This page was exported from Lead2pass New Updated Exam Questions [ https://www.getfreevce.com ] Export date:Sun Dec 22 12:42:54 2024 / +0000 GMT ___________________________________________________ Title: [Lead2pass New] Free Lead2pass EC-Council 312-50v9 PDF Dumps With New Update Exam Questions (381-400) --------------------------------------------------- Lead2pass 2017 November New EC-Council 312-50v9 Exam Dumps! 100% Free Download! 100% Pass Guaranteed! Lead2pass is one of the leading exam preparation material providers. Its updated 312-50v9 braindumps in PDF can ensure most candidates pass the exam without too much effort. If you are struggling for the 312-50v9 exam, it will be a wise choice that get help from Lead2pass. Following questions and answers are all new published by EC-Council Official Exam Center: https://www.lead2pass.com/312-50v9.html QUESTION 381Which of the following is the BEST approach to prevent Cross-site Scripting (XSS) flaws? A.    Use digital certificates to authenticate a server prior to sending data.B.    Verify access right before allowing access to protected information and UI controls.C.    Verify access right before allowing access to protected information and UI controls.D.    Validate and escape all information sent to a server.Answer: D QUESTION 382A possibly malicious sequence of packets that were sent to a web server has been captured by an Intrusion Detection System (IDS) and was saved to a PCAP file. As a network administrator, you need to determine whether this packets are indeed malicious. What tool are you going to use? A.    Intrusion Prevention System (IPS)B.    Vulnerability scannerC.    Protocol analyzerD.    Network sniffer Answer: C QUESTION 383Which of the following is the BEST way to protect Personally Identifiable Information (PII) from being exploited due to vulnerabilities of varying web applications? A.    Use cryptographic storage to store all PIIB.    Use full disk encryption on all hard drives to protect PIIC.    Use encrypted communications protocols to transmit PIID.    Use a security token to log into all Web applications that use PII Answer: C QUESTION 384A new wireless client that is 802.11 compliant cannot connect to a wireless network given that the client can see the network and it has compatible hardware and software installed. Upon further tests and investigation it was found out that the Wireless Access Point (WAP) was not responding to the association requests being sent by the wireless client. What MOST likely is the issue on this scenario? A.    The client cannot see the SSID of the wireless networkB.    The WAP does not recognize the client's MAC address.C.    The wireless client is not configured to use DHCP.D.    Client is configured for the wrong channel Answer: B QUESTION 385This configuration allows NIC to pass all traffic it receives to the Central Processing Unit (CPU), instead of passing only the frames that the controller is intended to receive. Select the option that BEST describes the above statement. A.    Multi-cast modeB.    WEMC.    Promiscuous modeD.    Port forwarding Answer: C QUESTION 386Which of the following is designed to verify and authenticate individuals taking part in a data exchange within an enterprise? A.    SOAB.    Single-Sign OnC.    PKID.    Biometrics Answer: C QUESTION 387A software tester is randomly generating invalid inputs in an attempt to crash the program. Which of the following is a software testing technique used to determine if a software program properly handles a wide range of invalid input? A.    MutatingB.    RandomizingC.    FuzzingD.    Bounding Answer: C QUESTION 388What would you type on the Windows command line in order to launch the Computer Management Console provided that you are logged in as an admin? A.    c:compmgmt.mscB.    c:gpeditC.    c:ncpa.cplD.    c:services.msc Answer: A QUESTION 389Which of the following is a wireless network detector that is commonly found on Linux? A.    KismetB.    AbelC.    NetstumblerD.    Nessus Answer: A QUESTION 390Which specific element of security testing is being assured by using hash? A.    AuthenticationB.    IntegrityC.    ConfidentialityD.    Availability Answer: B QUESTION 391Which of the following is a restriction being enforced in "white box testing?" A.    Only the internal operation of a system is known to the testerB.    The internal operation of a system is completely known to the testerC.    