How Many Questions Of 312-50v11 Test

NEW QUESTION 1
You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles.
You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems.
In other words, you are trying to penetrate an otherwise impenetrable system. How would you proceed?

• A. Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network
• B. Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information
• C. Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100, 000 or more "zombies" and "bots"
• D. Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques

Answer: B

NEW QUESTION 2
To reach a bank web site, the traffic from workstations must pass through a firewall. You have been asked to review the firewall configuration to ensure that workstations in network 10.10.10.0/24 can only reach the bank web site 10.20.20.1 using https. Which of the following firewall rules meets this requirement?

• A. If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit
• B. If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 80 or 443) then permit
• C. If (source matches 10.20.20.1 and destination matches 10.10.10.0/24 and port matches 443) then permit
• D. If (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443) then permit

Answer: A

NEW QUESTION 3
Which of the following tools can be used for passive OS fingerprinting?

• A. nmap
• B. tcpdump
• C. tracert
• D. ping

Answer: B

NEW QUESTION 4
You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?

• A. All three servers need to be placed internally
• B. A web server facing the Internet, an application server on the internal network, a database server on the internal network
• C. A web server and the database server facing the Internet, an application server on the internal network
• D. All three servers need to face the Internet so that they can communicate between themselves

Answer: B

NEW QUESTION 5
How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

• A. There is no way to tell because a hash cannot be reversed
• B. The right most portion of the hash is always the same
• C. The hash always starts with AB923D
• D. The left most portion of the hash is always the same
• E. A portion of the hash will be all 0's

Answer: B

NEW QUESTION 6
You have successfully comprised a server having an IP address of 10.10.0.5. You would like to enumerate all machines in the same network quickly.
What is the best Nmap command you will use?

• A. nmap -T4 -q 10.10.0.0/24
• B. nmap -T4 -F 10.10.0.0/24
• C. nmap -T4 -r 10.10.1.0/24
• D. nmap -T4 -O 10.10.0.0/24

Answer: B

NEW QUESTION 7
Why containers are less secure that virtual machines?

• A. Host OS on containers has a larger surface attack.
• B. Containers may full fill disk space of the host.
• C. A compromise container may cause a CPU starvation of the host.
• D. Containers are attached to the same virtual network.

Answer: A

NEW QUESTION 8
An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gain access to the DNS server and redirect the direction www.google.com to his own IP address. Now when the employees of the office want to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack?

• A. MAC Flooding
• B. Smurf Attack
• C. DNS spoofing
• D. ARP Poisoning

Answer: C

NEW QUESTION 9
Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?

• A. To determine who is the holder of the root account
• B. To perform a DoS
• C. To create needless SPAM
• D. To illicit a response back that will reveal information about email servers and how they treat undeliverable mail
• E. To test for virus protection

Answer: D

NEW QUESTION 10
You went to great lengths to install all the necessary technologies to prevent hacking attacks, such as expensive firewalls, antivirus software, anti-spam systems and intrusion detection/prevention tools in your company's network. You have configured the most secure policies and tightened every device on your network. You are confident that hackers will never be able to gain access to your network with complex security system in place.
Your peer, Peter Smith who works at the same department disagrees with you.
He says even the best network security technologies cannot prevent hackers gaining access to the network because of presence of "weakest link" in the security chain.
What is Peter Smith talking about?

• A. Untrained staff or ignorant computer users who inadvertently become the weakest link in your securitychain
• B. "zero-day" exploits are the weakest link in the security chain since the IDS will not be able to detect these attacks
• C. "Polymorphic viruses" are the weakest link in the security chain since the Anti-Virus scanners will not be able to detect these attacks
• D. Continuous Spam e-mails cannot be blocked by your security system since spammers use different techniques to bypass the filters in your gateway

Answer: A

NEW QUESTION 11
You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise in order to evade IDS?

• A. nmap -A - Pn
• B. nmap -sP -p-65535 -T5
• C. nmap -sT -O -T0
• D. nmap -A --host-timeout 99 -T1

Answer: C

NEW QUESTION 12
env x=’(){ :;};echo exploit’ bash –c ‘cat/etc/passwd’
What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?

• A. Removes the passwd file
• B. Changes all passwords in passwd
• C. Add new user to the passwd file
• D. Display passwd content to prompt

Answer: D

NEW QUESTION 13
The “Gray-box testing” methodology enforces what kind of restriction?

• A. Only the external operation of a system is accessible to the tester.
• B. The internal operation of a system in only partly accessible to the tester.
• C. Only the internal operation of a system is known to the tester.
• D. The internal operation of a system is completely known to the tester.

Answer: B

NEW QUESTION 14
Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command.

What is Eve trying to do?

• A. Eve is trying to connect as a user with Administrator privileges
• B. Eve is trying to enumerate all users with Administrative privileges
• C. Eve is trying to carry out a password crack for user Administrator
• D. Eve is trying to escalate privilege of the null user to that of Administrator

Answer: C

NEW QUESTION 15
This kind of password cracking method uses word lists in combination with numbers and special characters:

• A. Hybrid
• B. Linear
• C. Symmetric
• D. Brute Force

Answer: A

NEW QUESTION 16
When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what it is meant by processing?

• A. The amount of time and resources that are necessary to maintain a biometric system
• B. How long it takes to setup individual user accounts
• C. The amount of time it takes to be either accepted or rejected from when an individual provides identification and authentication information
• D. The amount of time it takes to convert biometric data into a template on a smart card

Answer: C

NEW QUESTION 17
Which of the following tools are used for enumeration? (Choose three.)

• A. SolarWinds
• B. USER2SID
• C. Cheops
• D. SID2USER
• E. DumpSec

Answer: BDE

NEW QUESTION 18
You need a tool that can do network intrusion prevention and intrusion detection, function as a network sniffer, and record network activity, what tool would you most likely select?

• A. Nmap
• B. Cain & Abel
• C. Nessus
• D. Snort

Answer: D

NEW QUESTION 19
User A is writing a sensitive email message to user B outside the local network. User A has chosen to use PKI to secure his message and ensure only user B can read the sensitive email. At what layer of the OSI layer does the encryption and decryption of the message take place?

• A. Application
• B. Transport
• C. Session
• D. Presentation

Answer: D

NEW QUESTION 20
You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c

What is the hexadecimal value of NOP instruction?

• A. 0x60
• B. 0x80
• C. 0x70
• D. 0x90

Answer: D

NEW QUESTION 21
You are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be using LM Brute force hacking tool for decryption. What encryption algorithm will you be decrypting?

• A. MD4
• B. DES
• C. SHA
• D. SSL

Answer: B

NEW QUESTION 22
One of your team members has asked you to analyze the following SOA record.
What is the TTL? Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.)

• A. 200303028
• B. 3600
• C. 604800
• D. 2400
• E. 60
• F. 4800

Answer: D

NEW QUESTION 23
Your company was hired by a small healthcare provider to perform a technical assessment on the network. What is the best approach for discovering vulnerabilities on a Windows-based computer?

• A. Use the built-in Windows Update tool
• B. Use a scan tool like Nessus
• C. Check MITRE.org for the latest list of CVE findings
• D. Create a disk image of a clean Windows installation

Answer: B

NEW QUESTION 24
An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network’s external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

• A. Protocol analyzer
• B. Network sniffer
• C. Intrusion Prevention System (IPS)
• D. Vulnerability scanner

Answer: A

NEW QUESTION 25
......