aiotestking uk

312-50 Exam Questions - Online Test


312-50 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. Which of the following is not an effective countermeasure against replay attacks? 

A. Digital signatures 

B. Time Stamps 

C. System identification 

D. Sequence numbers 

Answer: C

Explanation: A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. Effective countermeasures should be anything that makes it hard to delay or replay the packet (time stamps and sequence numbers) or anything that prove the package is received as it was sent from the original sender (digital signature) 

Q2. You have successfully brute forced basic authentication configured on a Web Server using Brutus hacking tool. The username/password is “Admin” and “Bettlemani@”. You logon to the system using the brute forced password and plant backdoors and rootkits. 

After downloading various sensitive documents from the compromised machine, you proceed to clear the log files to hide your trace.. 

Which event log located at C:\Windows\system32\config contains the trace of your brute force attempts? 

A. AppEvent.Evt 

B. SecEvent.Evt 

C. SysEvent.Evt 

D. WinEvent.Evt 

Answer: B

Explanation: The Security Event log (SecEvent.Evt) will contain all the failed logins against the system. 

Topic 6, Trojans and Backdoors 

Q3. Which of the following snort rules look for FTP root login attempts? 

A. alert tcp -> any port 21 (msg:"user root";) 

B. alert tcp -> any port 21 (message:"user root";) 

C. alert ftp -> ftp (content:"user password root";) 

D. alert tcp any any -> any any 21 (content:"user root";) 

Answer: D

Explanation: The snort rule header is built by defining action (alert), protocol (tcp), from IP subnet port (any any), to IP subnet port (any any 21), Payload Detection Rule Options (content:”user root”;) 

Q4. Which of the following activities will not be considered passive footprinting? 

A. Go through the rubbish to find out any information that might have been discarded 

B. Search on financial site such as Yahoo Financial to identify assets 

C. Scan the range of IP address found in the target DNS database 

D. Perform multiples queries using a search engine 

Answer:

Explanation: Scanning is not considered to be passive footprinting. 

Q5. On a backdoored Linux box there is a possibility that legitimate programs are modified or trojaned. How is it possible to list processes and uids associated with them in a more reliable manner? 

A. Use "Is" 

B. Use "lsof" 

C. Use "echo" 

D. Use "netstat" 

Answer: B

Explanation: lsof is a command used in many Unix-like systems that is used to report a list of all open files and the processes that opened them. It works in and supports several UNIX flavors. 

Q6. A common technique for luring e-mail users into opening virus-launching attachments is to send messages that would appear to be relevant or important to many of their potential recipients. One way of accomplishing this feat is to make the virus-carrying messages appear to come from some type of business entity retailing sites, UPS, FEDEX, CITIBANK or a major provider of a common service. 

Here is a fraudulent e-mail claiming to be from FedEx regarding a package that could not be delivered. This mail asks the receiver to open an attachment in order to obtain the FEDEX tracking number for picking up the package. The attachment contained in this type of e-mail activates a virus. 

Vendors send e-mails like this to their customers advising them not to open any files attached with the mail, as they do not include attachments. 

Fraudulent e-mail and legit e-mail that arrives in your inbox contain the fedex.com as the sender of the mail. 

How do you ensure if the e-mail is authentic and sent from fedex.com? 

A. Verify the digital signature attached with the mail, the fake mail will not have Digital ID at all 

B. Check the Sender ID against the National Spam Database (NSD) 

C. Fake mail will have spelling/grammatical errors 

D. Fake mail uses extensive images, animation and flash content 

Answer: A

Q7. What port scanning method is the most reliable but also the most detectable? 

A. Null Scanning 

B. Connect Scanning 

C. ICMP Scanning 

D. Idlescan Scanning 

E. Half Scanning 

F. Verbose Scanning 

Answer: B

Explanation: A TCP Connect scan, named after the Unix connect() system call is the most accurate scanning method. If a port is open the operating system completes the TCP three-way handshake, and the port scanner immediately closes the connection. 

Q8. User which Federal Statutes does FBI investigate for computer crimes involving e-mail scams and mail fraud? 

A. 18 U.S.C 1029 Possession of Access Devices 

B. 18 U.S.C 1030 Fraud and related activity in connection with computers 

C. 18 U.S.C 1343 Fraud by wire, radio or television 

D. 18 U.S.C 1361 Injury to Government Property 

E. 18 U.S.C 1362 Government communication systems 

F. 18 U.S.C 1831 Economic Espionage Act 

G. 18 U.S.C 1832 Trade Secrets Act 

Answer: B

Explanation: http://www.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00001030----000-.html 

Q9. Which of the following best describes Vulnerability? 

A. The loss potential of a threat 

B. An action or event that might prejudice security 

C. An agent that could take advantage of a weakness 

D. A weakness or error that can lead to compromise 

Answer: D

Explanation: A vulnerability is a flaw or weakness in system security procedures, design or implementation that could be exercised (accidentally triggered or intentionally exploited) and result in a harm to an IT system or activity. 

Q10. What command would you type to OS fingerprint a server using the command line? 

A. Option A 

B. Option B 

C. Option C 

D. Option D 

Answer: C