The internal operation of a system is only partly accessible to the testerD.    Only the external operation of a system is accessible to the tester Answer: B QUESTION 392Which of the following is a vulnerability in GNU's bash shell (discovered in September of 2014) that gives attackers access to run remote commands on a vulnerable system? A.    ShellshockB.    RootshellC.    RootshockD.    Shellbash Answer: A QUESTION 393When security and confidentiality of data within the same LAN is of utmost priority, which IPSec mode should you implement? A.    AH Tunnel modeB.    AH promiscuousC.    ESP transport modeD.    ESP confidential Answer: C QUESTION 394Jack was attempting to fingerprint all machines in the network using the following Nmap syntax:invictus@victim_server:~$ nmap -T4 -0 10.10.0.0/24TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING! Obviously, it is not going through. What is the issue here? A.    OS Scan requires root privilegesB.    The nmap syntax is wrong.C.    The outgoing TCP/IP fingerprinting is blocked by the host firewallD.    This is a common behavior for a corrupted nmap application Answer: A QUESTION 395While performing online banking using a Web browser, Kyle receives an email that contains an image of a well-crafted art. Upon clicking the image, a new tab on the web browser opens and shows an animated GIF of bills and coins being swallowed by a crocodile. After several days, Kyle noticed that all his funds on the bank was gone. What Web browser-based security vulnerability got exploited by the hacker? A.    ClickjackingB.    Web Form Input ValidationC.    Cross-Site Request ForgeryD.    Cross-Site Scripting Answer: C QUESTION 396A hacker was able to easily gain access to a website. He was able to log in via the frontend user login form of the website using default or commonly used credentials. This exploitation is an example of what Software design flaw? A.    Insufficient security managementB.    Insufficient database hardeningC.    Insufficient input validationD.    Insufficient exception handling Answer: B QUESTION 397Supposed you are the Chief Network Engineer of a certain Telco. Your company is planning for a big business expansion and it requires that your network authenticate users connecting using analog modems, Digital Subscriber Lines (DSL), wireless data services, and Virtual Private Networks (VPN) over a Frame Relay network. Which AAA protocol would you implement? A.    TACACS+B.    DIAMETERC.    KerberosD.    RADIUS Answer: D QUESTION 398Which type of cryptography does SSL, IKE and PGP belongs to? A.    Secret KeyB.    Hash AlgorithmC.    DigestD.    Public Key Answer: D QUESTION 399A recent security audit revealed that there were indeed several occasions that the company's network was breached. After investigating, you discover that your IDS is not configured properly and therefore is unable to trigger alarms when needed. What type of alert is the IDS giving? A.    True PositiveB.    False NegativeC.    False PositiveD.    False Positive Answer: B QUESTION 400Which of the following is a hardware requirement that either an IDS/IPS system or a proxy server must have in order to properly function? A.    Fast processor to help with network traffic analysisB.    They must be dual-homedC.    Similar RAM requirementsD.    Fast network interface cards Answer: BExplanation:Dual-homed or dual-homing can refer to either an Ethernet device that has more than one network interface, for redundancy purposes, or in firewall technology, dual-homed is one of the firewall architectures, such as an IDS/IPS system, for implementing preventive security.https://en.wikipedia.org/wiki/Dual-homed More free Lead2pass 312-50v9 exam new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDTVZJRHRvblhycms There is no doubt that Lead2pass is the top IT certificate exam material provider. All the braindumps are the latest and tested by senior EC-Council lecturers and experts. Get the 312-50v9 exam braindumps in Lead2pass, and there would be no suspense to pass the exam. 2017 EC-Council 312-50v9 (All 589 Q&As) exam dumps (PDF&VCE) from Lead2pass: https://www.lead2pass.com/312-50v9.html [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-11-15 08:02:46 Post date GMT: 2017-11-15 08:02:46 Post modified date: 2017-11-15 08:02:46 Post modified date GMT: 2017-11-15 08:02:46 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com