March/2021 Latest Braindump2go 312-50v11 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 312-50v11 Real Exam Questions!
Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL
https://xyz.com/feed.php?url:externaIsile.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed In the above scenario?
A. website defacement
B. Server-side request forgery (SSRF) attack
C. Web server misconfiguration
D. web cache poisoning attack
infecting a system with malware and using phishing to gain credentials to a system or web application are examples of which phase of the ethical hacking methodology?
B. Maintaining access
D. Gaming access
This phase having the hacker uses different techniques and tools to realize maximum data from the system. they’re Password cracking ?Methods like Bruteforce, dictionary attack, rule-based attack, rainbow table are used. Bruteforce is trying all combinations of the password. Dictionary attack is trying an inventory of meaningful words until the password matches. Rainbow table takes the hash value of the password and compares with pre-computed hash values until a match is discovered.?Password attacks ?Passive attacks like wire sniffing, replay attack. Active online attack like Trojans, keyloggers, hash injection, phishing. Offline attacks like pre-computed hash, distributed network and rainbow. Non electronic attack like shoulder surfing, social engineering and dumpster diving.
John wants to send Marie an email that includes sensitive information, and he does not trust the network that he is connected to. Marie gives him the idea of using PGP. What should John do to communicate correctly using this type of encryption?
A. Use his own public key to encrypt the message.
B. Use Mane’s public key to encrypt the message.
C. Use his own private key to encrypt the message.
D. Use Marie’s private key to encrypt the message.
A newly joined employee. Janet, has been allocated an existing system used by a previous employee. Before issuing the system to Janet, it was assessed by Martin, the administrator. Martin found that there were possibilities of compromise through user directories, registries, and other system parameters. He also Identified vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors. What is the type of vulnerability assessment performed by Martin?
A. Credentialed assessment
B. Database assessment
C. Host-based assessment
D. Distributed assessment
The host-based vulnerability assessment (VA) resolution arose from the auditors’ got to periodically review systems. Arising before the net becoming common, these tools typically take an “administrator’s eye” read of the setting by evaluating all of the knowledge that an administrator has at his or her disposal. UsesHost VA tools verify system configuration, user directories, file systems, registry settings, and all forms of other info on a number to gain information about it. Then, it evaluates the chance of compromise. it should also live compliance to a predefined company policy so as to satisfy an annual audit. With administrator access, the scans area unit less possible to disrupt traditional operations since the computer code has the access it has to see into the complete configuration of the system.
What it Measures Host
VA tools will examine the native configuration tables and registries to spot not solely apparent vulnerabilities, however additionally “dormant” vulnerabilities ?those weak or misconfigured systems and settings which will be exploited when an initial entry into the setting. Host VA solutions will assess the safety settings of a user account table; the access management lists related to sensitive files or data; and specific levels of trust applied to other systems. The host VA resolution will a lot of accurately verify the extent of the danger by determinant however way any specific exploit could also be ready to get.
Allen, a professional pen tester, was hired by xpertTech solutWns to perform an attack simulation on the organization’s network resources. To perform the attack, he took advantage of the NetBIOS API and targeted the NetBIOS service. B/enumerating NetBIOS, he found that port 139 was open and could see the resources that could be accessed or viewed on a remote system. He came across many NetBIOS codes during enumeration.
Identify the NetBIOS code used for obtaining the messenger service running for the logged-in user?
What piece of hardware on a computer’s motherboard generates encryption keys and only releases a part of the key so that decrypting a disk on a new piece of hardware is not possible?
Bill is a network administrator. He wants to eliminate unencrypted traffic inside his company’s network. He decides to setup a SPAN port and capture all traffic to the datacenter. He immediately discovers unencrypted traffic in port UDP 161. what protocol is this port using and how can he secure that traffic?
A. it is not necessary to perform any actions, as SNMP is not carrying important information.
B. SNMP and he should change it to SNMP V3
C. RPC and the best practice is to disable RPC completely
D. SNMP and he should change it to SNMP v2, which is encrypted
In order to tailor your tests during a web-application scan, you decide to determine which web-server version is hosting the application. On using the sV flag with Nmap. you obtain the following response:
80/tcp open http-proxy Apache Server 7.1.6
What Information-gathering technique does this best describe?
A. WhOiS lookup
B. Banner grabbing
C. Dictionary attack
D. Brute forcing
Robin, a professional hacker, targeted an organization’s network to sniff all the traffic.
During this process.
Robin plugged in a rogue switch to an unused port in the LAN with a priority lower than any other switch inthe network so that he could make it a root bridge that will later allow him to sniff all the traffic in thenetwork.
What is the attack performed by Robin in the above scenario?
A. ARP spoofing attack
B. VLAN hopping attack
C. DNS poisoning attack
D. STP attack
Widespread fraud ac Enron. WorldCom, and Tyco led to the creation of a law that was designed to improve the accuracy and accountability of corporate disclosures. It covers accounting firms and third parties that provide financial services to some organizations and came into effect in 2002. This law is known by what acronym?
A. Fed RAMP
The Sarbanes-Oxley Act of 2002 could be a law the U.S. Congress passed on July thirty of that year to assist defend investors from fallacious money coverage by companies.Also called the SOX Act of 2002 and also the company Responsibility Act of 2002, it mandated strict reforms to existing securities rules and obligatory powerful new penalties on law breakers.
