312-50V11 Online Practice Questions and Answers

Mr. Omkar performed tool-based vulnerability assessment and found two vulnerabilities. During analysis, he found that these issues are not true vulnerabilities.

What will you call these issues?

A. False positives

B. True negatives

C. True positives

D. False negatives

Which of the following tactics uses malicious code to redirect users' web traffic?

A. Spimming

B. Pharming

C. Phishing

D. Spear-phishing

Suppose that you test an application for the SQL injection vulnerability. You know that the backend database

is based on Microsoft SQL Server. In the login/password form, you enter the following credentials:

Username: attack' or 1=1

Password: 123456

Based on the above credentials, which of the following SQL commands are you expecting to be executed by the server, if there is indeed an SQL injection vulnerability?

A. select * from Users where UserName = `attack' ' or 1=1 -- and UserPassword = `123456'

B. select * from Users where UserName = `attack' or 1=1 -- and UserPassword = `123456'

C. select * from Users where UserName = `attack or 1=1 -- and UserPassword = `123456'

D. select * from Users where UserName = `attack' or 1=1 --' and UserPassword = `123456'

When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?

A. Data items and vulnerability scanning

B. Interviewing employees and network engineers

C. Reviewing the firewalls configuration

D. Source code review

A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for help because he suspects that he may have installed a trojan on his computer.

what tests would you perform to determine whether his computer Is Infected?

A. Use ExifTool and check for malicious content.

B. You do not check; rather, you immediately restore a previous snapshot of the operating system.

C. Upload the file to VirusTotal.

D. Use netstat and check for outgoing connections to strange IP addresses or domains.

Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary In the above scenario.

A. use of command-line interface

B. Data staging

C. Unspecified proxy activities

D. Use of DNS tunneling

PGP, SSL, and IKE are all examples of which type of cryptography?

A. Digest

B. Secret Key

C. Public Key

D. Hash Algorithm

Ethical hacker jane Smith is attempting to perform an SQL injection attach. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs. which two SQL Injection types would give her the results she is looking for?

A. Out of band and boolean-based

B. Time-based and union-based

C. union-based and error-based

D. Time-based and boolean-based

You are a penetration tester and are about to perform a scan on a specific server. The agreement that you signed with the client contains the following specific condition for the scan: "The attacker must scan every port on the server several times using a set of spoofed sources IP addresses. " Suppose that you are using Nmap to perform this scan. What flag will you use to satisfy this requirement?

A. The -A flag

B. The -g flag

C. The -f flag

D. The -D flag

Which of the following programming languages is most susceptible to buffer overflow attacks, due to its lack of a built-in bounds checking mechanism?

Code:

#include int main(){char buffer[8];

strcpy(buffer, ""11111111111111111111111111111"");} Output: Segmentation fault

A. C#

B. Python

C. Java

D. C++