Free 312-50v11 Exam Braindumps

Take a look at the following attack on a Web Server using obstructed URL:

How would you protect from these attacks?

1. A. Configure the Web Server to deny requests involving "hex encoded" characters
2. B. Create rules in IDS to alert on strange Unicode requests
3. C. Use SSL authentication on Web Servers
4. D. Enable Active Scripts Detection at the firewall and routers

Correct Answer: B

Ethical hacker jane Smith is attempting to perform an SQL injection attach. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs. which two SQL Injection types would give her the results she is looking for?

1. A. Out of band and boolean-based
2. B. Time-based and union-based
3. C. union-based and error-based
4. D. Time-based and boolean-based

Correct Answer: D
“Boolean based” we mean that it is based on Boolean values, that is, true or false / true and false. AND
Time-based SQL Injection is an inferential SQL Injection technique that relies on sending an SQL query to the database which forces the database to wait for a specified amount of time (in seconds) before responding. The response time will indicate to the attacker whether the result of the query is TRUE or FALSE.
Boolean-based (content-based) Blind SQLi
Boolean-based SQL Injection is an inferential SQL Injection technique that relies on sending an SQL query to the database which forces the application to return a different result depending on whether the query returns a TRUE or FALSE result.
Depending on the result, the content within the HTTP response will change, or remain the same. This allows an attacker to infer if the payload used returned true or false, even though no data from the database is returned. This attack is typically slow (especially on large databases) since an attacker would need to enumerate a database, character by character.
Time-based Blind SQLi
Time-based SQL Injection is an inferential SQL Injection technique that relies on sending an SQL query to the database which forces the database to wait for a specified amount of time (in seconds) before responding. The response time will indicate to the attacker whether the result of the query is TRUE or FALSE.
Depending on the result, an HTTP response will be returned with a delay, or returned immediately. This allows an attacker to infer if the payload used returned true or false, even though no data from the database is returned. This attack is typically slow (especially on large databases) since an attacker would need to enumerate a database character by character.
https://www.acunetix.com/websitesecurity/sql-injection2/

What is the proper response for a NULL scan if the port is open?

1. A. SYN
2. B. ACK
3. C. FIN
4. D. PSH
5. E. RST
6. F. No response

Correct Answer: F

What port number is used by LDAP protocol?

1. A. 110
2. B. 389
3. C. 464
4. D. 445

Correct Answer: B

What is one of the advantages of using both symmetric and asymmetric cryptography in SSL/TLS?

1. A. Supporting both types of algorithms allows less-powerful devices such as mobile phones to use symmetric encryption instead.
2. B. Symmetric algorithms such as AES provide a failsafe when asymmetric methods fail.
3. C. Symmetric encryption allows the server to security transmit the session keys out-of-band.
4. D. Asymmetric cryptography is computationally expensive in compariso
5. E. However, it is well-suited to securely negotiate keys for use with symmetric cryptography.

Correct Answer: A