Question 1

A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much

information can be obtained from the firm’s public facing web servers. The engineer decides to start by using

netcat to port 80.

The engineer receives this output:

HTTP/1.1 200 OK

Server: Microsoft-IIS/6

Expires: Tue, 17 Jan 2011 01:41:33 GMT

Date: Mon, 16 Jan 2011 01:41:33 GMT

Content-Type: text/html

Accept-Ranges: bytes

Last Modified: Wed, 28 Dec 2010 15:32:21 GMT

ETag:“b0aac0542e25c31:89d”

Content-Length: 7369

Which of the following is an example of what the engineer performed?

Options :

A : Banner grabbing

B : SQL injection

C : Whois database query

D : Cross-site scripting

Answer: A

Question 2

An ethical hacker is hired to evaluate the defenses of an organization's database system which is known to employ a signature-based IDS. The hacker knows that some SQL Injection evasion techniques may allow him to bypass the system's signatures. During the operation, he successfully retrieved a list of usernames from the database without triggering an alarm by employing an advanced evasion technique. Which of the following could he have used?

Options :

A :

Utilizing the char encoding function to convert hexadecimal and decimal values into characters that pass-through SQL engine parsing

B : Using the URL encoding method to replace characters with their ASCII codes in hexadecimal form

C :

Implementing sophisticated matches such as “OR ‘john' = john" in place of classical matches like "OR 1-1"

D : Manipulating white spaces in SQL queries to bypass signature detection

Answer: D

Question 3

Rebecca, a security professional, wants to authenticate employees who use web services for safe and secure communication. In this process, she employs a component of the Web Service Architecture, which is an extension of SOAP, and it can maintain the integrity and confidentiality of SOAP messages. Which of the following components of the Web Service Architecture is used by Rebecca for securing the communication?

Options :

A : WSDL

B : WS Work Processes

C : WS-Policy

D : WS-Security

Answer: D

Question 4

The security administrator of ABC needs to permit Internet traffic in the host 10.0.0.2 and UDP traffic in the

host

10.0.0.3. He also needs to permit all FTP traffic to the rest of the network and deny all other traffic. After he

applied his ACL configuration in the router, nobody can access the ftp, and the permitted hosts cannot access

the Internet. According to the next configuration, what is happening in the network?

access-list 102 deny tcp any any

access-list 104 permit udp host 10.0.0.3 any

access-list 110 permit tcp host 10.0.0.2 eq www any

access-list 108 permit tcp any eq ftp any

Options :

A : The ACL 104 needs to be first because is UDP

B : The first ACL is denying all TCP traffic and the other ACLs are being ignored by the router

C : The ACL for FTP must be before the ACL 110

D : The ACL 110 needs to be changed to port 80

Answer: B

Question 5

A zone file consists of which of the following Resource Records (RRs)?

Options :

A : DNS, NS, AXFR, and MX records

B : DNS, NS, PTR, and MX records

C : SOA, NS, AXFR, and MX records

D : SOA, NS, A, and MX records

Answer: D

Higher Test Marks with Free Online 312-50 Exam Practice

Buying Options: