It isan entity or event with the potential to adversely impact a system through unauthorized access destruction disclosures denial of service or modification of data.
Which of the following terms best matches this definition?
A. Threat
B. Attack
C. Risk
D. Vulnerability
You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly.
What is the best nmap command you will use?
A. Nmap –T4 –F 10.10.0.0/24
B. Nmap –T4 –q 10.10.0.0/24
C. Nmap –T4 –O 10.10.0.0/24
D. Nmap –T4 –r 10.10.0.0/24
Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP XMAS scan is used to identify listening port on the targeted system.
If a scanned port is open, what happens?
A. The port will ignore the packets.
B. The port will send an RST.
C. The port will send an ACK.
D. The port will send a SYN.
Which of the following statements is TRUE?
A. Sniffers operation on Layer 3 of the OSI model
B. Sniffers operation on Layer 2 of the OSI model
C. Sniffers operation on the Layer 1 of the OSI model
D. Sniffers operation on both Layer 2 and Layer 3 of the OSImodel
The "Gray box testing" methodology enforces what kind of restriction?
A. Only the external operation of a system is accessible to the tester.
B. Only the internal operation of a system is known to the tester.
C. The internal operation of a system is completely known to the tester.
D. The internal operation of a system is only partly accessible to the tester.
While using your bank's online servicing you notice the following stringin the URL bar: "http://www.MyPersonalBank/Account?
Id=368940911028389andDamount=10980andCamount=21"
You observe that if you modify the Damount and Camount values and submit the request, that data on the
web page reflect the changes.
What type of vulnerability is present on this site?
A. SQL injection
B. XSS Reflection
C. Web Parameter Tampering
D. Cookie Tampering
You have successfully compromised a machine on the network and found a server that is alive on the same network. You tried to ping but you didn't get any response back.
What is happening?
A. TCP/IP doesn't support ICMP.
B. ICMP could be disabled on the target server.
C. The ARP is disabled on the target server.
D. You need to run the ping command with root privileges.
A medium-sized healthcare IT business decides to implement a risk management strategy. Which of the following is NOT one of the five basic responses to risk?
A. Mitigate
B. Avoid
C. Accept
D. Delegate
Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications?
A. Verity access right before allowing access to protected information and UI controls
B. Use security policies and procedures to define and implement proper security settings
C. Validate and escape all information sent over to a server
D. Use digital certificates to authenticate a server prior to sending data
The Open Web Application Security Project (OWASP) isthe worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASP's Top Ten Project most Critical Web application Security Rules?
A. Injection
B. Cross site Scripting
C. Cross site Request Forgery
D. Path Disclosure
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-50V8 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.