aiotestking uk

312-50 Exam Questions - Online Test


312-50 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. Which of the following are potential attacks on cryptography? (Select 3) 

A. One-Time-Pad Attack 

B. Chosen-Ciphertext Attack 

C. Man-in-the-Middle Attack 

D. Known-Ciphertext Attack 

E. Replay Attack 

Answer: BCE

Explanation: A chosen-ciphertext attack (CCA) is an attack model for cryptanalysis in which the cryptanalyst chooses a ciphertext and causes it to be decrypted with an unknown key. Specific forms of this attack are sometimes termed "lunchtime" or "midnight" attacks, referring to a scenario in which an attacker gains access to an unattended decryption machine. In cryptography, a man-in-the-middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept messages going between the two victims. A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack). 

Q2. Lori was performing an audit of her company's internal Sharepoint pages when she came across the following code: What is the purpose of this code? 

A. This JavaScript code will use a Web Bug to send information back to another server. 

B. This code snippet will send a message to a server at 192.154.124.55 whenever the "escape" key is pressed. 

C. This code will log all keystrokes. 

D. This bit of JavaScript code will place a specific image on every page of the RSS feed. 

Answer: C

Q3. What is the essential difference between an ‘Ethical Hacker’ and a ‘Cracker’? 

A. The ethical hacker does not use the same techniques or skills as a cracker. 

B. The ethical hacker does it strictly for financial motives unlike a cracker. 

C. The ethical hacker has authorization from the owner of the target. 

D. The ethical hacker is just a cracker who is getting paid. 

Answer: C

Explanation: The ethical hacker uses the same techniques and skills as a cracker and the motive is to find the security breaches before a cracker does. There is nothing that says that a cracker does not get paid for the work he does, a ethical hacker has the owners authorization and will get paid even if he does not succeed to penetrate the target. 

Q4. Ethernet switches can be adversely affected by rapidly bombarding them with spoofed ARP responses. He port to MAC Address table (CAM Table) overflows on the switch and rather than failing completely, moves into broadcast mode, then the hacker can sniff all of the packets on the network. 

Which of the following tool achieves this? 

A. ./macof 

B. ./sniffof 

C. ./dnsiff 

D. ./switchsnarf 

Answer: A

Explanation: macof floods the local network with random MAC addresses (causing some switches to fail open in repeating mode, facilitating sniffing). 

Q5. What is the command used to create a binary log file using tcpdump? 

A. tcpdump -r log 

B. tcpdump -w ./log 

C. tcpdump -vde -r log 

D. tcpdump -l /var/log/ 

Answer: B

Explanation: tcpdump [ -adeflnNOpqStvx ] [ -c count ] [ -F file ] [ -i interface ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ expression ] 

-w Write the raw packets to file rather than parsing and printing them out. 

Q6. You are conducting a port scan on a subnet that has ICMP blocked. You have discovered 23 live systems and after scanning each of them you notice that they all show port 21 in closed state. 

What should be the next logical step that should be performed? 

A. Connect to open ports to discover applications. 

B. Perform a ping sweep to identify any additional systems that might be up. 

C. Perform a SYN scan on port 21 to identify any additional systems that might be up. 

D. Rescan every computer to verify the results. 

Answer: C

Explanation: As ICMP is blocked you’ll have trouble determining which computers are up and running by using a ping sweep. As all the 23 computers that you had discovered earlier had port 21 closed, probably any additional, previously unknown, systems will also have port 21 closed. By running a SYN scan on port 21 over the target network you might get replies from additional systems. 

Q7. Charlie is the network administrator for his company. Charlie just received a new Cisco router and wants to test its capabilities out and to see if it might be susceptible to a DoS attack resulting in its locking up. The IP address of the Cisco switch is 172.16.0.45. What command can Charlie use to attempt this task? 

A. Charlie can use the command: ping -l 56550 172.16.0.45 -t. 

B. Charlie can try using the command: ping 56550 172.16.0.45. 

C. By using the command ping 172.16.0.45 Charlie would be able to lockup the router 

D. He could use the command: ping -4 56550 172.16.0.45. 

Answer: A

Q8. June, a security analyst, understands that a polymorphic virus has the ability to mutate and can change its known viral signature and hide from signature-based antivirus programs. Can June use an antivirus program in this case and would it be effective against a polymorphic virus? 

A. No. June can't use an antivirus program since it compares the size of executable files to the database of known viral signatures and it is effective on a polymorphic virus 

B. Yes. June can use an antivirus program since it compares the parity bit of executable files to the database of known check sum counts and it is effective on a polymorphic virus 

C. Yes. June can use an antivirus program since it compares the signatures of executable files to the database of known viral signatures and it is very effective against a polymorphic virus 

D. No. June can't use an antivirus program since it compares the signatures of executable files to the database of known viral signatures and in the case the polymorphic viruses cannot be detected by a signature-based anti-virus program 

Answer: D

Explanation: Although there are functions like heuristic scanning and sandbox technology, the Antivirus program is still mainly depending of signature databases and can only find already known viruses. 

Q9. You are the security administrator of Jaco Banking Systems located in Boston. You are setting up e-banking website (http://www.ejacobank.com) authentication system. Instead of issuing banking customer with a single password, you give them a printed list of 100 unique passwords. Each time the customer needs to log into the e-banking system website, the customer enters the next password on the list. If someone sees them type the password using shoulder surfing, MiTM or keyloggers, then no damage is done because the password will not be accepted a second time. Once the list of 100 passwords is almost finished, the system automatically sends out a new password list by encrypted e-mail to the customer. 

You are confident that this security implementation will protect the customer from password abuse. 

Two months later, a group of hackers called "HackJihad" found a way to access the one-time password list issued to customers of Jaco Banking Systems. The hackers set up a fake website (http://www.e-jacobank.com) and used phishing attacks to direct ignorant customers to it. The fake website asked users for their e-banking username and password, and the next unused entry from their one-time password sheet. The hackers collected 200 customer's username/passwords this way. They transferred money from the customer's bank account to various offshore accounts. 

Your decision of password policy implementation has cost the bank with USD 925,000 to hackers. You immediately shut down the e-banking website while figuring out the next best security solution 

What effective security solution will you recommend in this case? 

A. Implement Biometrics based password authentication system. Record the customers face image to the authentication database 

B. Configure your firewall to block logon attempts of more than three wrong tries 

C. Enable a complex password policy of 20 characters and ask the user to change the password immediately after they logon and do not store password histories 

D. Implement RSA SecureID based authentication system 

Answer: D

Q10. nn would like to perform a reliable scan against a remote target. She is not concerned about being stealth at this point. 

Which of the following type of scans would be the most accurate and reliable option? 

A. A half-scan 

B. A UDP scan 

C. A TCP Connect scan 

D. A FIN scan 

Answer: C

Explanation: A TCP Connect scan, named after the Unix connect() system call is the most accurate scanning method. If a port is open the operating system completes the TCP three-way handshake, and the port scanner immediately closes the connection. Otherwise an error code is returned. Example of a three-way handshake followed by a reset: Source Destination Summary 

[192.168.0.8] [192.168.0.10] TCP: D=80 S=49389 SYN SEQ=3362197786 LEN=0 WIN=5840 

[192.168.0.10] [192.168.0.8] TCP: D=49389 S=80 SYN ACK=3362197787 SEQ=58695210 LEN=0 WIN=65535 

[192.168.0.8]

 [192.168.0.10] TCP: D=80 S=49389 ACK=58695211 WIN<<2=5840 

[192.168.0.8]

 [192.168.0.10] TCP: D=80 S=49389 RST ACK=58695211 WIN<<2=5840