A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems.
What kind of test is being performed?
A. white box
B. grey box
C. red box
D. black box
How can a policy help improve an employee's security awareness?
A. By implementing written security procedures,enabling employee security training,and promoting the benefits of security
B. By using informal networks of communication,establishing secret passing procedures,and immediately terminating employees
C. By sharing security secrets with employees,enabling employees to share secrets,and establishing a consultative help line
D. By decreasing an employee's vacation time,addressing ad-hoc employment clauses,and ensuring that managers know employee strengths
Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP?
A. Metasploit scripting engine
B. Nessus scripting engine
C. NMAP scripting engine
D. SAINT scripting engine
Information gathered from social networking websites such as Facebook, Twitter and LinkedIn can be used to launch which of the following types of attacks? (Choose two.)
A. Smurf attack
B. Social engineering attack
C. SQL injection attack
D. Phishing attack
E. Fraggle attack
F. Distributed denial of service attack
Which of the following examples best represents a logical or technical control?
A. Security tokens
B. Heating and air conditioning
C. Smoke and fire alarms
D. Corporate security policy
Pentest results indicate that voice over IP traffic is traversing a network.
Which of the following tools will decode a packet capture and extract the voice conversations?
A. Cain
B. John the Ripper
C. Nikto
D. Hping
What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256 bit key to share sensitive data?
A. Due to the key size,the time it will take to encrypt and decrypt the message hinders efficient communication.
B. To get messaging programs to function with this algorithm requires complex configurations.
C. It has been proven to be a weak cipher; therefore,should not be trusted to protect sensitive data.
D. It is a symmetric key algorithm,meaning each recipient must receive the key through a different channel than the message.
An attacker uses a communication channel within an operating system that is neither designed nor intended to transfer information. What is the name of the communications channel?
A. Classified
B. Overt
C. Encrypted
D. Covert
Which of the following is used to indicate a single-line comment in structured query language (SQL)?
A. -
B. ||
C. %%
D. ''
An NMAP scan of a server shows port 25 is open. What risk could this pose?
A. Open printer sharing
B. Web portal data leak
C. Clear text authentication
D. Active mail relay
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-50V8 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.