Examcollection provide you with the most recent top quality 312-50 exercise inquiries for the prospects, many of us promise making money online for the initially test just with each of our assessment braindumps, if perhaps by some means people dont succeed a Examcollection 312-50 assessment for the very first time that, we will never exclusively prepare the whole repayment in your case. By purchasing each of our Examcollection 312-50 assessment along with 312-50, you should have that is critical with regard to finishing the exam operating examine manual that is certainly constantly recent.

2017 Mar 312-50 practice

Q231. _________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes. 

A. Trojan 

B. RootKit 

C. DoS tool 

D. Scanner 

E. Backdoor 


Explanation: Rootkits are tools that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes. 

Q232. You have chosen a 22 character word from the dictionary as your password. How long will it take to crack the password by an attacker? 

A. 5 minutes 

B. 23 days 

C. 200 years 

D. 16 million years 

Answer: A

Explanation: A dictionary password cracker simply takes a list of dictionary words, and one at a time encrypts them to see if they encrypt to the one way hash from the system. If the hashes are equal, the password is considered cracked, and the word tried from the dictionary list is the password. As long as you use a word found in or similar to a word found in a dictionary the password is considered to be weak. 

Q233. Bank of Timbuktu was a medium-sized, regional financial institution in Timbuktu. The bank has deployed a new Internet-accessible Web application recently, using which customers could access their account balances, transfer money between accounts, pay bills and conduct online financial business using a Web browser. 

John Stevens was in charge of information security at Bank of Timbuktu. After one month in production, several customers complained about the Internet enabled banking application. Strangely, the account balances of many bank’s customers has been changed! 

However, money hadn’t been removed from the bank. Instead, money was transferred between accounts. Given this attack profile, John Stevens reviewed the Web application’s logs and found the following entries: 

Attempted login of unknown user: John Attempted login of unknown user: sysaR Attempted login of unknown user: sencat Attempted login of unknown user: pete ‘’; Attempted login of unknown user: ‘ or 1=1--Attempted login of unknown user: ‘; drop table logins--Login of user jason, sessionID= 0x75627578626F6F6B Login of user daniel, sessionID= 0x98627579539E13BE Login of user rebecca, sessionID= 0x90627579944CCB811 Login of user mike, sessionID= 0x9062757935FB5C64 Transfer Funds user jason Pay Bill user mike Logout of user mike 

What kind of attack did the Hacker attempt to carry out at the bank? (Choose the best answer) 

A. The Hacker attempted SQL Injection technique to gain access to a valid bank login ID. 

B. The Hacker attempted Session hijacking, in which the Hacker opened an account with the bank, then logged in to receive a session ID, guessed the next ID and took over Jason’s session. 

C. The Hacker attempted a brute force attack to guess login ID and password using password cracking tools. 

D. The Hacker used a random generator module to pass results to the Web server and exploited Web application CGI vulnerability. 

Answer: A

Explanation: The following part: Attempted login of unknown user: pete ‘’; Attempted login of unknown user: ‘ or 1=1--Attempted login of unknown user: ‘; drop table logins--Clearly shows a hacker trying to perform a SQL injection by bypassing the login with the statement 1=1 and then dumping the logins table. 

Q234. Which one of the following instigates a SYN flood attack? 

A. Generating excessive broadcast packets. 

B. Creating a high number of half-open connections. 

C. Inserting repetitive Internet Relay Chat (IRC) messages. 

D. A large number of Internet Control Message Protocol (ICMP) traces. 

Answer: B

Explanation: A SYN attack occurs when an attacker exploits the use of the buffer space during a Transmission Control Protocol (TCP) session initialization handshake. The attacker floods the target system's small "in-process" queue with connection requests, but it does not respond when a target system replies to those requests. This causes the target system to time out while waiting for the proper response, which makes the system crash or become unusable. 

Q235. When Jason moves a file via NFS over the company's network, you want to grab a copy of it by sniffing. Which of the following tool accomplishes this? 

