312-50v12 Free Practice Test

- (Exam Topic 3)
Clark, a professional hacker, attempted to perform a Btlejacking attack using an automated tool, Btlejack, and hardware tool, micro:bit. This attack allowed Clark to hijack, read, and export sensitive information shared between connected devices. To perform this attack, Clark executed various btlejack commands. Which of the following commands was used by Clark to hijack the connections?

1. A. btlejack-f 0x129f3244-j
2. B. btlejack -c any
3. C. btlejack -d /dev/ttyACM0 -d /dev/ttyACM2 -s
4. D. btlejack -f 0x9c68fd30 -t -m 0x1 fffffffff

Correct Answer: D

- (Exam Topic 3)
A security analyst uses Zenmap to perform an ICMP timestamp ping scan to acquire information related to the current time from the target host machine.
Which of the following Zenmap options must the analyst use to perform the ICMP timestamp ping scan?

1. A. -PY
2. B. -PU
3. C. -PP
4. D. -Pn

Correct Answer: C

- (Exam Topic 2)
An attacker redirects the victim to malicious websites by sending them a malicious link by email. The link appears authentic but redirects the victim to a malicious web page, which allows the attacker to steal the victim's data. What type of attack is this?

1. A. Phishing
2. B. Vlishing
3. C. Spoofing
4. D. DDoS

Correct Answer: A
https://en.wikipedia.org/wiki/Phishing
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack, or the revealing of sensitive information.
An attack can have devastating results. For individuals, this includes unauthorized purchases, the stealing of funds, or identify theft.
Moreover, phishing is often used to gain a foothold in corporate or governmental networks as a part of a larger attack, such as an advanced persistent threat (APT) event. In this latter scenario, employees are compromised in order to bypass security perimeters, distribute malware inside a closed environment, or gain privileged access to secured data.
An organization succumbing to such an attack typically sustains severe financial losses in addition to declining market share, reputation, and consumer trust. Depending on the scope, a phishing attempt might escalate into a security incident from which a business will have a difficult time recovering.

- (Exam Topic 3)
Firewalk has just completed the second phase (the scanning phase) and a technician receives the output shown below. What conclusions can be drawn based on these scan results?
TCP port 21 no response TCP port 22 no response
TCP port 23 Time-to-live exceeded

1. A. The lack of response from ports 21 and 22 indicate that those services are not running on the destination server
2. B. The scan on port 23 was able to make a connection to the destination host prompting the firewall to respond with a TTL error
3. C. The scan on port 23 passed through the filtering devic
4. D. This indicates that port 23 was not blocked at the firewall
5. E. The firewall itself is blocking ports 21 through 23 and a service is listening on port 23 of the target host

Correct Answer: C

- (Exam Topic 3)
Which of the following provides a security professional with most information about the system’s security posture?

1. A. Phishing, spamming, sending trojans
2. B. Social engineering, company site browsing tailgating
3. C. Wardriving, warchalking, social engineering
4. D. Port scanning, banner grabbing service identification

Correct Answer: D