312-50v10 | 10 Tips For Leading 312-50v10 examcollection

Q3. Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations.

Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA.

In this context, what can you say?

A. Bob can be right since DMZ does not make sense when combined with stateless firewalls

B. Bob is partially right. He does not need to separate networks if he can create rules by destination IPs, one by one

C. Bob is totally wrong. DMZ is always relevant when the company has internet servers and workstations

D. Bob is partially right. DMZ does not make sense when a stateless firewall is available

Answer: C

Q4. Some clients of TPNQM SA were redirected to a malicious site when they tried to access the TPNQM main site. Bob, a system administrator at TPNQM SA, found that they were victims of DNS Cache Poisoning.

What should Bob recommend to deal with such a threat?

A. The use of security agents in clientsu2021 computers

B. The use of DNSSEC

C. The use of double-factor authentication

D. Client awareness

Answer: B

Q5. A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.

What kind of Web application vulnerability likely exists in their software?

A. Cross-site scripting vulnerability

B. Web site defacement vulnerability

C. SQL injection vulnerability

D. Cross-site Request Forgery vulnerability

Answer: A

Q6. You have successfully gained access to a Linux server and would like to ensure that the succeeding outgoing traffic from this server will not be caught by Network-Based Intrusion Detection Systems (NIDS).

What is the best way to evade the NIDS?

A. Out of band signaling

B. Protocol Isolation

C. Encryption

D. Alternate Data Streams

Answer: C

Q7. Which of the following scanning method splits the TCP header into several packets and makes it difficult for packet filters to detect the purpose of the packet?

A. ICMP Echo scanning

B. SYN/FIN scanning using IP fragments

C. ACK flag probe scanning

D. IPID scanning

Answer: B

Q8. In which of the following cryptography attack methods, the attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions?

A. Chosen-plaintext attack

B. Ciphertext-only attack

C. Adaptive chosen-plaintext attack

D. Known-plaintext attack

Answer: A

Q9. Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of rules.

Which of the following types of firewalls can protect against SQL injection attacks?

A. Data-driven firewall

B. Stateful firewall

C. Packet firewall

D. Web application firewall

Answer: D

Q10. Which of the following cryptography attack is an understatement for the extraction of cryptographic secrets

the password to an encrypted file) from a person by a coercion or torture?

A. Chosen-Cipher text Attack

B. Ciphertext-only Attack

C. Timing Attack

D. Rubber Hose Attack

Answer: D

Q11. Which tool allows analysts and pen testers to examine links between data using graphs and link analysis?

A. Metasploit

B. Cain & Abel

C. Maltego

D. Wireshark

Answer: C

Q12. Which of the following is a serious vulnerability in the popular OpenSSL cryptographic software library? This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.

A. SSL/TLS Renegotiation Vulnerability

B. Shellshock

C. Heartbleed Bug

D. POODLE

Answer: C