aiotestking uk

312-50 Exam Questions - Online Test


312-50 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. You want to carry out session hijacking on a remote server. The server and the client are communicating via TCP after a successful TCP three way handshake. The server has just received packet #120 from the client. The client has a receive window of 200 and the server has a receive window of 250. 

Within what range of sequence numbers should a packet, sent by the client fall in order to be accepted by the server? 

A. 200-250 

B. 121-371 

C. 120-321 

D. 121-231 

E. 120-370 

Answer:

Explanation: Package number 120 have already been received by the server and the window is 250 packets, so any package number from 121 (next in sequence) to 371 (121+250). 

Q2. Which type of attack is port scanning? 

A. Web server attack 

B. Information gathering 

C. Unauthorized access 

D. Denial of service attack 

Answer: B

Q3. The GET method should never be used when sensitive data such as credit card is being sent to a CGI program. This is because any GET command will appear in the URL, and will be logged by any servers. For example, let's say that you've entered your credit card information into a form that uses the GET method. The URL may appear like this: 

https://www.xsecurity-bank.com/creditcard.asp?cardnumber=453453433532234 

The GET method appends the credit card number to the URL. This means that anyone with access to a server log will be able to obtain this information. How would you protect from this type of attack? 

A. Never include sensitive information in a script 

B. Use HTTPS SSLv3 to send the data instead of plain HTTPS 

C. Replace the GET with POST method when sending data 

D. Encrypt the data before you send using GET method 

Answer: C

Q4. Which DNS resource record can indicate how long any "DNS poisoning" could last? 

A. MX 

B. SOA 

C. NS 

D. TIMEOUT 

Answer: B

Explanation: The SOA contains information of secondary servers, update intervals and expiration times. 

Q5. You work for Acme Corporation as Sales Manager. The company has tight network security restrictions. You are trying to steal data from the company's Sales database (Sales.xls) and transfer them to your home computer. Your company filters and monitors traffic that leaves from the internal network to the Internet. How will you achieve this without raising suspicion? 

A. Encrypt the Sales.xls using PGP and e-mail it to your personal gmail account 

B. Package the Sales.xls using Trojan wrappers and telnet them back your home computer 

C. You can conceal the Sales.xls database in another file like photo.jpg or other files and send it out in an innocent looking email or file transfer using Steganography techniques 

D. Change the extension of Sales.xls to sales.txt and upload them as attachment to your hotmail account 

Answer: C

Q6. What is the algorithm used by LM for Windows2000 SAM ? 

A. MD4 

B. DES 

C. SHA 

D. SSL 

Answer: B

Explanation: Okay, this is a tricky question. We say B, DES, but it could be A “MD4” depending on what their asking - Windows 2000/XP keeps users passwords not "apparently", but as hashes, i.e. actually as "check sum" of the passwords. Let's go into the passwords keeping at large. The most interesting structure of the complex SAM-file building is so called V-block. It's size is 32 bytes and it includes hashes of the password for the local entering: NT Hash of 16-byte length, and hash used during the authentication of access to the common resources of other computers LanMan Hash, or simply LM Hash, of the same 16-byte length. Algorithms of the formation of these hashes are following: NT Hash formation: LM Hash formation: 

Q7. One of your team members has asked you to analyze the following SOA record. What is the version? 

Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400. 

A. 200303028 

B. 3600 

C. 604800 

D. 2400 

E. 60 

F. 4800 

Answer:

Explanation: The SOA starts with the format of YYYYMMDDVV where VV is the version. 

Q8. What is the key advantage of Session Hijacking? 

A. It can be easily done and does not require sophisticated skills. 

B. You can take advantage of an authenticated connection. 

C. You can successfully predict the sequence number generation. 

D. You cannot be traced in case the hijack is detected. 

Answer: B

Explanation: As an attacker you don’t have to steal an account and password in order to take advantage of an authenticated connection. 

Q9. How do you defend against ARP spoofing? 

A. Place static ARP entries on servers, workstation and routers 

B. True IDS Sensors to look for large amount of ARP traffic on local subnets 

C. Use private VLANS 

D. Use ARPWALL system and block ARP spoofing attacks 

Answer: ABC 

Explanation: ARPWALL is a opensource tools will give early warning when arp attack occurs. 

This tool is still under construction. 

Q10. What does black box testing mean? 

A. You have full knowledge of the environment 

B. You have no knowledge of the environment 

C. You have partial knowledge of the environment 

Answer: B

Explanation: Black box testing is conducted when you have no knowledge of the environment. It is more time consuming and expensive.