312-50v9 Dumps 312-50v9 Exam Questions 312-50v9 New Questions 312-50v9 PDF 312-50v9 VCE EC-Council

[2017 Newest] Try Lead2pass Latest EC-Council 312-50v9 Dumps To Pass The Exam Successfully (161-180)

Lead2pass 2017 September New EC-Council 312-50v9 Exam Dumps!

100% Free Download! 100% Pass Guaranteed!

Our PDF dumps of 312-50v9 exam is designed to ensure everything which you need to pass your exam successfully. At Lead2pass, we have a completely customer oriented policy. We invite the professionals who have rich experience and expert knowledge of the IT certification industry to guarantee the PDF details precisely and logically. Our customers’ time is a precious concern for us. This requires us to provide you the products that can be utilized most efficiently.

Following questions and answers are all new published by EC-Council Official Exam Center: https://www.lead2pass.com/312-50v9.html

QUESTION 161
Which security strategy requires using several, varying methods to protect IT systems against attacks?

A.    Defense in depth
B.    Three-way handshake
C.    Covert channels
D.    Exponential backoff algorithm

Answer: A

QUESTION 162
SOAP services use which technology to format information?

A.    SATA
B.    PCI
C.    XML
D.    ISDN

Answer: C

QUESTION 163
Which of the following can take an arbitrary length of input and produce a message digest output of 160 bit?

A.    SHA-1
B.    MD5
C.    HAVAL
D.    MD4

Answer: A

QUESTION 164
Which element of Public Key Infrastructure (PKI) verifies the applicant?

A.    Certificate authority
B.    Validation authority
C.    Registration authority
D.    Verification authority

Answer: C

QUESTION 165
Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?

A.    Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security
B.    Maintenance of the nation’s Internet infrastructure, builds out new Internet infrastructure, and decommissions old Internet infrastructure
C.    Registration of critical penetration testing for the Department of Homeland Security and public and private sectors
D.    Measurement of key vulnerability assessments on behalf of the Department of Defense (DOD) and State Department, as well as private sectors

Answer: A

QUESTION 166
How do employers protect assets with security policies pertaining to employee surveillance activities?

A.    Employers promote monitoring activities of employees as long as the employees demonstrate trustworthiness.
B.    Employers use informal verbal communication channels to explain employee monitoring activities to employees.
C.    Employers use network surveillance to monitor employee email traffic, network access, and to record employee keystrokes.
D.    Employers provide employees written statements that clearly discuss the boundaries of monitoring activities and consequences.

Answer: D

QUESTION 167
Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion?

A.    Regulatory compliance
B.    Peer review
C.    Change management
D.    Penetration testing

Answer: C

QUESTION 168
Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?

A.    Truecrypt
B.    Sub7
C.    Nessus
D.    Clamwin

Answer: C

QUESTION 169
When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?

A.    At least once a year and after any significant upgrade or modification
B.    At least once every three years or after any significant upgrade or modification
C.    At least twice a year or after any significant upgrade or modification
D.    At least once every two years and after any significant upgrade or modification

Answer: A

QUESTION 170
Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy of financial reports?

A.    Sarbanes-Oxley Act (SOX)
B.    Gramm-Leach-Bliley Act (GLBA)
C.    Fair and Accurate Credit Transactions Act (FACTA)
D.    Federal Information Security Management Act (FISMA)

Answer: A

QUESTION 171
How can a policy help improve an employee’s security awareness?

A.    By implementing written security procedures, enabling employee security training, and promoting the benefits of security
B.    By using informal networks of communication, establishing secret passing procedures, and immediately terminating employees
C.    By sharing security secrets with employees, enabling employees to share secrets, and establishing a consultative help line
D.    By decreasing an employee’s vacation time, addressing ad-hoc employment clauses, and ensuring that managers know employee strengths

Answer: A

QUESTION 172
Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design, and implementation?

A.    Penetration testing
B.    Social engineering
C.    Vulnerability scanning
D.    Access control list reviews

Answer: A

QUESTION 173
Which of the following guidelines or standards is associated with the credit card industry?

A.    Control Objectives for Information and Related Technology (COBIT)
B.    Sarbanes-Oxley Act (SOX)
C.    Health Insurance Portability and Accountability Act (HIPAA)
D.    Payment Card Industry Data Security Standards (PCI DSS)

Answer: D

QUESTION 174
International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining

A.    guidelines and practices for security controls.
B.    financial soundness and business viability metrics.
C.    standard best practice for configuration management.
D.    contract agreement writing standards.

Answer: A

QUESTION 175
Which type of security document is written with specific step-by-step details?

A.    Process
B.    Procedure
C.    Policy
D.    Paradigm

Answer: B

QUESTION 176
An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker’s next step be before starting work on this job?

A.    Start by foot printing the network and mapping out a plan of attack.
B.    Ask the employer for authorization to perform the work outside the company.
C.    Begin the reconnaissance phase with passive information gathering and then move into active information gathering.
D.    Use social engineering techniques on the friend’s employees to help identify areas that may be susceptible to attack.

Answer: B

QUESTION 177
A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take?

A.    Threaten to publish the penetration test results if not paid.
B.    Follow proper legal procedures against the company to request payment.
C.    Tell other customers of the financial problems with payments from this company.
D.    Exploit some of the vulnerabilities found on the company webserver to deface it.

Answer: B

QUESTION 178
Which initial procedure should an ethical hacker perform after being brought into an organization?

A.    Begin security testing.
B.    Turn over deliverables.
C.    Sign a formal contract with non-disclosure.
D.    Assess what the organization is trying to protect.

Answer: C

QUESTION 179
A consultant has been hired by the V.P. of a large financial organization to assess the company’s security posture. During the security testing, the consultant comes across child pornography on the V.P.’s computer. What is the consultant’s obligation to the financial organization?

A.    Say nothing and continue with the security testing.
B.    Stop work immediately and contact the authorities.
C.    Delete the pornography, say nothing, and continue security testing.
D.    Bring the discovery to the financial organization’s human resource department.

Answer: B

QUESTION 180
A computer technician is using a new version of a word processing software package when it is discovered that a special sequence of characters causes the entire computer to crash. The technician researches the bug and discovers that no one else experienced the problem. What is the appropriate next step?

A.    Ignore the problem completely and let someone else deal with it.
B.    Create a document that will crash the computer when opened and send it to friends.
C.    Find an underground bulletin board and attempt to sell the bug to the highest bidder.
D.    Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.

Answer: D

More free Lead2pass 312-50v9 exam new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDTVZJRHRvblhycms

If you want to get more 312-50v9 exam preparation material, you can download the free 312-50v9 braindumps in PDF files on Lead2pass. It would be great helpful for your exam. All the 312-50v9 dumps are updated and cover every aspect of the examination. Welcome to choose.

2017 EC-Council 312-50v9 (All 589 Q&As) exam dumps (PDF&VCE) from Lead2pass:

https://www.lead2pass.com/312-50v9.html [100% Exam Pass Guaranteed]