Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Discussions
  1. Home
  2. ECCouncil
  3. Certified Ethical Hacker
  4. 312-50
  5. Certified Ethical Hacker Exam Questions and Answers

Pass the ECCouncil Certified Ethical Hacker 312-50 Questions and answers with ValidTests

Exam 312-50 All Questions
Exam 312-50 Premium Access

View all detail and faqs for the 312-50 exam

Go to Exam
Viewing page 8 out of 13 pages
Viewing questions 71-80 out of questions
Questions # 71:

The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASP's Top Ten Project Most Critical Web Application Security Risks?

Options:

A.

Injection

B.

Cross Site Scripting

C.

Cross Site Request Forgery

D.

Path disclosure

Expert Solution
Questions # 72:

One of the Forbes 500 companies has been subjected to a large scale attack. You are one of the shortlisted pen testers that they may hire. During the interview with the CIO, he emphasized that he wants to totally eliminate all risks. What is one of the first things you should do when hired?

Options:

A.

Interview all employees in the company to rule out possible insider threats.

B.

Establish attribution to suspected attackers.

C.

Explain to the CIO that you cannot eliminate all risk, but you will be able to reduce risk to acceptable levels.

D.

Start the Wireshark application to start sniffing network traffic.

Expert Solution
Questions # 73:

Which type of security document is written with specific step-by-step details?

Options:

A.

Process

B.

Procedure

C.

Policy

D.

Paradigm

Expert Solution
Questions # 74:

When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?

Options:

A.

At least once a year and after any significant upgrade or modification

B.

At least once every three years or after any significant upgrade or modification

C.

At least twice a year or after any significant upgrade or modification

D.

At least once every two years and after any significant upgrade or modification

Expert Solution
Questions # 75:

Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion?

Options:

A.

Regulatory compliance

B.

Peer review

C.

Change management

D.

Penetration testing

Expert Solution
Questions # 76:

Which of the following guidelines or standards is associated with the credit card industry?

Options:

A.

Control Objectives for Information and Related Technology (COBIT)

B.

Sarbanes-Oxley Act (SOX)

C.

Health Insurance Portability and Accountability Act (HIPAA)

D.

Payment Card Industry Data Security Standards (PCI DSS)

Expert Solution
Questions # 77:

How can a policy help improve an employee's security awareness?

Options:

A.

By implementing written security procedures, enabling employee security training, and promoting the benefits of security

B.

By using informal networks of communication, establishing secret passing procedures, and immediately terminating employees

C.

By sharing security secrets with employees, enabling employees to share secrets, and establishing a consultative help line

D.

By decreasing an employee's vacation time, addressing ad-hoc employment clauses, and ensuring that managers know employee strengths

Expert Solution
Questions # 78:

How do employers protect assets with security policies pertaining to employee surveillance activities?

Options:

A.

Employers promote monitoring activities of employees as long as the employees demonstrate trustworthiness.

B.

Employers use informal verbal communication channels to explain employee monitoring activities to employees.

C.

Employers use network surveillance to monitor employee email traffic, network access, and to record employee keystrokes.

D.

Employers provide employees written statements that clearly discuss the boundaries of monitoring activities and consequences.

Expert Solution
Questions # 79:

Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?

Options:

A.

Truecrypt

B.

Sub7

C.

Nessus

D.

Clamwin

Expert Solution
Questions # 80:

Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design, and implementation?

Options:

A.

Penetration testing

B.

Social engineering

C.

Vulnerability scanning

D.

Access control list reviews

Expert Solution
Viewing page 8 out of 13 pages
Viewing questions 71-80 out of questions