The Sarbanes-Oxley law Act of 2002 came in response to money scandals within the early 2000s involving in public listed corporations like Enron Corporation, Tyco International plc, and WorldCom. The high-profile frauds cask capitalist confidence within the trustiness of company money statements Associate in Nursingd light-emitting diode several to demand an overhaul of decades-old restrictive standards.
Annie, a cloud security engineer, uses the Docker architecture to employ a client/server model in the application she is working on. She utilizes a component that can process API requests and handle various Docker objects, such as containers, volumes. Images, and networks. What is the component of the Docker architecture used by Annie in the above scenario?
A. Docker client
B. Docker objects
C. Docker daemon
D. Docker registries
Which ios jailbreaking technique patches the kernel during the device boot so that it becomes jailbroken after each successive reboot?
A. Tethered jailbreaking
B. Semi-tethered jailbreaking
C. Untethered jailbreaking
D. Semi-Untethered jailbreaking
A semi-tethered jailbreak is one that allows a handset to finish a boot cycle when being pwned, however jailbreak extensions won’t load till a laptop-based jailbreak application is deployed over a physical cable association between the device and also the computer in question.
Semi-tethered jailbreaks aren’t as difficult as tethered jailbreaks as a result of you’ll be able to power cycle your device and expect to use it commonly thenceforth, like creating phone calls and causing text messages. On the opposite hand, jailbreak tweaks won’t initialize on the freshly-booted device and jailbreak-based apps like Cydia and Filza can merely crash on launch them till the device is shod back to a jailbroken state. Just as the name implies, a semi-`tethered’ jailbreak necessitates a physical cable association between the device and also the laptop once running the jailbreak tool to patch the kernel and reinitialize the jailbroken state, however the nice issue here is that you simply will still access important core smartphone practicality in an exceedingly pinch after you don’t have a laptop near .
The spic-and-span checkra1n jailbreak tool for macOS (and before long Windows) could be a prime example of a semi-tethered jailbreak, and may pwn A7-A11-equipped devices as previous because the iPhone 5s and as new because the iPhone X.
What is the file that determines the basic configuration (specifically activities, services, broadcast receivers, etc.) in an Android application?
A DDOS attack is performed at layer 7 to take down web infrastructure. Partial HTTP requests are sent to the web infrastructure or applications. Upon receiving a partial request, the target servers opens multiple connections and keeps waiting for the requests to complete.
Which attack is being described here?
A. Slowloris attack
B. Session splicing
Ralph, a professional hacker, targeted Jane, who had recently bought new systems for her company. After a few days, Ralph contacted Jane while masquerading as a legitimate customer support executive, informing that her systems need to be serviced for proper functioning and that customer support will send a computer technician. Jane promptly replied positively. Ralph entered Jane’s company using this opportunity and gathered sensitive information by scanning terminals for passwords, searching for important documents in desks, and rummaging bins. What is the type of attack technique Ralph used on jane?
A. Dumpster diving
C. Shoulder surfing
Internet Protocol Security IPsec is actually a suite pf protocols. Each protocol within the suite provides different functionality. Collective IPsec does everything except.
A. Protect the payload and the headers
C. Work at the Data Link Layer
Consider the following Nmap output:
What command-line parameter could you use to determine the type and version number of the web server?
John, a professional hacker, decided to use DNS to perform data exfiltration on a target network, in this process, he embedded malicious data into the DNS protocol packets that even DNSSEC cannot detect. Using this technique. John successfully injected malware to bypass a firewall and maintained communication with the victim machine and C&C server. What is the technique employed by John to bypass the firewall?
A. DNS cache snooping
B. DNSSEC zone walking
C. DNS tunneling method
D. DNS enumeration
which type of virus can change its own code and then cipher itself multiple times as it replicates?
A. Stealth virus
B. Tunneling virus
C. Cavity virus
D. Encryption virus
A stealth virus may be a sort of virus malware that contains sophisticated means of avoiding detection by antivirus software. After it manages to urge into the now- infected machine a stealth viruses hides itself by continually renaming and moving itself round the disc.Like other viruses, a stealth virus can take hold of the many parts of one’s PC. When taking control of the PC and performing tasks, antivirus programs can detect it, but a stealth virus sees that coming and can rename then copy itself to a special drive or area on the disc, before the antivirus software. Once moved and renamed a stealth virus will usually replace the detected `infected’ file with a clean file that doesn’t trigger anti-virus detection. It’s a never-ending game of cat and mouse.The intelligent architecture of this sort of virus about guarantees it’s impossible to completely rid oneself of it once infected. One would need to completely wipe the pc and rebuild it from scratch to completely eradicate the presence of a stealth virus. Using regularly-updated antivirus software can reduce risk, but, as we all know, antivirus software is additionally caught in an endless cycle of finding new threats and protecting against them.
What is the common name for a vulnerability disclosure program opened by companies In platforms such as HackerOne?
A. Vulnerability hunting program
B. Bug bounty program
C. White-hat hacking program
D. Ethical hacking program
An attacker redirects the victim to malicious websites by sending them a malicious link by email. The link appears authentic but redirects the victim to a malicious web page, which allows the attacker to steal the victim’s data. What type of attack is this?
1.2021 Latest Braindump2go 312-50v11 Exam Dumps (PDF & VCE) Free Share:
2.2021 Latest Braindump2go 312-50v11 PDF and 312-50v11 VCE Dumps Free Share:
3.2021 Free Braindump2go 312-50v11 Exam Questions Download:
Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!