Free 312-50v11 Exam Braindumps

Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command.

What is Eve trying to do?

1. A. Eve is trying to connect as a user with Administrator privileges
2. B. Eve is trying to enumerate all users with Administrative privileges
3. C. Eve is trying to carry out a password crack for user Administrator
4. D. Eve is trying to escalate privilege of the null user to that of Administrator

Correct Answer: C

Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/feed.php?url:externaIsile.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed In the above scenario?

1. A. website defacement
2. B. Server-side request forgery (SSRF) attack
3. C. Web server misconfiguration
4. D. web cache poisoning attack

Correct Answer: B
Server-side request forgery (also called SSRF) is a net security vulnerability that allows an assaulter to induce the server-side application to make http requests to associate arbitrary domain of the attacker’s choosing.
In typical SSRF examples, the attacker might cause the server to make a connection back to itself, or to other web-based services among the organization’s infrastructure, or to external third-party systems.
Another type of trust relationship that often arises with server-side request forgery is where the application server is able to interact with different back-end systems that aren’t directly reachable by users. These systems typically have non-routable private informatics addresses. Since the back-end systems normally ordinarily protected by the topology, they typically have a weaker security posture. In several cases, internal back-end systems contain sensitive functionality that may be accessed while not authentication by anyone who is able to act with the systems.
In the preceding example, suppose there’s an body interface at the back-end url https://192.168.0.68/admin. Here, an attacker will exploit the SSRF vulnerability to access the executive interface by submitting the following request:
POST /product/stock HTTP/1.0
Content-Type: application/x-www-form-urlencoded Content-Length: 118 stockApi=http://192.168.0.68/admin

You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to. 1.4.0/23. Which of the following IP addresses could be teased as a result of the new configuration?

1. A. 210.1.55.200
2. B. 10.1.4.254
3. C. 10..1.5.200
4. D. 10.1.4.156

Correct Answer: C

PGP, SSL, and IKE are all examples of which type of cryptography?

1. A. Digest
2. B. Secret Key
3. C. Public Key
4. D. Hash Algorithm

Correct Answer: C

Clark, a professional hacker, was hired by an organization lo gather sensitive Information about its competitors surreptitiously. Clark gathers the server IP address of the target organization using Whole footprinting. Further, he entered the server IP address as an input to an online tool to retrieve information such as the network range of the target organization and to identify the network topology and operating system used in the network. What is the online tool employed by Clark in the above scenario?

1. A. AOL
2. B. ARIN
3. C. DuckDuckGo
4. D. Baidu

Correct Answer: B
https://search.arin.net/rdap/?query=199.43.0.43