312-50v13 Practice Questions

During which step of the incident response process would you be tasked with building the team, identifying roles, and testing the communication system?

Maya Patel from SecureHorizon Consulting is called to investigate a security breach at Dallas General Hospital in Dallas, Texas, where a lost employee smartphone was used to access sensitive patient records. During her analysis, Maya finds that the hospital ' s mobile security policy failed to include a contingency to remotely secure compromised devices, allowing continued access to confidential data even after the device was lost. Based on this gap, which mobile security guideline should Maya recommend preventing similar incidents?

Which advanced mobile attack is hardest to detect and mitigate?

A penetration tester finds malware that spreads across a network without user interaction, replicating itself from one machine to another. What type of malware is this?

An e-commerce platform hosted on a public cloud infrastructure begins to experience significant latency and timeouts. Logs show thousands of HTTP connections sending headers extremely slowly and never completing the full request. What DoS technique is most likely responsible?

A large media-streaming company receives complaints that its web application is timing out or failing to load. Security analysts observe the web server is overwhelmed with a large number of open HTTP connections, transmitting data extremely slowly. These connections remain open indefinitely, exhausting server resources without consuming excessive bandwidth. The team suspects an application-layer DoS attack. Which attack is most likely responsible?

Amid the vibrant buzz of Miami’s digital scene, ethical hacker Sofia Alvarez embarks on a mission to fortify the web server of Sunshine Media’s streaming platform. Diving into her security assessment, Sofia sends a meticulously crafted GET / HTTP/1.0 request to the server, scrutinizing its response. The server obligingly returns headers exposing its software version and operating system, a revelation that could empower malicious actors to tailor their attacks. Committed to bolstering the platform’s defenses, Sofia documents her findings to urge the security team to address this exposure.

What approach is Sofia using to expose the vulnerability in Sunshine Media’s web server?

An attacker exploits a misconfigured S3 bucket containing application backups with database credentials. What cloud security failure category does this fall under?

A system administrator observes that several machines in the network are repeatedly sending out traffic to unknown IP addresses. Upon inspection, these machines were part of a coordinated spam campaign. What is the most probable cause?

During a penetration test at Greenview Credit Union in Chicago, Illinois, ethical hacker Rebecca Hayes simulates an attacker who contacts employees using a voice channel. The number displayed on their devices appears identical to the institution’s official line, convincing staff that the request is legitimate. Rebecca then asks for account credentials under the pretense of a mandatory security check. Which mobile attack vector is she demonstrating?

In the hushed offices of Pinecrest Solutions in Denver, network security analyst Lisa Nguyen began a covert review of a recent spike in network access issues reported by the sales team. The trouble surfaced during a low-traffic period when agents couldn ' t reach their CRM system, prompting Lisa to examine the subnet logs. She spotted irregular IP assignment attempts linked to an unfamiliar device. Acting quickly, Lisa entered a series of commands on the Cisco switches and later confirmed that connectivity issues had ceased without any new devices appearing in the logs.

Which command did Lisa most likely use to address the issue?

While assessing a web server, a tester sends malformed HTTP requests and compares responses to identify the server type and version. What technique is being employed?

Attackers persisted by modifying legitimate system utilities and services. What key step helps prevent similar threats?

In Pittsburgh, Pennsylvania, a major steel manufacturer operates a production plant with numerous automated loops that regulate temperature, pressure, and conveyor speed. During an audit, ethical hacker Marcus Reed observes that these loops are coordinated by a centralized supervisory network that links multiple controllers across the facility. Based on this design, which OT system concept is being applied?

During a controlled red team engagement at a financial institution in New Jersey, ethical hacker Ryan tests the bank ' s resilience against stealth-based malware. He plants a custom malicious program on an employee workstation. After execution, he observes that the infected files continue to function normally, but his malware conceals its modifications by intercepting operating system calls. Antivirus scans repeatedly return “no threats detected,” even though the malicious code remains active and hidden on the system.

Which type of virus did Ryan most likely deploy in this assessment?