312-50v10 Practice Test

Which of the following cryptography attack is an understatement for the extraction of
cryptographic secrets (e.g. the password to an encrypted file) from a person by a coercion
or torture?

A.

Chosen-Cipher text Attack

B.

Ciphertext-only Attack

C.

Timing Attack

D.

Rubber Hose Attack

When a security analyst prepares for the formal security assessment - what of the following
should be done in order to determine inconsistencies in the secure assets database and
verify that system is compliant to the minimum security baseline?

A.

Data items and vulnerability scanning

B.

Interviewing employees and network engineers

C.

Reviewing the firewalls configuration

D.

Source code review

Which of the following statements is TRUE?

A.

Sniffers operate on Layer 2 of the OSI model

B.

Sniffers operate on Layer 3 of the OSI model

C.

Sniffers operate on both Layer 2 & Layer 3 of the OSI model.

D.

Sniffers operate on the Layer 1 of the OSI model.

DNS cache snooping is a process of determining if the specified resource address is
present in the DNS cache records. It may be useful during the examination of the network
to determine what software update resources are used, thus discovering what software is
installed.
What command is used to determine if the entry is present in DNS cache?

A.

nslookup -fullrecursive update.antivirus.com

B.

dnsnooping –rt update.antivirus.com

C.

nslookup -norecursive update.antivirus.com

D.

dns --snoop update.antivirus.com;NM,

Identify the web application attack where the attackers exploit vulnerabilities in dynamically
generated web pages to inject client-side script into web pages viewed by other users.

A.

SQL injection attack

B.

Cross-Site Scripting (XSS)

C.

LDAP Injection attack

D.

Cross-Site Request Forgery (CSRF)