A. macof 

B. webspy 

C. filesnarf 

D. nfscopy 


Explanation: Filesnarf - sniff files from NFS traffic 


-i interface 

Specify the interface to listen on. 

-v "Versus" mode. Invert the sense of matching, to 

select non-matching files. 


Specify regular expression for filename matching. 


Specify a tcpdump(8) filter expression to select 

traffic to sniff. 


Dsniff, nfsd 

Regenerate 312-50 torrent:

Q236. What is the problem with this ASP script (login.asp)? 


Set objConn = CreateObject("ADODB.Connection") 

objConn.Open Application("WebUsersConnection") 

sSQL="SELECT * FROM Users where Username=? & Request("user") & _ 

"?and Password=? & Request("pwd") & "? 

Set RS = objConn.Execute(sSQL) 

If RS.EOF then Response.Redirect("login.asp?msg=Invalid Login") Else Session.Authorized = True 

Set RS = nothing 

Set objConn = nothing Response.Redirect("mainpage.asp") End If %> 

A. The ASP script is vulnerable to XSS attack 

B. The ASP script is vulnerable to SQL Injection attack 

C. The ASP script is vulnerable to Session Splice attack 

D. The ASP script is vulnerable to Cross Site Scripting attack 

Answer: B

Q237. Clive is conducting a pen-test and has just port scanned a system on the network. He has identified the operating system as Linux and been able to elicit responses from ports 23, 25 and 53. He infers port 23 as running Telnet service, port 25 as running SMTP service and port 53 as running DNS service. The client confirms these findings and attests to the current availability of the services. When he tries to telnet to port 23 or 25, he gets a blank screen in response. On typing other commands, he sees only blank spaces or underscores symbols on the screen. What are you most likely to infer from this? 

A. The services are protected by TCP wrappers 

B. There is a honeypot running on the scanned machine 

C. An attacker has replaced the services with trojaned ones 

D. This indicates that the telnet and SMTP server have crashed 

Answer: A

Explanation: TCP Wrapper is a host-based network ACL system, used to filter network access to Internet protocol services run on (Unix-like) operating systems such as Linux or BSD. It allows host or subnetwork IP addresses, names and/or ident query replies, to be used as tokens on which to filter for access control purposes. 

Q238. ou are attempting to crack LM Manager hashed from Windows 2000 SAM file. You will be using LM Brute force hacking tool for decryption. 

What encryption algorithm will you be decrypting? 

A. MD4 




Answer: B

Explanation: The LM hash is computed as follows.1. The user’s password as an OEM string is converted to uppercase. 2. This password is either null-padded or truncated to 14 bytes. 3. The “fixed-length” password is split into two 7-byte halves. 4. These values are used to create two DES keys, one from each 7-byte half. 5. Each of these keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”, resulting in two 8-byte ciphertext values. 6. These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash. 

Q239. Exhibit: 

You have captured some packets in Ethereal. You want to view only packets sent from What filter will you apply? 

A. ip = 

B. ip.src == 

C. ip.equals 

D. ip.address = 


Explanation: ip.src tells the filter to only show packets with as the source. 

Q240. Neil monitors his firewall rules and log files closely on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web sites during work hours, without consideration for others. Neil knows that he has an updated content filtering system and that such access should not be authorized. 

What type of technique might be used by these offenders to access the Internet without restriction? 

A. They are using UDP which is always authorized at the firewall. 

B. They are using tunneling software which allows them to communicate with protocols in a way it was not intended. 

C. They have been able to compromise the firewall, modify the rules, and give themselves proper access. 

D. They are using an older version of Internet Explorer that allows them to bypass the proxy server. 

Answer: B

Explanation: This can be accomplished by, for example, tunneling the http traffic over SSH if you have a SSH server answering to your connection, you enable dynamic forwarding in the ssh client and configure Internet Explorer to use a SOCKS Proxy for network traffic.