ECCouncil 312-50 Actual Questions

Page: 9 / 17

Question 36

When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?

Options:

At least once a year and after any significant upgrade or modification

At least once every three years or after any significant upgrade or modification

At least twice a year or after any significant upgrade or modification

At least once every two years and after any significant upgrade or modification

Question 37

In the OSI model, where does PPTP encryption take place?

Options:

Transport layer

Application layer

Data link layer

Network layer

Question 38

The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?

Options:

An extensible security framework named COBIT

A list of flaws and how to fix them

Web application patches

A security certification for hardened web applications

Question 39

The intrusion detection system at a software development company suddenly generates multiple alerts regarding attacks against the company's external webserver, VPN concentrator, and DNS servers. What should the security team do to determine which alerts to check first?