Questions for the 312-50V9 were updated on : Dec 01 ,2025
Initiating an attack against targeted businesses and organizations, threat actors compromise a
carefully selected website by inserting an exploit resulting in malware infection. The attackers run
exploits on well-known and trusted sites likely to be visited by their targeted victims. Aside from
carefully choosing sites to compromise, these attacks are known to incorporate zero-day exploits that
target unpatched vulnerabilities. Thus, the targeted entities are left with little or no defense against
these exploits.
What type of attack is outlined in the scenario?
A
You have several plain-text firewall logs that you must review to evaluate network traffic. You know
that in order to do this fast and efficiently you must user regular expressions.
Which command-line utility are you most likely to use?
C
A new wireless client is configured to join a 802.11 network. This client uses the same hardware and
software as many of the other clients on the network. The client can see the network, but cannot
connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to
the association requests being sent by the wireless client.
What is a possible source of this problem?
C
During a recent security assessment, you discover the organization has one Domain Name Server
(DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal Network.
What is this type of DNS configuration commonly called?
C
You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has
snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn
scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort.
You decide to run wireshark in the snort machine to check if the messages are going to the kiwi
syslog machine.
What wireshark filter will show the connections from the snort machine to kiwi syslog machine?
A
Nation-state threat actors often discover vulnerabilities and hold on to them until they want to
launch a sophisticated attack. The Stuxnet attack was an unprecedented style of attack because it
used four types of this vulnerability.
What is this style of attack called?
C
The “Gray box testing” methodology enforces what kind of restriction?
D
What term describes the amount of risk that remains after the vulnerabilities are classified and the
countermeasures have been deployed?
B
Which of the following incident handling process phases is responsible for defining rules, creating a
back-up plan, and testing the plans for an enterprise?
A
You are attempting to man-in-the-middle a session. Which protocol will allow you to guess a
sequence number?
B
Which of the following is a command line packet analyzer similar to GUI-based Wireshark?
C
You are performing a penetration test. You achieved access via a buffer overflow exploit and you
proceed to find interesting data, such as files with usernames and passwords. You find a hidden
folder that has the administrator’s bank account password and login information for the
administrator’s bitcoin account.
What should you do?
B
An attacker gains access to a Web server’s database and display the contents of the table that holds
all of the names, passwords, and other user information. The attacker did this by entering
information into the Web site's user login page that the software's designers did not expect to be
entered. This is an example of what kind of software design problem?
D
You have successfully gained access to a linux server and would like to ensure that the succeeding
outgoing traffic from the server will not be caught by a Network Based Intrusion Detection System
(NIDS).
Which is the best way to evade the NIDS?
B
Ricardo wants to send secret messages to a competitor company. To secure these messages, he uses
a technique of hiding a secret message within an ordinary message, the technique provides 'security
through obscurity'. What technique is Ricardo using?
B