aiotestking uk

312-50 Exam Questions - Online Test


312-50 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. Which of the following command line switch would you use for OS detection in Nmap? 

A. -D 

B. -O 

C. -P 

D. -X 

Answer: B

Explanation: OS DETECTION: -O: Enable OS detection (try 2nd generation w/fallback to 1st) -O2: Only use the new OS detection system (no fallback) -O1: Only use the old (1st generation) OS detection system --osscan-limit: Limit OS detection to promising targets --osscan-guess: Guess OS more aggressively 

Q2. Susan has attached to her company’s network. She has managed to synchronize her boss’s sessions with that of the file server. She then intercepted his traffic destined for the server, changed it the way she wanted to and then placed it on the server in his home directory. What kind of attack is Susan carrying on? 

A. A sniffing attack 

B. A spoofing attack 

C. A man in the middle attack 

D. A denial of service attack 

Answer: C

Explanation: A man-in-the-middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. 

Q3. Which of the following tool would be considered as Signature Integrity Verifier (SIV)? 

A. Nmap 

B. SNORT 

C. VirusSCAN 

D. Tripwire 

Answer: D

Q4. One of your team members has asked you to analyze the following SOA record. What is the version? 

Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400. 

A. 200303028 

B. 3600 

C. 604800 

D. 2400 

E. 60 

F. 4800 

Answer:

Explanation: The SOA starts with the format of YYYYMMDDVV where VV is the version. 

Q5. Jason works in the sales and marketing department for a very large advertising agency located in Atlanta. Jason is working on a very important marketing campaign for his company's largest client. Before the project could be completed and implemented, a competing advertising company comes out with the exact same marketing materials and advertising, thus rendering all the work done for Jason's client unusable. Jason is questioned about this and says he has no idea how all the material ended up in the hands of a competitor. 

Without any proof, Jason's company cannot do anything except move on. After working on another high profile client for about a month, all the marketing and sales material again ends up in the hands of another competitor and is released to the public before Jason's company can finish the project. Once again, Jason says that he had nothing to do with it and does not know how this could have happened. Jason is given leave with pay until they can figure out what is going on. 

Jason's supervisor decides to go through his email and finds a number of emails that were sent to the competitors that ended up with the marketing material. The only items in the emails were attached jpg files, but nothing else. Jason's supervisor opens the picture files, but cannot find anything out of the ordinary with them. 

What technique has Jason most likely used? 

A. Stealth Rootkit Technique 

B. Snow Hiding Technique 

C. ADS Streams Technique 

D. Image Steganography Technique 

Answer: D

Q6. What are the different between SSL and S-HTTP? 

A. SSL operates at the network layer and S-HTTP operates at the application layer 

B. SSL operates at the application layer and S-HTTP operates at the network layer 

C. SSL operates at transport layer and S-HTTP operates at the application layer 

D. SSL operates at the application layer and S-HTTP operates at the transport layer 

Answer: C

Explanation: Whereas SSL is designed to establish a secure connection between two computers, S-HTTP is designed to send individual messages securely. S-HTTP is defined in RFC 2660 

Q7. You are manually conducting Idle Scanning using Hping2. During your scanning you notice that almost every query increments the IPID regardless of the port being queried. One or two of the queries cause the IPID to increment by more than one value. Why do you think this occurs? 

A. The zombie you are using is not truly idle. 

B. A stateful inspection firewall is resetting your queries. 

C. Hping2 cannot be used for idle scanning. 

D. These ports are actually open on the target system. 

Answer: A

Explanation: If the IPID is incremented by more than the normal increment for this type of system it means that the system is interacting with some other system beside yours and has sent packets to an unknown host between the packets destined for you. 

Q8. An Evil Cracker is attempting to penetrate your private network security. To do this, he must not be seen by your IDS, as it may take action to stop him. What tool might he use to bypass the IDS? 

Select the best answer. 

A. Firewalk 

B. Manhunt 

C. Fragrouter 

D. Fragids 

Answer:

Explanations: 

Firewalking is a way to disguise a portscan. Thus, firewalking is not a tool, but a method of conducting a port scan in which it can be hidden from some firewalls. Synamtec Man-Hunt is an IDS, not a tool to evade an IDS. Fragrouter is a tool that can take IP traffic and fragment it into multiple pieces. There is a legitimate reason that fragmentation is done, but it is also a technique that can help an attacker to evade detection while Fragids is a made-up tool and does not exist. 

Q9. What port scanning method is the most reliable but also the most detectable? 

A. Null Scanning 

B. Connect Scanning 

C. ICMP Scanning 

D. Idlescan Scanning 

E. Half Scanning 

F. Verbose Scanning 

Answer: B

Explanation: A TCP Connect scan, named after the Unix connect() system call is the most accurate scanning method. If a port is open the operating system completes the TCP three-way handshake, and the port scanner immediately closes the connection. 

Q10. If an attacker's computer sends an IPID of 24333 to a zombie (Idle Scanning) computer on a closed port, what will be the response? 

A. The zombie computer will respond with an IPID of 24334. 

B. The zombie computer will respond with an IPID of 24333. 

C. The zombie computer will not send a response. 

D. The zombie computer will respond with an IPID of 24335. 

Answer: C