312-50V10 Online Practice Questions and Answers

A hacker named Jack is trying to compromise a bank's computer system. He needs to know the operating system of that computer to launch further attacks.

What process would help him?

A. Banner Grabbing

B. IDLE/IPID Scanning

C. SSDP Scanning

D. UDP Scanning

While conducting a penetration test, the tester determines that there is a firewall between the tester's machine and the target machine. The firewall is only monitoring TCP handshaking of packets at the session layer of the OSI model. Which type of firewall is the tester trying to traverse?

A. Packet filtering firewall

B. Application-level firewall

C. Circuit-level gateway firewall

D. Stateful multilayer inspection firewall

What statement is true regarding LM hashes?

A. LM hashes consist in 48 hexadecimal characters.

B. LM hashes are based on AES128 cryptographic standard.

C. Uppercase characters in the password are converted to lowercase.

D. LM hashes are not generated when the password length exceeds 15 characters.

Which solution can be used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions?

A. Firewall

B. Honeypot

C. Core server

D. Layer 4 switch

When setting up a wireless network, an administrator enters a pre-shared key for security. Which of the following is true?

A. The key entered is a symmetric key used to encrypt the wireless data.

B. The key entered is a hash that is used to prove the integrity of the wireless data.

C. The key entered is based on the Diffie-Hellman method.

D. The key is an RSA key used to encrypt the wireless data.

SOAP services use which technology to format information?

A. SATA

B. PCI

C. XML

D. ISDN

An attacker gains access to a Web server's database and displays the contents of the table that holds all of the names, passwords, and other user information. The attacker did this by entering information into the Web site's user login page that the software's designers did not expect to be entered. This is an example of what kind of software design problem?

A. Insufficient input validation

B. Insufficient exception handling

C. Insufficient database hardening

D. Insufficient security management

What is the role of test automation in security testing?

A. It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.

B. It is an option but it tends to be very expensive.

C. It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.

D. Test automation is not usable in security due to the complexity of the tests.

In many states sending spam is illegal. Thus, the spammers have techniques to try and ensure that no one knows they sent the spam out to thousands of users at a time. Which of the following best describes what spammers use to hide the origin of these types of e- mails?

A. A blacklist of companies that have their mail server relays configured to allow traffic only to their specific domain name.

B. Mail relaying, which is a technique of bouncing e-mail from internal to external mails servers continuously.

C. A blacklist of companies that have their mail server relays configured to be wide open.

D. Tools that will reconfigure a mail server's relay component to send the e-mail back to the spammers occasionally.

What tool can crack Windows SMB passwords simply by listening to network traffic?

A. This is not possible

B. Netbus

C. NTFSDOS

D. L0phtcrack