All About 312-50 download May 2021


The article at Testaimer.com going over http://www.testaimer.com/312-50-test is very comprehensive.

Q281. If an attacker's computer sends an IPID of 24333 to a zombie (Idle Scanning) computer on a closed port, what will be the response? 

A. The zombie computer will respond with an IPID of 24334. 

B. The zombie computer will respond with an IPID of 24333. 

C. The zombie computer will not send a response. 

D. The zombie computer will respond with an IPID of 24335. 

Answer: C


Q282. When Nmap performs a ping sweep, which of the following sets of requests does it send to the target device? 

A. ICMP ECHO_REQUEST & TCP SYN 

B. ICMP ECHO_REQUEST & TCP ACK 

C. ICMP ECHO_REPLY & TFP RST 

D. ICMP ECHO_REPLY & TCP FIN 

Answer: B

Explanation: The default behavior of NMAP is to do both an ICMP ping sweep (the usual kind of ping) and a TCP port 80 ACK ping sweep. If an admin is logging these this will be fairly characteristic of NMAP. 


Q283. ABC.com is legally liable for the content of email that is sent from its systems, regardless of whether the message was sent for private or business-related purpose. This could lead to prosecution for the sender and for the company’s directors if, for example, outgoing email was found to contain material that was pornographic, racist or likely to incite someone to commit an act of terrorism. 

You can always defend yourself by “ignorance of the law” clause. 

A. True 

B. False 

Answer: B

Explanation: Ignorantia juris non excusat or Ignorantia legis neminem excusat (Latin for "ignorance of the law does not excuse" or "ignorance of the law excuses no one") is a public policy holding that a person who is unaware of a law may not escape liability for violating that law merely because he or she was unaware of its content; that is, persons have presumed knowledge of the law. Presumed knowledge of the law is the principle in jurisprudence that one is bound by a law even if one does not know of it. It has also been defined as the "prohibition of ignorance of the law". 

Topic 2, Footprinting 


Q284. Erik notices a big increase in UDP packets sent to port 1026 and 1027 occasionally. He 

enters the following at the command prompt. 

$ nc -l -p 1026 -u -v 

In response, he sees the following message. 

cell(?(c)????STOPALERT77STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION. 

Windows has found 47 Critical Errors. 

To fix the errors please do the following: 

1. Download Registry Repair from: www.reg-patch.com 

2. Install Registry Repair 

3. Run Registry Repair 

4. Reboot your computer 

FAILURE TO ACT NOW MAY LEAD TO DATA LOSS AND CORRUPTION! 

What would you infer from this alert? 

A. The machine is redirecting traffic to www.reg-patch.com using adware 

B. It is a genuine fault of windows registry and the registry needs to be backed up 

C. An attacker has compromised the machine and backdoored ports 1026 and 1027 

D. It is a messenger spam. Windows creates a listener on one of the low dynamic ports from 1026 to 1029 and the message usually promotes malware disguised as legitimate utilities 

Answer:

Explanation: The "net send" Messenger service can be used by unauthorized users of your computer, without gaining any kind of privileged access, to cause a pop-up window to appear on your computer. Lately, this feature has been used by unsolicited commercial advertisers to inform many campus users about a "university diploma service"... 


Q285. Joseph has just been hired on to a contractor company of the Department of Defense as their Senior Security Analyst. Joseph has been instructed on the company's strict security policies that have been implemented, and the policies that have yet to be put in place. Per the Department of Defense, all DoD users and the users of their contractors must use two-factor authentication to access their networks. Joseph has been delegated the task of researching and implementing the best two-factor authentication method for his company. Joseph's supervisor has told him that they would like to use some type of hardware device in tandem with a security or identifying pin number. Joseph's company has already researched using smart cards and all the resources needed to implement them, but found the smart cards to not be cost effective. What type of device should Joseph use for two-factor authentication? 

A. Biometric device 

B. OTP 

C. Proximity cards 

D. Security token 

Answer: D


Q286. Who is an Ethical Hacker? 

A. A person who hacks for ethical reasons 

B. A person who hacks for an ethical cause 

C. A person who hacks for defensive purposes 

D. A person who hacks for offensive purposes 

Answer: C

Explanation: The Ethical hacker is a security professional who applies his hacking skills for defensive purposes. 


Q287. You are configuring the security options of your mail server and you would like to block certain file attachments to prevent viruses and malware from entering the users inbox. 

Which of the following file formats will you block? 

(Select up to 6) 

A. .txt 

B. .vbs 

C. .pif 

D. .jpg 

E. .gif 

F. .com 

G. .htm 

H. .rar 

I. .scr 

J. .exe 

Answer: BCEFIJ

Explanation: http://office.microsoft.com/en-us/outlook/HP030850041033.aspx 


Q288. Jack is conducting a port scan of a target network. He knows that his target network has a web server and that a mail server is up and running. Jack has been sweeping the network but has not been able to get any responses from the remote target. Check all of the following that could be a likely cause of the lack of response? 

A. The host might be down 

B. UDP is filtered by a gateway 

C. ICMP is filtered by a gateway 

D. The TCP window Size does not match 

E. The destination network might be down 

F. The packet TTL value is too low and can’t reach the target 

Answer: ACEF

Explanation: Wrong answers is B and D as sweeping a network uses ICMP 


Q289. What is Form Scalpel used for? 

A. Dissecting HTML Forms 

B. Dissecting SQL Forms 

C. Analysis of Access Database Forms 

D. Troubleshooting Netscape Navigator 

E. Quatro Pro Analysis Tool 

Answer: A

Explanation: Form Scalpel automatically extracts forms from a given web page and splits up all fields for editing and manipulation. 


Q290. Bob is a Junior Administrator at ABC Company. He is installing the RedHat Enterprise Linux on his machine. At installation time, he removed the “Use MD5” options. What will be the hashing standard? 

A. MD2 

B. DES 

C. 3DES 

D. RSA 

Answer: B

Explanation: crypt() will return an encrypted string using the standard Unix DES-based encryption algorithm or alternative algorithms that may be available on the system. By removing the “Use MD5” option Bob forces crypt() to revert to DES encryption.