[Free] Download New Updated (February 2016) ECCouncil 312-50 Practice Tests 391-400



One advantage of an application-level firewall is the ability to


A.     filter packets at the network level

B.     filter specific commands, such as http:post

C.     retain state information for each packet

D.     monitor tcp handshaking


Correct Answer: B




Which type of security document is written with specific step-by-step details?


A.     Process

B.     Procedure

C.     Policy

D.     Paradigm


Correct Answer: B




A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take?


A.     Threaten to publish the penetration test results if not paid.

B.     Follow proper legal procedures against the company to request payment.

C.     Tell other customers of the financial problems with payments from this company.

D.     Exploit some of the vulnerabilities found on the company webserver to deface it.


Correct Answer: B




If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP?


A.     Hping

B.     Traceroute

C.     TCP ping

D.     Broadcast ping


Correct Answer: A




How can rainbow tables be defeated?


A.     Password salting.

B.     Use of non-dictionary words.

All uppercase character passwords.

D.     Lockout accounts under brute force password cracking attempts.


Correct Answer: A




Which of the following is an advantage of utilizing security testing methodologies to conduct a security audit?


A.     They provide a repeatable framework.

B.     Anyone can run the command line scripts.

C.     They are available at low cost.

D.     They are subject to government regulation.


Correct Answer: A




A developer for a company is tasked with creating a program that will allow customers to update their billing and sh
ipping information. The billing address field used is limited to 50 characters. What pseudo code would the developer use to avoid a buffer overflow attack on the billing address field?


A.     if (billingAddress = 50) {update field} else exit

B.     if (billingAddress != 50) {update field} else exit

C.     if (billingAddress >= 50) {update field} else exit

D.     if (billingAddress <= 50) {update field} else exit


Correct Answer: D






If the final set of security controls does not eliminate all risk in a system, what could be done next?


A.     Continue to apply controls until there is zero risk.

B.     Ignore any remaining risk.

C.     If the residual risk is low enough, it can be accepted.

D.     Remove current controls since they are not completely effective.


Correct Answer: C




In keeping with the best practices of layered security, where are the best places to place intrusion detection/intrusion prevention systems? (Choose two.)


A.     HID/HIP (Host-based Intrusion Detection/Host-based Intrusion Prevention)

B.     NID/NIP (Node-based Intrusion Detection/Node-based Intrusion Prevention)

C.     NID/NIP (Network-based Intrusion Detection/Network-based Intrusion Prevention)

D.     CID/CIP (Computer-based Intrusion Detection/Computer-based Intrusion Prevention)


Correct Answer: AC




What is one thing a tester can do to ensure that the software is trusted and is not changing or tampering with critical data on the back end of a system it is loaded on?


A.     Proper testing

B.     Secure coding principles

C.     Systems security and architecture review

D.     Analysis of interrupts within the software


Correct Answer: D


Free VCE & PDF File for ECCouncil 312-50 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in 312-50 Practice Tests (February 2016) and tagged , , , , . Bookmark the permalink.