Wednesday, 8 November 2017

EcCouncil 312-50v8 Question Answer

A network security administrator is worried about potential man-in-the-middle attacks when users access a corporate web site from their workstations. Which of the following is the best remediation against this type of attack?

A. Implementing server-side PKI certificates for all connections
B. Mandating only client-side PKI certificates for all connections
C. Requiring client and server PKI certificates for all connections
D. Requiring strong authentication for all DNS queries

Answer: C


Which command line switch would be used in NMAP to perform operating system detection?

A. -OS
B. -sO
C. -sP
D. -O

Answer: D

Wednesday, 13 September 2017

EcCouncil 312-50v8 Question Answer

A penetration tester is attempting to scan an internal corporate network from the internet without alerting the border sensor. Which is the most efficient technique should the tester consider using?

A. Spoofing an IP address
B. Tunneling scan over SSH
C. Tunneling over high port numbers
D. Scanning using fragmented IP packets

Answer: B


A circuit level gateway works at which of the following layers of the OSI Model?

 
A. Layer 5 - Application
B. Layer 4 TCP
C. Layer 3 Internet protocol
D. Layer 2 Data link

Answer: B

Sunday, 7 May 2017

Red Education Signs Security Training Deal With Symantec, EC-Council



IT education firm Red Education has signed agreements with Symantec and EC-Council with a third vendor expected to be announced this week.
Alliances are part of Red Education's journey to become an Authorized Training Partner with companies throughout the APAC region.
The partnership with Symantec will give access to Red Education to the entire Symantec course portfolio for its suite of enterprise solutions.
"Cyber security is a top priority for all businesses, government agencies and cloud providers, and the Asia-Pacific region is experiencing staggeringly high levels of attacks in all regions," said Rob Howard, managing director of Red Education.
Howard says the company will offer Symantec's full training, which complements current training schemes with the likes of Blue Coat.
Commenting on the partnership, Symantec Education Services senior director Sarah Grace said that Red Education was chosen for its expertise in cyber security training.
The company has also partnered with EC-Council, the International Council of Electronic Commerce Consultants.
Red Education will offer a range of EC-Council classes in a public schedule, as well as closed classes for clients.
"We see tremendous synergy in this partnership as Red Education has a wealth of experience in providing basic cybersecurity technology training to Asia Pacific cyber security communities," said Sean Lim, EC-Council's chief operating officer.
A partnership with a third company is expected to be announced this week.
"Red Education is ready to empower the human element to manage these systems to minimize the ever-present risks," Howard concludes.

Thursday, 1 September 2016

Pass4sure 312-50v8 Question Answer

A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed? 

A. white box
B. grey box
C. red box
D. black box

Answer: D


Which of the following is a detective control? 

A. Smart card authentication
B. Security policy
C. Audit trail
D. Continuity of operations plan

Answer: C

Wednesday, 13 July 2016

Stay On The Good Side With This Ethical Hacker Bonus Bundle [DEALS]


 

Although originally referring to a more innocent though mostly defiant pursuits, "hacking" has taken a negative character, especially in mainstream media. Now associated more with unauthorized intrusions into servers, websites, and computers, hacking is mostly regarded as an activity that only criminals and miscreants take part of. Hacking, however, can also be used for good, to highlight weaknesses and holes in security system. This is what is commonly called as ethical, or "white hat", hacking, and this Ethical Hacker Bonus Bundle will teach you how exactly to become one.


There has been a frightening rise in the number of incidents surrounding compromised services, defaced websites, and stolen personal data. Hackers are, naturally, blamed for such criminal activities. But in order to harden a computer network or system, one has to know the weakest links and unintended backdoors. And who better to know that than hackers themselves.

Enter the ethical hacker, a rare breed of the computer elite who do enjoy breaking down virtual doors or snooping around digital fences but who also believe in preserving privacy and security for the common good. It also happens to be a fast-growing lucrative source of income, especially considering recent events. Now you can start your journey into becoming one of those white hat hackers with this course. Learn about they types of security layers and how to peel them like onions, or how to lure unsuspecting users into a malware-laden trap.

Hopefully, of course, this knowledge will be used in order to improve the state of security over the Internet as well as on mobile devices. Collecting 9 courses containing dozens of hours of video content and hundreds of lectures, the Ethical Hacker Bonus Bundle is yours for a lifetime for only $49.

Thursday, 9 June 2016

Pass4sure 312-50v8 Question Answer

Which of the following lists are valid data-gathering activities associated with a risk assessment? 

A. Threat identification, vulnerability identification, control analysis
B. Threat identification, response identification, mitigation identification
C. Attack profile, defense profile, loss profile
D. System profile, vulnerability identification, security determination

Answer: A

Tuesday, 10 May 2016

Pass4sure 312-50v8 Question Answer

What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response? 

A. Passive
B. Reflective
C. Active
D. Distributive

Answer: C