★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 312-50 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/312-50-dumps.html


Pick out Pass4sure 312-50 and also acquire 312-50 test out inquiries to make your 312-50 assessment documentation. Pass4sure 312-50 perform queries are intended using queries, in addition to precise, reasonable and also verified arguments. Some of our 312-50 perform assessment will provide you with a assessing practical experience unmatched. Some of our 312-50 perform test out queries and also 312-50 are gaining knowledge through present-day and also effective Information Technology experts who utilize his or her expertise in arranging an individual qualified money.

2021 Mar 312-50 practice test

Q401. Which one of the following is defined as the process of distributing incorrect Internet Protocol (IP) addresses/names with the intent of diverting traffic? 

A. Network aliasing 

B. Domain Name Server (DNS) poisoning 

C. Reverse Address Resolution Protocol (ARP) 

D. Port scanning 

Answer: B

This reference is close to the one listed DNS poisoning is the correct answer. 

This is how DNS DOS attack can occur. If the actual DNS records are unattainable to the attacker for him to alter in this fashion, which they should be, the attacker can insert this data into the cache of there server instead of replacing the actual records, which is referred to as cache poisoning. 


Q402. The terrorist organizations are increasingly blocking all traffic from North America or from Internet Protocol addresses that point to users who rely on the English Language. 

Hackers sometimes set a number of criteria for accessing their website. This information is shared among the co-hackers. For example if you are using a machine with the Linux Operating System and the Netscape browser then you will have access to their website in a convert way. When federal investigators using PCs running windows and using Internet Explorer visited the hacker’s shared site, the hacker’s system immediately mounted a distributed denial-of-service attack against the federal system. 

Companies today are engaging in tracking competitor’s through reverse IP address lookup sites like whois.com, which provide an IP address’s domain. When the competitor visits the companies website they are directed to a products page without discount and prices are marked higher for their product. When normal users visit the website they are directed to a page with full-blown product details along with attractive discounts. This is based on IP-based blocking, where certain addresses are barred from accessing a site. 

What is this masking technique called? 

A. Website Cloaking 

B. Website Filtering 

C. IP Access Blockade 

D. Mirrored WebSite 

Answer: A

Explanation: Website Cloaking travels under a variety of alias including Stealth, Stealth scripts, IP delivery, Food Script, and Phantom page technology. It’s hot- due to its ability to manipulate those elusive top-ranking results from spider search engines. 


Q403. A client has approached you with a penetration test requirements. They are concerned with the possibility of external threat, and have invested considerable resources in protecting their Internet exposure. However, their main concern is the possibility of an employee elevating his/her privileges and gaining access to information outside of their respective department. 

What kind of penetration test would you recommend that would best address the client’s concern? 

A. A Black Box test 

B. A Black Hat test 

C. A Grey Box test 

D. A Grey Hat test 

E. A White Box test 

F. A White Hat test 

Answer: C


Q404. What type of cookies can be generated while visiting different web sites on the Internet? 

A. Permanent and long term cookies. 

B. Session and permanent cookies. 

C. Session and external cookies. 

D. Cookies are all the same, there is no such thing as different type of cookies. 

Answer: B

Explanation: There are two types of cookies: a permanent cookie that remains on a visitor's computer for a given time and a session cookie the is temporarily saved in the visitor's computer memory during the time that the visitor is using the Web site. Session cookies disappear when you close your Web browser. 


Q405. Which of the following is NOT a valid NetWare access level? 

A. Not Logged in 

B. Logged in 

C. Console Access 

D. Administrator 

Answer:

Explanation: Administrator is an account not a access level. 


Up to the immediate present 312-50 practice exam:

Q406. What happens when one experiences a ping of death? 

A. This is when an IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP) and the “type” field in the ICMP header is set to 18 (Address Mask Reply). 

B. This is when an IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP), the Last Fragment bit is set, and (IP offset ‘ 8) + (IP data length) >65535. In other words, the IP offset (which represents the starting position of this fragment in the original packet, and which is in 8-byte units) plus the rest of the packet is greater than the maximum size for an IP packet. 

