312-50v11 Free Practice Test

A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers.

1. A. Use port security on his switches.
2. B. Use a tool like ARPwatch to monitor for strange ARP activity.
3. C. Use a firewall between all LAN segments.
4. D. If you have a small network, use static ARP entries.
5. E. Use only static IP addresses on all PC's.

Correct Answer: ABD

Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing services, which OS did it not directly affect?

1. A. Linux
2. B. Unix
3. C. OS X
4. D. Windows

Correct Answer: D

What is the BEST alternative if you discover that a rootkit has been installed on one of your computers?

1. A. Copy the system files from a known good system
2. B. Perform a trap and trace
3. C. Delete the files and try to determine the source
4. D. Reload from a previous backup
5. E. Reload from known good media

Correct Answer: E

In the field of cryptanalysis, what is meant by a “rubber-hose” attack?

1. A. Forcing the targeted keystream through a hardware-accelerated device such as an ASIC.
2. B. A backdoor placed into a cryptographic algorithm by its creator.
3. C. Extraction of cryptographic secrets through coercion or torture.
4. D. Attempting to decrypt ciphertext by making logical assumptions about the contents of the original plaintext.

Correct Answer: C

John, a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker Installed a scanner on a machine belonging to one of the vktims and scanned several machines on the same network to Identify vulnerabilities to perform further exploitation. What is the type of vulnerability assessment tool employed by John in the above scenario?

1. A. Proxy scanner
2. B. Agent-based scanner
3. C. Network-based scanner
4. D. Cluster scanner

Correct Answer: B
Knowing when to include agents into your vulnerability management processes isn’t an easy decision. Below are common use cases for agent-based vulnerability scanning to assist you build out your combined scanning strategy.
Intermittent or Irregular Connectivity: Vulnerability management teams are now tasked with scanning devices that access the company network remotely using public or home-based Wi-Fi connections. These connections are often unreliable and intermittent leading to missed network-based scans. Fortunately, the scanning frequency of agents doesn’t require a network connection. The agent detects when the device is back online, sending scan data when it’s ready to communicate with the VM platform.
Connecting Non-Corporate Devices to Corporate Networks:With the increased use of private devices, company networks are more exposed to malware and infections thanks to limited IT and security teams’ control and visibility. Agent-based scanning gives security teams insight into weaknesses on
non-corporate endpoints, keeping them informed about professional hacker is potential attack vectors in
order that they can take appropriate action.
Endpoints Residing Outside of Company Networks: Whether company-issued or BYOD, remote assets frequently hook up with the web outside of traditional network bounds. An agent that resides on remote endpoints conducts regular, authenticated scans checking out system changes and unpatched software. The results are then sent back to the VM platform and combined with other scan results for review, prioritization, and mitigation planning.
Agent-Based Scanner: Agent-based scanners reside on a single machine but can scan several machines on the same network.