312-50V8 Online Practice Questions and Answers

The network administrator contacts you and tells you that she noticed the temperature on the internal wireless router increases by more than 20% during weekend hours when the office was closed. She asks you to investigate the issue because she is busy dealing with a big conference and she doesn't have time to perform the task.

What tool can you use to view the network traffic being sent and received by the wireless router?

A. Netcat

B. Wireshark

C. Nessus

D. Netstat

Joe the Hacker breaks into XYZ's Linux system and plants a wiretap program in order to sniff passwords and user accounts off the wire. The wiretap program is embedded as a Trojan horse in one of the network utilities. Joe is worried that network administrator might detect the wiretap program by querying the interfaces to see if they are running in promiscuous mode.

What can Joe do to hide the wiretap program from being detected by ifconfig command?

A. Block output to the console whenever the user runs ifconfig command by running screen capture utiliyu

B. Run the wiretap program in stealth mode from being detected by the ifconfig command.

C. Replace original ifconfig utility with the rootkit version of ifconfig hiding Promiscuous information being displayed on the console.

D. You cannot disable Promiscuous mode detection on Linux systems.

In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration.

If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack?

A. Full Blown

B. Thorough

C. Hybrid

D. BruteDics

A security engineer has been asked to deploy a secure remote access solution that will allow employees to connect to the company's internal network.

Which of the following can be implemented to minimize the opportunity for the man-in-the-middle attack to occur?

A. SSL

B. Mutual authentication

C. IPSec

D. Static IP addresses

Oregon Corp is fighting a litigation suit with Scamster Inc. Oregon has assigned a private investigative agency to go through garbage, recycled paper, and other rubbish at Scamster's office site in order to find relevant information.

What would you call this kind of activity?

A. CI Gathering

B. Scanning

C. Dumpster Diving

D. Garbage Scooping

This TCP flag instructs the sending system to transmit all buffered data immediately.

A. SYN

B. RST

C. PSH

D. URG

E. FIN

If a competitor wants to cause damage to your organization, steal critical secrets, or put you out of business, they just have to find a job opening, prepare someone to pass the interview, have that person hired, and they will be in the organization.

How would you prevent such type of attacks?

A. It is impossible to block these attacks

B. Hire the people through third-party job agencies who will vet them for you

C. Conduct thorough background checks before you engage them

D. Investigate their social networking profiles

SYN Flood is a DOS attack in which an attacker deliberately violates the three-way handshake and opens a large number of half-open TCP connections.

The signature of attack for SYN Flood contains:

A. The source and destination address having the same value

B. A large number of SYN packets appearing on a network without the corresponding reply packets

C. The source and destination port numbers having the same value

D. A large number of SYN packets appearing on a network with the corresponding reply packets

You wish to determine the operating system and type of web server being used. At the same time you wish to arouse no suspicion within the target organization.

While some of the methods listed below work, which holds the least risk of detection?

A. Make some phone calls and attempt to retrieve the information using social engineering.

B. Use nmap in paranoid mode and scan the web server.

C. Telnet to the web server and issue commands to illicit a response.

D. Use the netcraft web site look for the target organization's web site.

Why do you need to capture five to ten million packets in order to crack WEP with AirSnort?

A. All IVs are vulnerable to attack

B. Air Snort uses a cache of packets

C. Air Snort implements the FMS attack and only encrypted packets are counted

D. A majority of weak IVs transmitted by access points and wireless cards are not filtered by contemporary wireless manufacturers