312-50v12 Exam Questions

Total 569 Questions

Last Updated Exam : 16-Dec-2024

Topic 1: Exam Pool A

You just set up a security system in your network. In what kind of system would you find
the following string of characters used as a rule within its configuration? alert tcp any any ->
192.168.100.0/24 21 (msg: ““FTP on the network!””;)


A.

A firewall IPTable


B.

FTP Server rule


C.

A Router IPTable


D.

An Intrusion Detection System





D.
  

An Intrusion Detection System



An incident investigator asks to receive a copy of the event logs from all firewalls, proxy
servers, and Intrusion Detection Systems (IDS) on the network of an organization that has
experienced a possible breach of security. When the investigator attempts to correlate the
information in all of the logs, the sequence of many of the logged events do not match up.
What is the most likely cause?


A.

The network devices are not all synchronized.


B.

Proper chain of custody was not observed while collecting the logs


C.

The attacker altered or erased events from the logs.


D.

The security breach was a false positive.





A.
  

The network devices are not all synchronized.



Explanation: Many network and system administrators don't pay enough attention to
system clock accuracy and time synchronization. Computer clocks can run faster or slower
over time, batteries and power sources die, or daylight-saving time changes are forgotten.
Sure, there are many more pressing security issues to deal with, but not ensuring that the
time on network devices is synchronized can cause problems. And these problems often
only come to light after a security incident.
If you suspect a hacker is accessing your network, for example, you will want to analyze
your log files to look for any suspicious activity. If your network's security devices do not
have synchronized times, the timestamps' inaccuracy makes it impossible to correlate log
files from different sources. Not only will you have difficulty in tracking events, but you will
also find it difficult to use such evidence in court; you won't be able to illustrate a smooth
progression of events as they occurred throughout your network.

Which DNS resource record can indicate how long any "DNS poisoning" could last?


A.

MX


B.

SOA


C.

NS


D.

TIMEOUT





B.
  

SOA



A technician is resolving an issue where a computer is unable to connect to the Internet
using a wireless access point. The computer is able to transfer files locally to other
machines, but cannot successfully reach the Internet. When the technician examines the IP
address and default gateway they are both on the 192.168.1.0/24. Which of the following
has occurred?


A.

The computer is not using a private IP address


B.

The gateway is not routing to a public IP address.


C.

The gateway and the computer are not on the same network


D.

The computer is using an invalid IP address.





B.
  

The gateway is not routing to a public IP address.



Explanation:
https://en.wikipedia.org/wiki/Private_network
In IP networking, a private network is a computer network that uses private IP address
space. Both the IPv4 and the IPv6 specifications define private IP address ranges. These
addresses are commonly used for local area networks (LANs) in residential, office, and
enterprise environments.
Private network addresses are not allocated to any specific organization. Anyone may use
these addresses without approval from regional or local Internet registries. Private IP
address spaces were originally defined to assist in delaying IPv4 address exhaustion. IP
packets originating from or addressed to a private IP address cannot be routed through the
public Internet.
The Internet Engineering Task Force (IETF) has directed the Internet Assigned Numbers
Authority (IANA) to reserve the following IPv4 address ranges for private networks:
· 10.0.0.0 – 10.255.255.255
· 172.16.0.0 – 172.31.255.255
· 192.168.0.0 – 192.168.255.255
Backbone routers do not allow packets from or to internal IP addresses. That is, intranet
machines, if no measures are taken, are isolated from the Internet. However, several
technologies allow such machines to connect to the Internet.
· Mediation servers like IRC, Usenet, SMTP and Proxy server
· Network address translation (NAT)
· Tunneling protocol
NOTE: So, the problem is just one of these technologies.

The establishment of a TCP connection involves a negotiation called three-way handshake.
What type of message does the client send to the server in order to begin this negotiation?


A.

ACK


B.

SYN


C.

RST


D.

SYN-ACK





B.
  

SYN



Which of the following tools are used for enumeration? (Choose three.)


A.

SolarWinds


B.

USER2SID


C.

Cheops


D.

SID2USER


E.

DumpSec





B.
  

USER2SID



D.
  

SID2USER



E.
  

DumpSec



When analyzing the IDS logs, the system administrator noticed an alert was logged when
the external router was accessed from the administrator’s Computer to update the router configuration. What type of an alert is this?


A.

False negative


B.

True negative


C.

True positive


D.

False positive





D.
  

False positive



Explanation:
True Positive - IDS referring a behavior as an attack, in real life it is
True Negative - IDS referring a behavior not an attack and in real life it is not
False Positive - IDS referring a behavior as an attack, in real life it is not
False Negative - IDS referring a behavior not an attack, but in real life is an attack.
False Negative - is the most serious and dangerous state of all !!!!

Under what conditions does a secondary name server request a zone transfer from a
primary name server?


A.

When a primary SOA is higher that a secondary SOA


B.

When a secondary SOA is higher that a primary SOA


C.

When a primary name server has had its service restarted


D.

When a secondary name server has had its service restarted


E.

When the TTL falls to zero





A.
  

When a primary SOA is higher that a secondary SOA



A large mobile telephony and data network operator has a data center that houses network
elements. These are essentially large computers running on Linux. The perimeter of the
data center is secured with firewalls and IPS systems. What is the best security policy concerning this setup?


A.

Network elements must be hardened with user ids and strong passwords. Regular
security tests and audits should be performed.


B.

As long as the physical access to the network elements is restricted, there is no need for
additional measures.


C.

There is no need for specific security measures on the network elements as long as
firewalls and IPS systems exist.


D.

The operator knows that attacks and down time are inevitable and should have a
backup site.





A.
  

Network elements must be hardened with user ids and strong passwords. Regular
security tests and audits should be performed.



An attacker with access to the inside network of a small company launches a successful
STP manipulation attack. What will he do next?


A.

He will create a SPAN entry on the spoofed root bridge and redirect traffic to his
computer.


B.

He will activate OSPF on the spoofed root bridge.


C.

He will repeat this action so that it escalates to a DoS attack.


D.

He will repeat the same attack against all L2 switches of the network.





A.
  

He will create a SPAN entry on the spoofed root bridge and redirect traffic to his
computer.




Page 4 out of 57 Pages
Previous