View 312-50v11 Exam Questions

Q: 11

Bob, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations. Bob also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA. In this context, what can you say?

Options

Q: 12

What is correct about digital signatures?

Options

Q: 13

Tess King is using the nslookup command to craft queries to list all DNS information (such as Name Servers, host names, MX records, CNAME records, glue records (delegation for child Domains), zone serial number, TimeToLive (TTL) records, etc) for a Domain. What do you think Tess King is trying to accomplish? Select the best answer

Options

Q: 14

Bob is acknowledged as a hacker of repute and is popular among visitors of "underground" sites. Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well. In this context, what would be the most effective method to bridge the knowledge gap between the "black" hats or crackers and the "white" hats or computer security professionals? (Choose the best answer)

Options

Q: 15

MX record priority increases as the number increases. (True/False.)

Options

Q: 16

Password cracking programs reverse the hashing process to recover passwords. (True/False.)

Options

Q: 17

Annie, a cloud security engineer, uses the Docker architecture to employ a client/server model in the application she is working on. She utilizes a component that can process API requests and handle various Docker objects, such as containers, volumes. Images, and networks. What is the component of the Docker architecture used by Annie in the above scenario?

Options

Q: 18

Study the snort rule given below and interpret the rule. alert tcp any any --> 192.168.1.0/24 111 (content:"|00 01 86 a5|"; msG. "mountd access";)

Options

Q: 19

A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?

Options

Q: 20

Nicolas just found a vulnerability on a public-facing system that is considered a zero-day vulnerability. He sent an email to the owner of the public system describing the problem and how the owner can protect themselves from that vulnerability. He also sent an email to Microsoft informing them of the problem that their systems are exposed to. What type of hacker is Nicolas?

Options

Correct Answer:

Explanation

A white hat (or a white hat hacker) is an ethical computer hacker, or a computer security expert, who

focuses on penetration testing and in other testing methodologies that ensures the safety of an

organization’s information systems. Ethical hacking may be a term meant to imply a broader

category than simply penetration testing. Contrasted with black hat, a malicious hacker, the name

comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white

and a black hat respectively. While a white hat hacker hacks under good intentions with permission,

and a black hat hacker, most frequently unauthorized, has malicious intent, there’s a 3rd kind

referred to as a gray hat hacker who hacks with good intentions but sometimes without permission.

White hat hackers can also add teams called “sneakers and/or hacker clubs”,red teams, or tiger

teams.

While penetration testing concentrates on attacking software and computer systems from the

beginning – scanning ports, examining known defects in protocols and applications running on the

system and patch installations, as an example – ethical hacking may include other things. A full-

blown ethical hack might include emailing staff to invite password details, searching through

executive’s dustbins and typically breaking and entering, without the knowledge and consent of the

targets. Only the owners, CEOs and Board Members (stake holders) who asked for such a censoring

of this magnitude are aware. to undertake to duplicate a number of the destructive techniques a true

attack might employ, ethical hackers may arrange for cloned test systems, or organize a hack late in

the dark while systems are less critical. In most up-to-date cases these hacks perpetuate for the long-

term con (days, if not weeks, of long-term human infiltration into an organization). Some examples

include leaving USB/flash key drives with hidden auto-start software during a public area as if

someone

lost

the

tiny

drive

and

unsuspecting

employee

found

and

took

it.

Some

other

methods

completing

these

include:

•

DoS

attacks

•

Social

engineering

tactics

•

Reverse

engineering

•

Network

security

•

Disk

and

memory

forensics

•

Vulnerability

research

•

Security

scanners

such

as:

– W3af

– Nessus

– Burp

suite

• Frameworks

such

as:

– Metasploit

•

Training

Platforms

These methods identify and exploit known security vulnerabilities and plan to evade security to

realize entry into secured areas. they’re ready to do that by hiding software and system ‘back-doors’

which will be used as a link to information or access that a non-ethical hacker, also referred to as

‘black-hat’ or ‘grey-hat’, might want to succeed in .

Question 11 of 20 · Page 2 / 2

Premium Access Includes

✓ Quiz Simulator
✓ Exam Mode
✓ Progress Tracking
✓ Question Saving
✓ Flash Cards
✓ Drag & Drops
✓ 3 Months Access
✓ PDF Downloads

Get Premium Access

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE