312-50v10 exam

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which tool could the tester use to get a response from a host using TCP?A...

What type of vulnerability/attack is it when the malicious person forces the user’s browser to send an authenticated request to a server?A . Cross-site request forgeryB . Cross-site scriptingC . Session hijackingD . Server side request forgeryView AnswerAnswer: A

A hacker is an intelligent individual with excellent computer skills and the ability to explore a computer’s software and hardware without the owner’s permission. Their intention can either be to simply gain knowledge or to illegally make changes. Which of the following class of hacker refers to an individual who...

In which of the following cryptography attack methods, the attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions?A . Chosen-plaintext attackB . Ciphertext-only attackC . Adaptive chosen-plaintext attackD . Known-plaintext attackView AnswerAnswer: A

This tool is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other...

What is attempting an injection attack on a web server based on responses to True/False questions called?A . DMS-specific SQLiB . Compound SQLiC . Blind SQLiD . Classic SQLiView AnswerAnswer: C

A hacker named Jack is trying to compromise a bank’s computer system. He needs to know the operating system of that computer to launch further attacks. What process would help him?A . Banner GrabbingB . IDLE/IPID ScanningC . SSDP ScanningD . UDP ScanningView AnswerAnswer: A

What is the purpose of a demilitarized zone on a network?A . To scan all traffic coming through the DMZ to the internal networkB . To only provide direct access to the nodes within the DMZ and protect the network behind itC . To provide a place to put the...

Which Intrusion Detection System is the best applicable for large environments where critical assets on the network need extra security and is ideal for observing sensitive network segments?A . HoneypotsB . FirewallsC . Network-based intrusion detection system (NIDS)D . Host-based intrusion detection system (HIDS)View AnswerAnswer: C

When conducting a penetration test, it is crucial to use all means to get all available information about the target network. One of the ways to do that is by sniffing the network. Which of the following cannot be performed by the passive network sniffing?A . Identifying operating systems, services,...