C. This is when an IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP) and the source equal to destination address. 

D. This is when an the IP header is set to 1 (ICMP) and the “type” field in the ICMP header is set to 5 (Redirect). 

Answer: B

Explanation: A hacker can send an IP packet to a vulnerable machine such that the last fragment contains an offest where (IP offset *8) + (IP data length)>65535. This means that when the packet is reassembled, its total length is larger than the legal limit, causing buffer overruns in the machine's OS (becouse the buffer sizes are defined only to accomodate the maximum allowed size of the packet based on RFC 791)...IDS can generally recongize such attacks by looking for packet fragments that have the IP header's protocol field set to 1 (ICMP), the last bit set, and (IP offset *8) +(IP data length)>65535" CCIE Professional Development Network Security Principles and Practices by Saadat Malik pg 414 "Ping of Death" attacks cause systems to react in an unpredictable fashion when receiving oversized IP packets. TCP/IP allows for a maximum packet size of up to 65536 octets (1 octet = 8 bits of data), containing a minimum of 20 octets of IP header information and zero or more octets of optional information, with the rest of the packet being data. Ping of Death attacks can cause crashing, freezing, and rebooting. 


Q407. What are twp types of ICMP code used when using the ping command? 

A. It uses types 0 and 8. 

B. It uses types 13 and 14. 

C. It uses types 15 and 17. 

D. The ping command does not use ICMP but uses UDP. 

Answer: A

Explanation: ICMP Type 0 = Echo Reply, ICMP Type 8 = Echo 


Q408. Bob is a Junior Administrator at ABC Company. On One of Linux machine he entered the following firewall rules: 

iptables –t filter –A INPUT -p tcp --dport 23 –j DROP 

Why he entered the above line? 

A. To accept the Telnet connection 

B. To deny the Telnet connection 

C. The accept all connection except telnet connection 

D. None of Above 

Answer: B

Explanation: -t, --table 

This option specifies the packet matching table which the command should operate on. If the kernel is configured with automatic module loading, an attempt will be made to load the appropriate module for that table if it is not already there. The tables are as follows: filter This is the default table, and contains the built-in chains INPUT (for packets coming into the box itself), FORWARD (for packets being routed through the box), and OUTPUT (for locally-generated packets). nat This table is consulted when a packet which is creates a new connection is encountered. It consists of three built-ins: PREROUTING (for altering packets as soon as they come in), OUTPUT (for altering locally-generated packets before routing), and POSTROUTING (for altering packets as they are about to go out). mangle This table is used for specialized packet alteration. It has two built-in chains: PREROUTING (for altering incoming packets before routing) and OUTPUT (for altering locally-generated packets before routing). 

-A, --append 

Append one or more rules to the end of the selected chain. When the source and/or destination names resolve to more than one address, a rule will be added for each possible address combination. -p, --protocol [!] protocol The protocol of the rule or of the packet to check. The specified protocol can be one of tcp, udp, icmp, or all, or it can be a numeric value, representing one of these protocols or a different one. Also a protocol name from /etc/protocols is allowed. A "!" argument before the protocol inverts the test. The number zero is equivalent to all. Protocol all will match with all protocols and is taken as default when this option is omitted. All may not be used in in combination with the check command. --destination-port [!] [port[:port]] Destination port or port range specification. The flag --dport is an alias for this option. -j, --jump target 

This specifies the target of the rule; ie. what to do if the packet matches it. The target can be a user-defined chain (not the one this rule is in), one of the special builtin targets which decide the fate of the packet immediately, or an extension (see EXTENSIONS below). If this option is omitted in a rule, then matching the rule will have no effect on the packet's fate, but the counters on the rule will be incremented. 


Q409. Cyber Criminals have long employed the tactic of masking their true identity. In IP spoofing, an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine, by "spoofing" the IP address of that machine. 

How would you detect IP spoofing? 

A. Check the IPID of the spoofed packet and compare it with TLC checksum. If the numbers match then it is spoofed packet 

B. Probe a SYN Scan on the claimed host and look for a response SYN/FIN packet, if the connection completes then it is a spoofed packet 

C. Turn on 'Enable Spoofed IP Detection' in Wireshark, you will see a flag tick if the packet is spoofed 

D. Sending a packet to the claimed host will result in a reply. If the TTL in the reply is not the same as the packet being checked then it is a spoofed packet 

Answer: D


Q410. John wants to try a new hacking tool on his Linux System. As the application comes from a site in his untrusted zone, John wants to ensure that the downloaded tool has not been Trojaned. Which of the following options would indicate the best course of action for John? 

A. Obtain the application via SSL 

B. Obtain the application from a CD-ROM disc 

C. Compare the files’ MD5 signature with the one published on the distribution media 

D. Compare the file’s virus signature with the one published on the distribution media 

Answer: C

Explanation: In essence, MD5 is a way to verify data integrity, and is much more reliable than checksum and many other commonly used methods.