312-50v11 Free Practice Test

Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?

1. A. To determine who is the holder of the root account
2. B. To perform a DoS
3. C. To create needless SPAM
4. D. To illicit a response back that will reveal information about email servers and how they treat undeliverable mail
5. E. To test for virus protection

Correct Answer: D

Which of the following is the primary objective of a rootkit?

1. A. It opens a port to provide an unauthorized service
2. B. It creates a buffer overflow
3. C. It replaces legitimate programs
4. D. It provides an undocumented opening in a program

Correct Answer: C

Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing services, which OS did it not directly affect?

1. A. Linux
2. B. Unix
3. C. OS X
4. D. Windows

Correct Answer: D

When a normal TCP connection starts, a destination host receives a SYN (synchronize/start) packet from a source host and sends back a SYN/ACK (synchronize acknowledge). The destination host must then hear an ACK (acknowledge) of the SYN/ACK before the connection is established. This is referred to as the "TCP three-way handshake." While waiting for the ACK to the SYN ACK, a connection queue of finite size on the destination host keeps track of connections waiting to be completed. This queue typically empties quickly since the ACK is expected to arrive a few milliseconds after the SYN ACK.
How would an attacker exploit this design by launching TCP SYN attack?

1. A. Attacker generates TCP SYN packets with random destination addresses towards a victim host
2. B. Attacker floods TCP SYN packets with random source addresses towards a victim host
3. C. Attacker generates TCP ACK packets with random source addresses towards a victim host
4. D. Attacker generates TCP RST packets with random source addresses towards a victim host

Correct Answer: B

What is the main security service a cryptographic hash provides?

1. A. Integrity and ease of computation
2. B. Message authentication and collision resistance
3. C. Integrity and collision resistance
4. D. Integrity and computational in-feasibility

Correct Answer: D