The Avant-garde Guide To 312-50v11 Braindump

NEW QUESTION 1
What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

• A. Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.
• B. Asymmetric cryptography is computationally expensive in compariso
• C. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.
• D. Symmetric encryption allows the server to securely transmit the session keys out-of-band.
• E. Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.

Answer: D

NEW QUESTION 2
An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?

• A. He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.
• B. He will activate OSPF on the spoofed root bridge.
• C. He will repeat this action so that it escalates to a DoS attack.
• D. He will repeat the same attack against all L2 switches of the network.

Answer: A

NEW QUESTION 3
Which of the following is assured by the use of a hash?

• A. Authentication
• B. Confidentiality
• C. Availability
• D. Integrity

Answer: D

NEW QUESTION 4
An LDAP directory can be used to store information similar to a SQL database. LDAP uses a database structure instead of SQL’s structure. Because of this, LDAP has difficulty representing many-to-one relationships.

• A. Relational, Hierarchical
• B. Strict, Abstract
• C. Hierarchical, Relational
• D. Simple, Complex

Answer: C

NEW QUESTION 5
During an Xmas scan what indicates a port is closed?

• A. No return response
• B. RST
• C. ACK
• D. SYN

Answer: B

NEW QUESTION 6
An Intrusion Detection System (IDS) has alerted the network administrator to a possibly malicious sequence of packets sent to a Web server in the network’s external DMZ. The packet traffic was captured by the IDS and saved to a PCAP file. What type of network tool can be used to determine if these packets are genuinely malicious or simply a false positive?

• A. Protocol analyzer
• B. Network sniffer
• C. Intrusion Prevention System (IPS)
• D. Vulnerability scanner

Answer: A

NEW QUESTION 7
Which of the following are well known password-cracking programs?

• A. L0phtcrack
• B. NetCat
• C. Jack the Ripper
• D. Netbus
• E. John the Ripper

Answer: AE

NEW QUESTION 8
What is the role of test automation in security testing?

• A. It is an option but it tends to be very expensive.
• B. It should be used exclusivel
• C. Manual testing is outdated because of low speed and possible test setup inconsistencies.
• D. Test automation is not usable in security due to the complexity of the tests.
• E. It can accelerate benchmark tests and repeat them with a consistent test setu
• F. But it cannot replace manual testing completely.

Answer: D

NEW QUESTION 9
The “Gray-box testing” methodology enforces what kind of restriction?

• A. Only the external operation of a system is accessible to the tester.
• B. The internal operation of a system in only partly accessible to the tester.
• C. Only the internal operation of a system is known to the tester.
• D. The internal operation of a system is completely known to the tester.

Answer: B

NEW QUESTION 10
What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?

• A. All are hacking tools developed by the legion of doom
• B. All are tools that can be used not only by hackers, but also security personnel
• C. All are DDOS tools
• D. All are tools that are only effective against Windows
• E. All are tools that are only effective against Linux

Answer: C

NEW QUESTION 11
Internet Protocol Security IPsec is actually a suite pf protocols. Each protocol within the suite provides different functionality. Collective IPsec does everything except.

• A. Protect the payload and the headers
• B. Encrypt
• C. Work at the Data Link Layer
• D. Authenticate

Answer: D

NEW QUESTION 12
Scenario1:
* 1. Victim opens the attacker's web site.
* 2. Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make
$1000 in a day?'.
* 3. Victim clicks to the interesting and attractive content URL.
* 4. Attacker creates a transparent 'iframe' in front of the URL which victim attempts to click, so victim thinks that he/she clicks to the 'Do you want to make $1000 in a day?' URL but actually he/she clicks to the content or URL that exists in the transparent 'iframe' which is setup by the attacker.
What is the name of the attack which is mentioned in the scenario?

• A. Session Fixation
• B. HTML Injection
• C. HTTP Parameter Pollution
• D. Clickjacking Attack

Answer: D

NEW QUESTION 13
Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?

• A. Nikto
• B. John the Ripper
• C. Dsniff
• D. Snort

Answer: A

NEW QUESTION 14
What is a “Collision attack” in cryptography?

