This page was exported from New Lead2pass VCE And PDF Free Instant Download [ ] Export date:Wed Oct 16 0:00:28 2019 / +0000 GMT ___________________________________________________ Title: [2017 Newest] Easily Pass 312-50v9 Exam By Training Lead2pass Latest VCE Dumps (161-180) --------------------------------------------------- Lead2pass 2017 September New EC-Council 312-50v9 Exam Dumps! 100% Free Download! 100% Pass Guaranteed! Our PDF dumps of 312-50v9 exam is designed to ensure everything which you need to pass your exam successfully. At Lead2pass, we have a completely customer oriented policy. We invite the professionals who have rich experience and expert knowledge of the IT certification industry to guarantee the PDF details precisely and logically. Our customers' time is a precious concern for us. This requires us to provide you the products that can be utilized most efficiently. Following questions and answers are all new published by EC-Council Official Exam Center: QUESTION 161Which security strategy requires using several, varying methods to protect IT systems against attacks? A.    Defense in depthB.    Three-way handshakeC.    Covert channelsD.    Exponential backoff algorithmAnswer: A QUESTION 162SOAP services use which technology to format information? A.    SATAB.    PCIC.    XMLD.    ISDN Answer: C QUESTION 163Which of the following can take an arbitrary length of input and produce a message digest output of 160 bit? A.    SHA-1B.    MD5C.    HAVALD.    MD4 Answer: A QUESTION 164Which element of Public Key Infrastructure (PKI) verifies the applicant? A.    Certificate authorityB.    Validation authorityC.    Registration authorityD.    Verification authority Answer: C QUESTION 165Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide? A.    Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland SecurityB.    Maintenance of the nation's Internet infrastructure, builds out new Internet infrastructure, and decommissions old Internet infrastructureC.    Registration of critical penetration testing for the Department of Homeland Security and public and private sectorsD.    Measurement of key vulnerability assessments on behalf of the Department of Defense (DOD) and State Department, as well as private sectors Answer: A QUESTION 166How do employers protect assets with security policies pertaining to employee surveillance activities? A.    Employers promote monitoring activities of employees as long as the employees demonstrate trustworthiness.B.    Employers use informal verbal communication channels to explain employee monitoring activities to employees.C.    Employers use network surveillance to monitor employee email traffic, network access, and to record employee keystrokes.D.    Employers provide employees written statements that clearly discuss the boundaries of monitoring activities and consequences. Answer: D QUESTION 167Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion? A.    Regulatory complianceB.    Peer reviewC.    Change managementD.    Penetration testing Answer: C QUESTION 168Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11? A.    TruecryptB.    Sub7C.    NessusD.    Clamwin Answer: C QUESTION 169When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing? A.    At least once a year and after any significant upgrade or modificationB.    At least once every three years or after any significant upgrade or modificationC.    At least twice a year or after any significant upgrade or modificationD.    At least once every two years and after any significant upgrade or modification Answer: A QUESTION 170Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy of financial reports? A.    Sarbanes-Oxley Act (SOX)B.    Gramm-Leach-Bliley Act (GLBA)C.    Fair and Accurate Credit Transactions Act (FACTA)D.    Federal Information Security Management Act (FISMA) Answer: A QUESTION 171How can a policy help improve an employee's security awareness? A.    By implementing written security procedures, enabling employee security training, and promoting the benefits of securityB.    By using informal networks of communication, establishing secret passing procedures, and immediately terminating employeesC.    By sharing security secrets with employees, enabling employees to share secrets, and establishing a consultative help lineD.    By decreasing an employee's vacation time, addressing ad-hoc employment clauses, and ensuring that managers know employee strengths Answer: A QUESTION 172Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design, and implementation? A.    Penetration testingB.    Social engineeringC.    Vulnerability scanningD.    Access control list reviews Answer: A QUESTION 173Which of the following guidelines or standards is associated with the credit card industry? A.    Control Objectives for Information and Related Technology (COBIT)B.    Sarbanes-Oxley Act (SOX)C.    Health Insurance Portability and Accountability Act (HIPAA)D.    Payment Card Industry Data Security Standards (PCI DSS) Answer: D QUESTION 174International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining A.    guidelines and practices for security controls.B.    financial soundness and business viability metrics.C.    standard best practice for configuration management.D.    contract agreement writing standards. Answer: A QUESTION 175Which type of security document is written with specific step-by-step details? A.    ProcessB.    ProcedureC.    PolicyD.    Paradigm Answer: B QUESTION 176An ethical hacker for a large security research firm performs penetration tests, vulnerability tests, and risk assessments. A friend recently started a company and asks the hacker to perform a penetration test and vulnerability assessment of the new company as a favor. What should the hacker's next step be before starting work on this job? A.    Start by foot printing the network and mapping out a plan of attack.B.    Ask the employer for authorization to perform the work outside the company.C.    Begin the reconnaissance phase with passive information gathering and then move into active information gathering.D.    Use social engineering techniques on the friend's employees to help identify areas that may be susceptible to attack. Answer: B QUESTION 177A certified ethical hacker (CEH) completed a penetration test of the main headquarters of a company almost two months ago, but has yet to get paid. The customer is suffering from financial problems, and the CEH is worried that the company will go out of business and end up not paying. What actions should the CEH take? A.    Threaten to publish the penetration test results if not paid.B.    Follow proper legal procedures against the company to request payment.C.    Tell other customers of the financial problems with payments from this company.D.    Exploit some of the vulnerabilities found on the company webserver to deface it. Answer: B QUESTION 178Which initial procedure should an ethical hacker perform after being brought into an organization? A.    Begin security testing.B.    Turn over deliverables.C.    Sign a formal contract with non-disclosure.D.    Assess what the organization is trying to protect. Answer: C QUESTION 179A consultant has been hired by the V.P. of a large financial organization to assess the company's security posture. During the security testing, the consultant comes across child pornography on the V.P.'s computer. What is the consultant's obligation to the financial organization? A.    Say nothing and continue with the security testing.B.    Stop work immediately and contact the authorities.C.    Delete the pornography, say nothing, and continue security testing.D.    Bring the discovery to the financial organization's human resource department. Answer: B QUESTION 180A computer technician is using a new version of a word processing software package when it is discovered that a special sequence of characters causes the entire computer to crash. The technician researches the bug and discovers that no one else experienced the problem. What is the appropriate next step? A.    Ignore the problem completely and let someone else deal with it.B.    Create a document that will crash the computer when opened and send it to friends.C.    Find an underground bulletin board and attempt to sell the bug to the highest bidder.D.    Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix. Answer: D More free Lead2pass 312-50v9 exam new questions on Google Drive: If you want to get more 312-50v9 exam preparation material, you can download the free 312-50v9 braindumps in PDF files on Lead2pass. It would be great helpful for your exam. All the 312-50v9 dumps are updated and cover every aspect of the examination. Welcome to choose. 2017 EC-Council 312-50v9 (All 589 Q&As) exam dumps (PDF&VCE) from Lead2pass: [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-09-29 08:48:15 Post date GMT: 2017-09-29 08:48:15 Post modified date: 2017-09-29 08:48:15 Post modified date GMT: 2017-09-29 08:48:15 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from