Latest [Nov 02, 2021] 100% Passing Guarantee - Brilliant 312-50v10 Exam Questions PDF
312-50v10 Certification – Valid Exam Dumps Questions Study Guide! (Updated 745 Questions)
Module 10: Denial-of-Service
The domain requires comprehension of Denial of Service (DoS) as well as Distributed Denial-of-Service (DDoS) Attacks; various DoS & DDoS attack methods; botnet networks; different DoS and DDoS attack tools; DoS Attack Penetration Testing; DoS/DDoS countermeasures.
How much 312-50v10 Exam Cost
The price of the 312-50v10 exam is $550 USD.
NEW QUESTION 43
A security engineer is attempting to map a company's internal network. The engineer enters in the following NMAP command:
NMAP -n -sS -P0 -p 80 ***.***.**.**
What type of scan is this?
- A. Intense scan
- B. Stealth scan
- C. Quick scan
- D. Comprehensive scan
Answer: B
NEW QUESTION 44
Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web site was located at www.masonins.com. Joseph uses his laptop computer regularly to administer the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker's message ''Hacker Message: You are dead! Freaks!" From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact.
No changes were apparent. Joseph called a friend of his at his home to help troubleshoot the problem. The Web site appeared defaced when his friend visited using his DSL connection. So, while Smith and his friend could see the defaced page, Joseph saw the intact Mason Insurance web site. To help make sense of this problem, Joseph decided to access the Web site using hisdial-up ISP. He disconnected his laptop from the corporate internal network and used his modem to dial up the same ISP used by Smith. After his modem connected, he quickly typed www.masonins.com in his browser to reveal the following web page:
After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact. How did the attacker accomplish this hack?
- A. SQL injection
- B. DNS poisoning
- C. ARP spoofing
- D. Routing table injection
Answer: B
NEW QUESTION 45
Which of the following BEST describes how Address Resolution Protocol (ARP) works?
- A. It sends a reply packet to all the network elements, asking for the MAC address from a specific IP
- B. It sends a reply packet for a specific IP, asking for the MAC address
- C. It sends a request packet to all the network elements, asking for the MAC address from a specific IP
- D. It sends a request packet to all the network elements, asking for the domain name from a specific IP
Answer: C
NEW QUESTION 46
Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?
- A. Incident response services to any user, company, government agency, or organization in partnership with the Department of Homeland Security
- B. Maintenance of the nation's Internet infrastructure, builds out new Internet infrastructure, and decommissions old Internet infrastructure
- C. Registration of critical penetration testing for the Department of Homeland Security and public and private sectors
- D. Measurement of key vulnerability assessments on behalf of the Department of Defense (DOD) and State Department, as well as private sectors
Answer: A
NEW QUESTION 47
Internet Protocol Security IPSec is actually a suite of protocols. Each protocol within the suite provides
different functionality. Collective IPSec does everything except.
- A. Encrypt
- B. Protect the payload and the headers
- C. Authenticate
- D. Work at the Data Link Layer
Answer: D
NEW QUESTION 48
Perspective clients want to see sample reports from previous penetration tests.
What should you do next?
- A. Decline but, provide references.
- B. Share reports, after NDA is signed.
- C. Share full reports with redactions.
- D. Share full reports, not redacted.
Answer: A
Explanation:
Penetration tests data should not be disclosed to third parties.
NEW QUESTION 49
One of your team members has asked you to analyze the following SOA record.
What is the TTL? Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600
3600 604800 2400.)
- A. 0
- B. 1
- C. 2
- D. 3
- E. 4
- F. 5
Answer: B
NEW QUESTION 50
Name two software tools used for OS guessing? (Choose two.)
- A. Queso
- B. Nmap
- C. UserInfo
- D. Snadboy
- E. NetBus
Answer: A,B
NEW QUESTION 51
You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8.
While monitoring the data, you find a high number of outbound connections. You see that IP's owned by XYZ (Internal) and private IP's are communicating to a Single Public IP. Therefore, the Internal IP's are sending data to the Public IP.
After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised.
What kind of attack does the above scenario depict?
- A. Spear Phishing Attack
- B. Rootkit Attack
- C. Botnet Attack
- D. Advanced Persistent Threats
Answer: C
NEW QUESTION 52
If you want only to scan fewer ports than the default scan using Nmap tool, which option would you use?
- A. -sP
- B. -r
- C. -P
- D. -F
Answer: D
NEW QUESTION 53
Which of the below hashing functions are not recommended for use?
- A. SHA-2. SHA-3
- B. MD5. SHA-5
- C. SHA-1.ECC
- D. MD5, SHA-1
Answer: C
NEW QUESTION 54
What is the role of test automation in security testing?
- A. It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.
- B. It is an option but it tends to be very expensive.
- C. It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.
- D. Test automation is not usable in security due to the complexity of the tests.
Answer: A
NEW QUESTION 55
Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy of financial reports?
- A. Sarbanes-Oxley Act (SOX)
- B. Gramm-Leach-Bliley Act (GLBA)
- C. Fair and Accurate Credit Transactions Act (FACTA)
- D. Federal Information Security Management Act (FISMA)
Answer: A
NEW QUESTION 56
OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of the tool and the correct syntax to connect to a web server?
- A. openssl_client -connect www.website.com:443
- B. openssl_client -site www.website.com:443
- C. openssl s_client -site www.website.com:443
- D. openssl s_client -connect www.website.com:443
Answer: D
NEW QUESTION 57
While
using your bank's online servicing you notice the following string in the URL bar:
"http://www.MyPersonalBank.com/account?id=368940911028389
& Damount=10980&Camount=21"
You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflect the changes.
Which type of vulnerability is present on this site?
- A. Cookie Tampering
- B. SQL injection
- C. Web Parameter Tampering
- D. XSS Reflection
Answer: C
Explanation:
Explanation
The Web Parameter Tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. Usually, this information is stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control.
References: https://www.owasp.org/index.php/Web_Parameter_Tampering
NEW QUESTION 58
Perspective clients want to see sample reports from previous penetration tests.
What should you do next?
- A. Decline but, provide references.
- B. Share reports, after NDA is signed.
- C. Share full reports with redactions.
- D. Share full reports, not redacted.
Answer: A
Explanation:
Explanation
Penetration tests data should not be disclosed to third parties.
NEW QUESTION 59
Which of the following cryptography attack is an understatement for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by a coercion or torture?
- A. Timing Attack
- B. Rubber Hose Attack
- C. Ciphertext-only Attack
- D. Chosen-Cipher text Attack
Answer: B
NEW QUESTION 60
Jack was attempting to fingerprint all machines in the network using the following Nmap syntax:
invictus@victim_server:~$ nmap -T4 -0 10.10.0.0/24
TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx xxxxxxxxx. QUITTING!
Obviously, it is not going through. What is the issue here?
- A. This is a common behavior for a corrupted nmap application
- B. The nmap syntax is wrong.
- C. OS Scan requires root privileges
- D. The outgoing TCP/IP fingerprinting is blocked by the host firewall
Answer: C
NEW QUESTION 61
......
What is the duration of the 312-50v10 Exam
- Number of Questions: 125
- Passing Score: 70%
- Format: Multiple choices, multiple answers
- Length of Examination: 4 hours
312-50v10 are Available for Instant Access: https://www.exams-boost.com/312-50v10-valid-materials.html