312-50v12 Free Practice Test

- (Exam Topic 2)
What is GINA?

1. A. Gateway Interface Network Application
2. B. GUI Installed Network Application CLASS
3. C. Global Internet National Authority (G-USA)
4. D. Graphical Identification and Authentication DLL

Correct Answer: D

- (Exam Topic 3)
An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether the first character entered is correct; if so, he continued the loop for consecutive characters. If not, he terminated the loop. Furthermore, the attacker checked how much time the device took to finish one complete password authentication process, through which he deduced how many characters entered are correct.
What is the attack technique employed by the attacker to crack the passwords of the industrial control systems?

1. A. Side-channel attack
2. B. Denial-of-service attack
3. C. HMI-based attack
4. D. Buffer overflow attack

Correct Answer: C

- (Exam Topic 2)
Within the context of Computer Security, which of the following statements describes Social Engineering best?

1. A. Social Engineering is the act of publicly disclosing information
2. B. Social Engineering is the means put in place by human resource to perform time accounting
3. C. Social Engineering is the act of getting needed information from a person rather than breaking into a system
4. D. Social Engineering is a training program within sociology studies

Correct Answer: C

- (Exam Topic 2)
Sam is working as a system administrator In an organization. He captured the principal characteristics of a vulnerability and produced a numerical score to reflect Its severity using CVSS v3.0 to property assess and prioritize the organization's vulnerability management processes. The base score that Sam obtained after performing cvss rating was 4.0. What is the CVSS severity level of the vulnerability discovered by Sam in the above scenario?

1. A. Medium
2. B. Low
3. C. Critical
4. D. High

Correct Answer: A
Rating CVSS Score None 0.0
Low 0.1 - 3.9
Medium 4.0 - 6.9
High 7.0 - 8.9
Critical 9.0 - 10.0
https://www.first.org/cvss/v3.0/specification-document
The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities. CVSS consists of three metric groups: Base, Temporal, and Environmental. The Base metrics produce a score ranging from 0 to 10, which can then be modified by scoring the Temporal and Environmental metrics. A CVSS score is also represented as a vector string, a compressed textual representation of the values used to derive the score. Thus, CVSS is well suited as a standard measurement system for industries, organizations, and governments that need accurate and consistent vulnerability severity scores. Two common uses of CVSS are calculating the severity of vulnerabilities discovered on one's systems and as a factor in prioritization of vulnerability remediation activities. The National Vulnerability Database (NVD) provides CVSS scores for almost all known vulnerabilities.
Qualitative Severity Rating Scale
For some purposes, it is useful to have a textual representation of the numeric Base, Temporal and Environmental scores.
Table Description automatically generated

- (Exam Topic 2)
In Trojan terminology, what is a covert channel?

1. A. A channel that transfers information within a computer system or network in a way that violates the security policy
2. B. A legitimate communication path within a computer system or network for transfer of data
3. C. It is a kernel operation that hides boot processes and services to mask detection
4. D. It is Reverse tunneling technique that uses HTTPS protocol instead of HTTP protocol to establish connections

Correct Answer: A