Want to Pass 312-50 Exam In Next HOURS? Get it now →
April 21, 2017

Top Regenerate 312-50 pdf exam Reviews!

Q41. Exhibit: 

You are conducting pen-test against a company’s website using SQL Injection techniques. You enter “anuthing or 1=1-“ in the username filed of an authentication form. This is the output returned from the server. 

What is the next step you should do? 

A. Identify the user context of the web application by running_ 

http://www.example.com/order/include_rsa_asp?pressReleaseID=5 

AND 

USER_NAME() = ‘dbo’ 

B. Identify the database and table name by running: 

http://www.example.com/order/include_rsa.asp?pressReleaseID=5 AND ascii(lower(substring((SELECT TOP 1 name FROM sysobjects WHERE xtype=’U’),1))) > 109 

C. Format the C: drive and delete the database by running: http://www.example.com/order/include_rsa.asp?pressReleaseID=5 AND xp_cmdshell ‘format c: /q /yes ‘; drop database myDB; --

D. Reboot the web server by running: http://www.example.com/order/include_rsa.asp?pressReleaseID=5 AND xp_cmdshell ‘iisreset –reboot’; --

Answer: A


Q42. uffer X is an Accounting application module for company can contain 200 characters. The programmer makes an assumption that 200 characters are more than enough. Because there were no proper boundary checks being conducted. Dave decided to insert 400 characters into the 200-character buffer which overflows the buffer. Below is the code snippet: 

Void func (void) 

{int I; char buffer [200]; 

for (I=0; I<400; I++) 

buffer (I)= ‘A’; 

return; 

How can you protect/fix the problem of your application as shown above? (Choose two) 

A. Because the counter starts with 0, we would stop when the counter is less then 200. 

B. Because the counter starts with 0, we would stop when the counter is more than 200. 

C. Add a separate statement to signify that if we have written 200 characters to the buffer, the stack should stop because it cannot hold any more data. 

D. Add a separate statement to signify that if we have written less than 200 characters to the buffer, the stack should stop because it cannot hold any more data. 

Answer: AC

Explanation: I=199 would be the character number 200. The stack holds exact 200 characters so there is no need to stop before 200. 


Q43. What type of session hijacking attack is shown in the exhibit? 

A. Session Sniffing Attack 

B. Cross-site scripting Attack 

C. SQL Injection Attack 

D. Token sniffing Attack 

Answer: A


Q44. A program that defends against a port scanner will attempt to: 

A. Sends back bogus data to the port scanner 

B. Log a violation and recommend use of security-auditing tools 

C. Limit access by the scanning system to publicly available ports only 

D. Update a firewall rule in real time to prevent the port scan from being completed 

Answer: D


Q45. Daryl is a network administrator working for Dayton Technologies. Since Daryl’s background is in web application development, many of the programs and applications his company uses are web-based. Daryl sets up a simple forms-based logon screen for all the applications he creates so they are secure. 

The problem Daryl is having is that his users are forgetting their passwords quite often and sometimes he does not have the time to get into his applications and change the passwords for them. Daryl wants a tool or program that can monitor web-based passwords and notify him when a password has been changed so he can use that tool whenever a user calls him and he can give them their password right then. 

What tool would work best for Daryl’s needs? 

A. Password sniffer 

B. L0phtcrack 

C. John the Ripper 

D. WinHttrack 

Answer:

Explanation: L0phtCrack is a password auditing and recovery application (now called LC5), originally produced by Mudge from L0pht Heavy Industries. It is used to test password strength and sometimes to recover lost Microsoft Windows passwords. John the Ripper is one of the most popular password testing/breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customisable cracker. It can be run against various encrypted password formats including several crypt password hash types WinHttrack is a offline browser. A password sniffer would give Daryl the passwords when they are changed as it is a web based authentication over a simple form but still it would be more correct to give the users new passwords instead of keeping a copy of the passwords in clear text. 


Q46. Ethereal works best on ____________. 

A. Switched networks 

B. Linux platforms 

C. Networks using hubs 

D. Windows platforms 

E. LAN's 

Answer: C

Explanation: Ethereal is used for sniffing traffic. It will return the best results when used on an unswitched (i.e. hub. network. 


Q47. While scanning a network you observe that all of the web servers in the DMZ are responding to ACK packets on port 80. 

What can you infer from this observation? 

A. They are using Windows based web servers. 

B. They are using UNIX based web servers. 

C. They are not using an intrusion detection system. 

D. They are not using a stateful inspection firewall. 

Answer: D

Explanation: If they used a stateful inspection firewall this firewall would know if there has been a SYN-ACK before the ACK. 


Q48. Exhibit: 

Study the following log extract and identify the attack. 

A. Hexcode Attack 

B. Cross Site Scripting 

C. Multiple Domain Traversal Attack 

D. Unicode Directory Traversal Attack 

Answer: D

Explanation: The “Get /msadc/……/……/……/winnt/system32/cmd.exe?” shows that a Unicode Directory Traversal Attack has been performed. 


