312-50v12 Free Practice Test

- (Exam Topic 1)
Which Intrusion Detection System is the best applicable for large environments where critical assets on the network need extra scrutiny and is ideal for observing sensitive network segments?

1. A. Honeypots
2. B. Firewalls
3. C. Network-based intrusion detection system (NIDS)
4. D. Host-based intrusion detection system (HIDS)

Correct Answer: C

- (Exam Topic 2)
Robin, a professional hacker, targeted an organization's network to sniff all the traffic. During this process. Robin plugged in a rogue switch to an unused port in the LAN with a priority lower than any other switch in
the network so that he could make it a root bridge that will later allow him to sniff all the traffic in the network.
What is the attack performed by Robin in the above scenario?

1. A. ARP spoofing attack
2. B. VLAN hopping attack
3. C. DNS poisoning attack
4. D. STP attack

Correct Answer: D
STP prevents bridging loops in a redundant switched network environment. By avoiding loops, you can ensure that broadcast traffic does not become a traffic storm.
STP is a hierarchical tree-like topology with a “root” switch at the top. A switch is elected as root based on the lowest configured priority of any switch (0 through 65,535). When a switch boots up, it begins a process of identifying other switches and determining the root bridge. After a root bridge is elected, the topology is established from its perspective of the connectivity. The switches determine the path to the root bridge, and all redundant paths are blocked. STP sends configuration and topology change notifications and acknowledgments (TCN/TCA) using bridge protocol data units (BPDU).
An STP attack involves an attacker spoofing the root bridge in the topology. The attacker broadcasts out an STP configuration/topology change BPDU in an attempt to force an STP recalculation. The BPDU sent out announces that the attacker’s system has a lower bridge priority. The attacker can then see a variety of frames forwarded from other switches to it. STP recalculation may also cause a denial-of-service (DoS) condition on the network by causing an interruption of 30 to 45 seconds each time the root bridge changes. An attacker using STP network topology changes to force its host to be elected as the root bridge.

switch

- (Exam Topic 1)
One of your team members has asked you to analyze the following SOA record. What is the version? Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.) (Choose four.)

1. A. 200303028
2. B. 3600
3. C. 604800
4. D. 2400
5. E. 60
6. F. 4800

Correct Answer: A

- (Exam Topic 1)
Bob received this text message on his mobile phone: “Hello, this is Scott Smelby from the Yahoo Bank. Kindly contact me for a vital transaction on: scottsmelby@yahoo.com”. Which statement below is true?

1. A. This is a scam as everybody can get a @yahoo address, not the Yahoo customer service employees.
2. B. This is a scam because Bob does not know Scott.
3. C. Bob should write to scottmelby@yahoo.com to verify the identity of Scott.
4. D. This is probably a legitimate message as it comes from a respectable organization.

Correct Answer: A

- (Exam Topic 3)
You are a penetration tester and are about to perform a scan on a specific server. The agreement that you signed with the client contains the following specific condition for the scan: “The attacker must scan every port on the server several times using a set of spoofed sources IP addresses. ” Suppose that you are using Nmap to perform this scan. What flag will you use to satisfy this requirement?

1. A. The -A flag
2. B. The -g flag
3. C. The -f flag
4. D. The -D flag

Correct Answer: D
flags –source-port and -g are equivalent and instruct nmap to send packets through a selected port. this option is used to try to cheat firewalls whitelisting traffic from specific ports. the following example can scan the target from the port twenty to ports eighty, 22, 21,23 and 25 sending fragmented packets to LinuxHint.