312-50V12 Online Practice Questions and Answers

An attacker identified that a user and an access point are both compatible with WPA2 and WPA3 encryption. The attacker installed a rogue access point with only WPA2 compatibility in the vicinity and forced the victim to go through the WPA2 four-way handshake to get connected. After the connection was established, the attacker used automated tools to crack WPA2-encrypted messages. What is the attack performed in the above scenario?

A. Timing-based attack

B. Side-channel attack

C. Downgrade security attack

D. Cache-based attack

How does a denial-of-service attack work?

A. A hacker prevents a legitimate user (or group of users) from accessing a service

B. A hacker uses every character, word, or letter he or she can think of to defeat authentication

C. A hacker tries to decipher a password by using a system, which subsequently crashes the network

D. A hacker attempts to imitate a legitimate user by confusing a computer or even another person

A zone file consists of which of the following Resource Records (RRs)?

A. DNS, NS, AXFR, and MX records

B. DNS, NS, PTR, and MX records

C. SOA, NS, AXFR, and MX records

D. SOA, NS, A, and MX records

Miley, a professional hacker, decided to attack a target organization's network. To perform the attack, she used a tool to send fake ARP messages over the target network to link her MAC address with the target system's IP address. By performing this, Miley received messages directed to the victim's MAC address and further used the tool to intercept, steal, modify, and block sensitive communication to the target system. What is the tool employed by Miley to perform the above attack?

A. Gobbler

B. KDerpNSpoof

C. BetterCAP

D. Wireshark

Which of the following program infects the system boot sector and the executable files at the same time?

A. Polymorphic virus

B. Stealth virus

C. Multipartite Virus

D. Macro virus

A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed. Which security policy must the security analyst check to see if dial-out modems are allowed?

A. Firewall-management policy

B. Acceptable-use policy

C. Permissive policy

D. Remote-access policy

In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information. How can he achieve this?

A. Privilege Escalation

B. Shoulder-Surfing

C. Hacking Active Directory

D. Port Scanning

The "Gray-box testing" methodology enforces what kind of restriction?

A. Only the external operation of a system is accessible to the tester.

B. The internal operation of a system in only partly accessible to the tester.

C. Only the internal operation of a system is known to the tester.

D. The internal operation of a system is completely known to the tester.

In the context of Windows Security, what is a 'null' user?

A. A user that has no skills

B. An account that has been suspended by the admin

C. A pseudo account that has no username and password

D. A pseudo account that was created for security administration purpose

While performing a security audit of a web application, an ethical hacker discovers a potential vulnerability. The application responds to logically incorrect queries with detailed error messages that divulge the underlying database's structure. The ethical hacker decides to exploit this vulnerability further. Which type of SQL Injection attack is the ethical hacker likely to use?

A. UNION SQL Injection

B. Blind/inferential SQL Injection

C. In-band SQL Injection

D. Error-based SOL Injection