Q49. 000 00 00 BA 5E BA 11 00 A0 C9 B0 5E BD 08 00 45 00 ...^......^...E. 010 05 DC 1D E4 40 00 7F 06 C2 6D 0A 00 00 02 0A 00 ....@....m...... 020 01 C9 00 50 07 75 05 D0 00 C0 04 AE 7D F5 50 10 ...P.u......}.P. 030 70 79 8F 27 00 00 48 54 54 50 2F 31 2E 31 20 32 py.'..HTTP/1.1.2 040 30 30 20 4F 4B 0D 0A 56 69 61 3A 20 31 2E 30 20 00.OK..Via:.1.0. 050 53 54 52 49 44 45 52 0D 0A 50 72 6F 78 79 2D 43 STRIDER..Proxy-C 060 6F 6E 6E 65 63 74 69 6F 6E 3A 20 4B 65 65 70 2D onnection:.Keep-070 41 6C 69 76 65 0D 0A 43 6F 6E 74 65 6E 74 2D 4C Alive..Content-L 080 65 6E 67 74 68 3A 20 32 39 36 37 34 0D 0A 43 6F ength:.29674..Co 090 6E 74 65 6E 74 2D 54 79 70 65 3A 20 74 65 78 74 ntent-Type:.text 0A0 2F 68 74 6D 6C 0D 0A 53 65 72 76 65 72 3A 20 4D /html..Server:. 0B0 69 63 72 6F 73 6F 66 74 2D 49 49 53 2F 34 2E 30 ..Microsoft 0C0 0D 0A 44 61 74 65 3A 20 53 75 6E 2C 20 32 35 20 ..Date:.Sun,.25. 0D0 4A 75 6C 20 31 39 39 39 20 32 31 3A 34 35 3A 35 Jul.1999.21:45:5 0E0 31 20 47 4D 54 0D 0A 41 63 63 65 70 74 2D 52 61 1.GMT..Accept-Ra 0F0 6E 67 65 73 3A 20 62 79 74 65 73 0D 0A 4C 61 73 nges:.bytes..Las 100 74 2D 4D 6F 64 69 66 69 65 64 3A 20 4D 6F 6E 2C t-Modified:.Mon, 

110 20 31 39 20 4A 75 6C 20 31 39 39 39 20 30 37 3A .19.Jul.1999.07: 120 33 39 3A 32 36 20 47 4D 54 0D 0A 45 54 61 67 3A 39:26.GMT..ETag: 130 20 22 30 38 62 37 38 64 33 62 39 64 31 62 65 31 ."08b78d3b9d1be1 140 3A 61 34 61 22 0D 0A 0D 0A 3C 74 69 74 6C 65 3E :a4a"....<title> 150 53 6E 69 66 66 69 6E 67 20 28 6E 65 74 77 6F 72 Sniffing.(networ 160 6B 20 77 69 72 65 74 61 70 2C 20 73 6E 69 66 66 k.wiretap,.sniff 170 65 72 29 20 46 41 51 3C 2F 74 69 74 6C 65 3E 0D er).FAQ</title>. 180 0A 0D 0A 3C 68 31 3E 53 6E 69 66 66 69 6E 67 20 ...<h1>Sniffing. 190 28 6E 65 74 77 6F 72 6B 20 77 69 72 65 74 61 70 (network.wiretap 1A0 2C 20 73 6E 69 66 66 65 72 29 20 46 41 51 3C 2F ,.sniffer).FAQ</ 1B0 68 31 3E 0D 0A 0D 0A 54 68 69 73 20 64 6F 63 75 h1>....This.docu 1C0 6D 65 6E 74 20 61 6E 73 77 65 72 73 20 71 75 65 ment.answers.que 1D0 73 74 69 6F 6E 73 20 61 62 6F 75 74 20 74 61 70 stions.about.tap 1E0 70 69 6E 67 20 69 6E 74 6F 20 0D 0A 63 6F 6D 70 ping.into...comp 1F0 75 74 65 72 20 6E 65 74 77 6F 72 6B 73 20 61 6E uter.networks.an 

This packet was taken from a packet sniffer that monitors a Web server. 

This packet was originally 1514 bytes long, but only the first 512 bytes are shown here. This is the standard hexdump representation of a network packet, before being decoded. A hexdump has three columns: the offset of each line, the hexadecimal data, and the ASCII equivalent. This packet contains a 14-byte Ethernet header, a 20-byte IP header, a 20-byte TCP header, an HTTP header ending in two line-feeds (0D 0A 0D 0A) and then the data. By examining the packet identify the name and version of the Web server? 

A. Apache 1.2 

B. IIS 4.0 

C. IIS 5.0 

D. Linux WServer 2.3 

Answer: B

Explanation: We see that the server is Microsoft, but the exam designer didn’t want to make it easy for you. So what they did is blank out the IIS 4.0. The key is in line “0B0” as you see: 0B0 69 63 72 6F 73 6F 66 74 2D 49 49 53 2F 34 2E 30 ..Microsoft 

49 is I, so we get II 53 is S, so we get IIS 2F is a space 34 is 4 2E is . 30 is 0 So we get IIS 4.0 

The answer is B 

If you don’t remember the ASCII hex to Character, there are enough characters and numbers already converted. For example, line “050” has STRIDER which is 53 54 52 49 44 45 52 and gives you the conversion for the “I:” and “S” characters (which is “49” and “53”). 


Q50. Samantha has been actively scanning the client network for which she is doing a vulnerability assessment test. While doing a port scan she notices ports open in the 135 to 139 range. What protocol is most likely to be listening on those ports? 

A. SMB 

B. FTP 

C. SAMBA 

D. FINGER 

Answer: A

Explanation: Port 135 is for RPC and 136-139 is for NetBIOS traffic. SMB is an upper layer service that runs on top of the Session Service and the Datagram service of NetBIOS. 



see more http://www.ubraindumps.com/312-50-dumps/