Dumps4free
Discount Offer
Go Back on 312-50 Exam
Available in 1, 3, 6 and 12 Months Free Updates Plans
PDF: $15 $60

Test Engine: $20 $80

PDF + Engine: $25 $99



Pass exam with Dumps4free or we will provide you with three additional months of access for FREE.

312-50 Practice Test

Whether you're a beginner or brushing up on skills, our 312-50 practice exam is your key to success. Our comprehensive question bank covers all key topics, ensuring you’re fully prepared.


Page 23 out of 153 Pages

Topic 19, Evading IDS, Firewalls and Honeypots

SSL has been seen as the solution to several common security problems.
Administrators will often make use of SSL to encrypt communication from point A to
point B. Why do you think this could be a bad idea if there is an Intrusion Detection
System deployed to monitor the traffic between point A and B?


A.

 SSL is redundant if you already have IDS in place.


B.

SSL will trigger rules at regular interval and force the administrator to turn them off.


C.

SSL will slow down the IDS while it is breaking the encryption to see the packet content.


D.

SSL will mask the content of the packet and Intrusion Detection System will be blinded





D.   

SSL will mask the content of the packet and Intrusion Detection System will be blinded



Explanation: Because the traffic is encrypted, an IDS cannot understand it or evaluate the
payload.

Which of the following countermeasure can specifically protect against both the
MAC Flood and MAC Spoofing attacks?


A.

 Port Security


B.

Switch Mapping


C.

Port Reconfiguring


D.

Multiple Recognition





A.   

 Port Security



Explanation: With Port Security the switch will keep track of which ports are allowed to
send traffic on a port.

Which type of Nmap scan is the most reliable, but also the most visible, and likely to
be picked up by and IDS?


A.

SYN scan


B.

ACK scan


C.

RST scan


D.

 Connect scan


E.

 FIN scan






D.   

 Connect scan



Explanation: The TCP full connect (-sT) scan is the most reliable.

What is a sheepdip?


A.

It is another name for Honeynet


B.

 It is a machine used to coordinate honeynets


C.

 It is the process of checking physical media for virus before they are used in a computer


D.

None of the above





C.   

 It is the process of checking physical media for virus before they are used in a computer



Explanation: Also known as a footbath, a sheepdip is the process of checking physical
media, such as floppy disks or CD-ROMs, for viruses before they are used in a computer.
Typically, a computer that sheepdips is used only for that process and nothing else and is
isolated from the other computers, meaning it is not connected to the network. Most
sheepdips use at least two different antivirus programs in order to increase effectiveness.

Because UDP is a connectionless protocol: (Select 2)


A.

UDP recvfrom() and write() scanning will yield reliable results
 


B.

 It can only be used for Connect scans
 


C.

  It can only be used for SYN scans
 


D.

  There is no guarantee that the UDP packets will arrive at their destination
 


E.

 ICMP port unreachable messages may not be returned successfully
 





D.   

  There is no guarantee that the UDP packets will arrive at their destination
 



E.   

 ICMP port unreachable messages may not be returned successfully
 



Explanation: Neither UDP packets, nor the ICMP errors are guaranteed to arrive, so UDP
scanners must also implement retransmission of packets that appear to be lost (or you will
get a bunch of false positives).


Page 23 out of 153 Pages
Previous