Free 312-50 Exam Dumps

Question 36

- (Topic 14)
What is the problem with this ASP script (login.asp)?
<%
Set objConn = CreateObject("ADODB.Connection") objConn.Open Application("WebUsersConnection")
sSQL="SELECT * FROM Users where Username=? & Request("user") & _ "?and Password=? & Request("pwd") & "?
Set RS = objConn.Execute(sSQL)
If RS.EOF then Response.Redirect("login.asp?msg=Invalid Login") Else
Session.Authorized = True
Set RS = nothing
Set objConn = nothing Response.Redirect("mainpage.asp") End If
%>

A. The ASP script is vulnerable to XSS attack
B. The ASP script is vulnerable to SQL Injection attack
C. The ASP script is vulnerable to Session Splice attack
D. The ASP script is vulnerable to Cross Site Scripting attack

Correct Answer:B

Question 37

- (Topic 23)
What is War Dialing?

A. War dialing involves the use of a program in conjunction with a modem to penetrate the modem/PBX-based systems
B. War dialing is a vulnerability scanning technique that penetrates Firewalls
C. It is a social engineering technique that uses Phone calls to trick victims
D. Involves IDS Scanning Fragments to bypass Internet filters and stateful Firewalls

Correct Answer:A

Question 38

- (Topic 23)
One of the better features of NetWare is the use of packet signature that includes cryptographic signatures. The packet signature mechanism has four levels from 0 to 3.
In the list below which of the choices represent the level that forces NetWare to sign all packets?

A. 0 (zero)
B. 1
C. 2
D. 3

Correct Answer:D
0Server does not sign packets (regardless of the client level).
1Server signs packets if the client is capable of signing (client level is 2 or higher). 2Server signs packets if the client is capable of signing (client level is 1 or higher). 3Server signs packets and requires all clients to sign packets or logging in will fail.

Question 39

- (Topic 8)
SYN Flood is a DOS attack in which an attacker deliberately violates the three-way handshake and opens a large number of half-open TCP connections.
The signature for SYN Flood attack is:

A. The source and destination address having the same value.
B. The source and destination port numbers having the same value.
C. A large number of SYN packets appearing on a network without the corresponding reply packets.
D. A large number of SYN packets appearing on a network with the corresponding reply packets.

Correct Answer:C
A SYN attack occurs when an attacker exploits the use of the buffer space during a Transmission Control Protocol (TCP) session initialization handshake. The attacker floods the target system's small "in-process" queue with connection requests, but it does not respond when a target system replies to those requests. This causes the target system to time out while waiting for the proper response, which makes the system crash or become unusable.

Question 40

- (Topic 10)
Which is the right sequence of packets sent during the initial TCP three way handshake?

A. FIN, FIN-ACK, ACK
B. SYN, URG, ACK
C. SYN, ACK, SYN-ACK
D. SYN, SYN-ACK, ACK

Correct Answer:D
A TCP connection always starts with a request for synchronization, a SYN, the reply to that would be another SYN together with a ACK to acknowledge that the last package was delivered successfully and the last part of the three way handshake should be only an ACK to acknowledge that the SYN reply was recived.