• A. Collision attacks try to get the public key
• B. Collision attacks try to break the hash into three parts to get the plaintext value
• C. Collision attacks try to break the hash into two parts, with the same bytes in each part to get the private key
• D. Collision attacks try to find two inputs producing the same hash

Answer: D

NEW QUESTION 15
You have the SOA presented below in your Zone.
Your secondary servers have not been able to contact your primary server to synchronize information. How long will the secondary servers attempt to contact the primary server before it considers that zone is dead and stops responding to queries?
collegae.edu.SOA, cikkye.edu ipad.college.edu. (200302028 3600 3600 604800 3600)

• A. One day
• B. One hour
• C. One week
• D. One month

Answer: C

NEW QUESTION 16
Which of the following programs is usually targeted at Microsoft Office products?

• A. Polymorphic virus
• B. Multipart virus
• C. Macro virus
• D. Stealth virus

Answer: C

NEW QUESTION 17
A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer’s software and hardware without the owner’s permission. Their intention can either be to simply gain knowledge or to illegally make changes.
Which of the following class of hacker refers to an individual who works both offensively and defensively at various times?

• A. White Hat
• B. Suicide Hacker
• C. Gray Hat
• D. Black Hat

Answer: C

NEW QUESTION 18
You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet. How will you achieve this without raising suspicion?

• A. Encrypt the Sales.xls using PGP and e-mail it to your personal gmail account
• B. Package the Sales.xls using Trojan wrappers and telnet them back your home computer
• C. You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques
• D. Change the extension of Sales.xls to sales.txt and upload them as attachment to your hotmail account

Answer: C

NEW QUESTION 19
Fingerprinting an Operating System helps a cracker because:

• A. It defines exactly what software you have installed
• B. It opens a security-delayed window based on the port being scanned
• C. It doesn't depend on the patches that have been applied to fix existing security holes
• D. It informs the cracker of which vulnerabilities he may be able to exploit on your system

Answer: D

NEW QUESTION 20
In the field of cryptanalysis, what is meant by a “rubber-hose" attack?

• A. Attempting to decrypt cipher text by making logical assumptions about the contents of the original plain text.
• B. Extraction of cryptographic secrets through coercion or torture.
• C. Forcing the targeted key stream through a hardware-accelerated device such as an ASIC.
• D. A backdoor placed into a cryptographic algorithm by its creator.

Answer: B

NEW QUESTION 21
You are a Network Security Officer. You have two machines. The first machine (192.168.0.99) has snort installed, and the second machine (192.168.0.150) has kiwi syslog installed. You perform a syn scan in your network, and you notice that kiwi syslog is not receiving the alert message from snort. You decide to run wireshark in the snort machine to check if the messages are going to the kiwi syslog machine. What Wireshark filter will show the connections from the snort machine to kiwi syslog machine?

• A. tcp.srcport= = 514 && ip.src= = 192.168.0.99
• B. tcp.srcport= = 514 && ip.src= = 192.168.150
• C. tcp.dstport= = 514 && ip.dst= = 192.168.0.99
• D. tcp.dstport= = 514 && ip.dst= = 192.168.0.150

Answer: D

NEW QUESTION 22
Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He’s determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?

• A. Error-based SQL injection
• B. Blind SQL injection
• C. Union-based SQL injection
• D. NoSQL injection

Answer: B

NEW QUESTION 23
The tools which receive event logs from servers, network equipment, and applications, and perform analysis and correlation on those logs, and can generate alarms for security relevant issues, are known as what?

• A. network Sniffer
• B. Vulnerability Scanner
• C. Intrusion prevention Server
• D. Security incident and event Monitoring

Answer: D

NEW QUESTION 24
This kind of password cracking method uses word lists in combination with numbers and special characters:

• A. Hybrid
• B. Linear
• C. Symmetric
• D. Brute Force

Answer: A

NEW QUESTION 25
You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8.
While monitoring the data, you find a high number of outbound connections. You see that IP’s owned by XYZ (Internal) and private IP’s are communicating to a Single Public IP. Therefore, the Internal IP’s are sending data to the Public IP.
After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised.
What kind of attack does the above scenario depict?

• A. Botnet Attack
• B. Spear Phishing Attack
• C. Advanced Persistent Threats
• D. Rootkit Attack

Answer: A

NEW QUESTION 26
......