Question 1

What type of a vulnerability/attack is it when the malicious person forces the user’s browser to send an authenticated request to a server?

Options :

A : Session hijacking

B : Server side request forgery

C : Cross-site request forgery

D : Cross-site scripting

Answer: C

Question 2

A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software

as many of the other clients on the network. The client can see the network, but cannot connect. A wireless

packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being

sent by the wireless client. What is a possible source of this problem?

Options :

A : The WAP does not recognize the client’s MAC address

B : The client cannot see the SSID of the wireless network

C : Client is configured for the wrong channel

D :

The wireless client is not configured to use DHCP

Answer: A

Question 3

Which of the following is a component of a risk assessment?

Options :

A : Administrative safeguards

B : Physical security

C : DMZ

D : Logical interface

Answer: A

Question 4

in this attack, an adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstall the key, associated parameters such as the incremental transmit packet number and receive packet number are reset to their initial values. What is this attack called?

Options :

A : Chop chop attack

B : KRACK

C : Evil twin

D : Wardriving

Answer: B

Question 5

The network administrator at Spears Technology, Inc has configured the default gateway Cisco router's

access-list as below:

You are hired to conduct security testing on their network.

You successfully brute-force the SNMP community string using a SNMP crack tool.

The access-list configured at the router prevents you from establishing a successful connection.

You want to retrieve the Cisco configuration from the router. How would you proceed?

Options :

A : Use the Cisco-s TFTP default password to connect and download the configuration file

B : Run a network sniffer and capture the returned traffic with the configuration file from the router

C : Run Generic Routing Encapsulation (GRE) tunneling protocol from your computer to the router masking your IP address

D : Send a customized SNMP set request with a spoofed source IP address in the range -192.168.1.0

Answer: B,D

Confidently Practice Online with Free 312-50 Exam Cram

Buying Options: