meet-in-the-middle attackC . Replay attackD . Traffic analysis...