312-50v13 Practice Questions

Which type of security feature stops vehicles from crashing through the doors of a building?

During a stealth penetration test for a multinational shipping company, ethical hacker Daniel Reyes gains local access to an engineering workstation and deploys a specialized payload that installs below the operating system. On subsequent reboots, the payload executes before any system-level drivers or services are active, giving Daniel covert control over the machine without triggering antivirus or endpoint detection tools. Weeks later, system administrators report suspicious network activity, but repeated forensic scans fail to locate any malicious processes or user-level traces.

Which type of rootkit did Daniel most likely use to maintain this level of stealth and persistence?

A penetration tester runs a vulnerability scan and identifies an outdated version of a web application running on the company’s server. The scan flags this as a medium-risk vulnerability. What is the best next step for the tester?

An Nmap SMTP enumeration script returns valid usernames. What misconfiguration is being exploited?

At a New York-based e-commerce company preparing for Black Friday sales, analyst Sarah evaluates cloud billing practices. She notices that the provider tracks compute hours, storage usage, and bandwidth consumption in detail, enabling the company to pay only for what is consumed while also supporting audits. Which cloud computing characteristic best explains this feature?

Michael, an ethical hacker at a New York-based e-commerce company, is evaluating the security of their online payment system after a recent incident where fraudulent transactions went undetected. His investigation reveals that the system uses an asymmetric encryption algorithm to ensure the authenticity of payment confirmations. He finds that the algorithm employs a public-key cryptosystem, where the sender signs the transaction with a private key, and the recipient verifies it using a corresponding public key located in a directory. During his test, Michael intercepts a signed message and notices that the algorithm supports modular exponentiation for generating digital signatures, a process critical for verifying the identity of the signatory. He aims to assess if the algorithm’s configuration could be vulnerable to a man-in-the-middle attack due to its key structure.

Which asymmetric encryption algorithm should Michael identify as the one used by the payment system?

What is the correct order of the five phases of ethical hacking?

During a strategic security briefing at Meridian Global Analytics in Washington,

D.  

C.  

What form of conflict best describes this type of coordinated activity?

You are instructed to perform a TCP NULL scan. In the context of TCP NULL scanning, which response indicates that a port on the target system is closed?

You are Michael, an ethical hacker at a New York–based e-commerce company performing a security review of their payment-signing service. While observing the signing process (without access to private keys), you note the service generates a fresh random value for each signature operation, the signature algorithm uses modular arithmetic in a subgroup defined by public domain parameters, and signatures are verified with a public verification key rather than by decrypting the message. Which asymmetric algorithm best matches the signing mechanism you observed?

Which advanced session-hijacking technique is hardest to detect and mitigate?

During a penetration test at Cascade Biotech in Portland, Oregon, ethical hacker Olivia Harper installs a monitoring agent on a single test workstation inside the research subnet. The system records local events such as file access, configuration changes, and unauthorized process execution. Olivia explains to the security team that attackers often attempt to disable or evade this type of monitoring to avoid being detected at the host level.

Which security system is Olivia most likely demonstrating?

During an internal assessment, a penetration tester gains access to a hash dump containing NTLM password hashes from a compromised Windows system. To crack the passwords efficiently, the tester uses a high-performance CPU setup with Hashcat, attempting millions of password combinations per second. Which technique is being optimized in this scenario?

A future-focused security audit discusses risks where attackers collect encrypted data today, anticipating they will be able to decrypt it later using quantum computers. What is this threat commonly known as?

A healthcare analytics firm in Denver, Colorado hosts several internal applications on an IIS web server. During an authorized security assessment, a tester evaluates a lesser-used endpoint designed for administrative operations. By sending crafted HTTP requests directly to this endpoint, the tester is able to invoke server-side management functions without interacting with the standard login workflow presented by the primary user interface.

Further review indicates that certain restricted operations can be executed when accessed through alternate request paths, suggesting inconsistent enforcement of access controls within the application.

Which IIS vulnerability is most accurately demonstrated in this scenario?