November/2022 Latest Braindump2go 312-49v10 Exam Dumps with PDF and VCE Free Updated Today! Following are some new Braindump2go 312-49v10 Real Exam Questions!
QUESTION 770 Which OWASP loT vulnerability talks about security flaws such as lack of firmware validation, lack of secure delivery, and lack of anti-rollback mechanisms on loT devices?
A. Lack of secure update mechanism B. Use of insecure or outdated components C. Insecure default settings D. Insecure data transfer and storage
July/2022 Latest Braindump2go 312-49v10 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 312-49v10 Real Exam Questions!
QUESTION 701 You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?
A. All three servers need to be placed internally B. A web server and the database server facing the Internet, an application server on the internal network C. A web server facing the Internet, an application server on the internal network, a database server on the internal network D. All three servers need to face the Internet so that they can communicate between themselves
December/2021 Latest Braindump2go 312-38 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 312-38 Real Exam Questions!
QUESTION 600 Which BC/DR activity works on the assumption that the most critical processes are brought back from a remote location first, followed by the less critical functions?
A. Recovery B. Restoration C. Response D. Resumption
September/2021 Latest Braindump2go 312-50v11 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 312-50v11 Real Exam Questions!
QUESTION 946 Geena, a cloud architect, uses a master component in the Kubernetes cluster architecture that scans newly generated pods and allocates a node to them. This component can also assign nodes based on factors such as the overall resource requirement, data locality, software/hardware/policy restrictions, and internal workload interventions. Which of the following master components is explained in the above scenario?
A. Kube-controller-manager B. Kube-scheduler C. Kube-apiserver D. Etcd cluster
2021/February Latest Braindump2go 712-50 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 712-50 Real Exam Questions!
QUESTION 351 Which type of physical security control scan a person’s external features through a digital video camera before granting access to a restricted area?
A. Iris scan B. Retinal scan C. Facial recognition scan D. Signature kinetics scan
2021/January Latest Braindump2go 312-50v11 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 312-50v11 Real Exam Questions!
QUESTION 45 An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gain access to the DNS server and redirect the direction www.google.com to his own IP address. Now when the employees of the office want to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack?
A. MAC Flooding B. Smurf Attack C. DNS spoofing D. ARP Poisoning
QUESTION 709 Which of the following is the least-likely physical characteristic to be used in biometric control that supports a large company?
A. Voice B. Fingerprints C. Iris patterns D. Height and Weight
Answer: D
QUESTION 710 While using your bank’s online servicing you notice the following string in the URL bar: “http: // www. MyPersonalBank. com/ account?id=368940911028389&Damount=10980&Camount=21” You observe that if you modify the Damount&Camount values and submit the request, that data on the web page reflects the changes. Which type of vulnerability is present on this site?
A. Cookie Tampering B. SQL Injection C. Web Parameter Tampering D. XSS Reflection
Answer: C
QUESTION 711 It is an entity or event with the potential to adversely impact a system through unauthorized acces, destruction, disclosure, denial of service or modification of data. Which of the following terms best matches the definition?
A. Attack B. Vulnerability C. Threat D. Risk
Answer: C
QUESTION 712 Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications?
A. Use security policies and procedures to define and implement proper security settings. B. Use digital certificates to authenticate a server prior to sending data. C. Validate and escape all information sent to a server. D. Verify acces right before allowing access to protected information and UI controls.
Answer: C
QUESTION 713 Gavin owns a white-hat firm and is performing a website security audit for one of his clients. He begins by running a scan which looks for common misconfigurations and outdated software versions. Which of the following tools is he most likely using?
A. Armitage B. Nikto C. Metasploit D. Nmap
Answer: B
QUESTION 714 Matthew, a black hat, has managed to open a meterpreter session to one of the kiosk machines in Evil Corp’s lobby. He checks his current SID, which is S-1-5-21-1223352397-1872883824-861252104-501. What needs to happen before Matthew has full administrator access?
A. He needs to gain physical access. B. He must perform privilege escalation. C. He already has admin privileges, as shown by the “501” at the end of the SID. D. He needs to disable antivirus protection.
Answer: B
QUESTION 715 Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He is determined that the application is vulnerable to SQL injection and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?
A. NoSQL injection B. Blind SQL injection C. Union-based SQL injection D. Error-based SQL injection
Answer: B
QUESTION 716 You have successfully logged on a Linux system. You want to now cover your track. Your login attempt may be logged on several files located in /var/log. Which file does NOT belong to the list:
A. wtmp B. user.log C. btmp D. auth.log
Answer: B
QUESTION 717 When you return to your desk after a lunch break, you notice a strange email in your inbox. The sender is someone you did business with recently, but the subject line has strange characters in it. What should you do?
A. Forward the message to your company’s security response team and permanently delete the message from your computer. B. Reply to the sender and ask them for more information about the message contents. C. Delete the email and pretend nothing happened. D. Forward the message to your supervisor and ask for her opinion on how to handle the situation.
Answer: A
QUESTION 718 The “gray box testing” methodology enforces what kind of restriction?
A. Only the internal operation of a system is known to the tester. B. The internal operation of a system is completely known to the tester. C. The internal operation of a system is only partly accessible to the tester. D. Only the external operation of a system is accessible to the tester.
Answer: C
QUESTION 719 Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occuring during non-business hours. After further examination of all login activities, it is notices that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realized the system time on the Linux server is wrong by more than twelve hours. What protocol used on Linux serves to synchronize the time has stopped working?