312-50v11 Practice Test

An attacker attaches a rogue router in a network. He wants to redirect traffic to a LAN attached to his router as part of a man-in-the-middle attack. What measure on behalf of the legitimate admin can mitigate this attack?

A.

Make sure that legitimate network routers are configured to run routing protocols with authentication.

B.

Disable all routing protocols and only use static routes

C.

Only using OSPFv3 will mitigate this risk.

D.

Redirection of the traffic cannot happen unless the admin allows it explicitly

What type of analysis is performed when an attacker has partial knowledge of innerworkings
of the application?

A.

Black-box

B.

Announced

C.

White-box

D.

Grey-box

Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He’s determined that the application is vulnerable to SQL injection, and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?

A.

Error-based SQL injection

B.

Blind SQL injection

C.

Union-based SQL injection

D.

NoSQL injection

Gavin owns a white-hat firm and is performing a website security audit for one of his
clients. He begins by running a scan which looks for common misconfigurations and
outdated software versions. Which of the following tools is he most likely using?

A.

Nikto

B.

Nmap

C.

Metasploit

D.

Armitage

As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security?

A.

Use the same machines for DNS and other applications

B.

Harden DNS servers

C.

Use split-horizon operation for DNS servers

D.

Restrict Zone transfers

E.

Have subnet diversity between DNS servers