What Refresh 312-50 Is?

The article at Testaimer.com going over http://www.testaimer.com/312-50-test is very comprehensive.

Q11. Say that "abigcompany.com" had a security vulnerability in the javascript on their website in the past. They recently fixed the security vulnerability, but it had been there for many months. Is there some way to 4go back and see the code for that error? 

Select the best answer. 

A. archive.org 

B. There is no way to get the changed webpage unless you contact someone at the company 

C. Usenet 

D. Javascript would not be in their html so a service like usenet or archive wouldn't help you 



Archive.org is a website that periodically archives internet content. They have archives of websites over many years. It could be used to go back and look at the javascript as javascript would be in the HTML code. 

Q12. Neil monitors his firewall rules and log files closely on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web sites during work hours, without consideration for others. Neil knows that he has an updated content filtering system and that such access should not be authorized. 

What type of technique might be used by these offenders to access the Internet without restriction? 

A. They are using UDP which is always authorized at the firewall. 

B. They are using tunneling software which allows them to communicate with protocols in a way it was not intended. 

C. They have been able to compromise the firewall, modify the rules, and give themselves proper access. 

D. They are using an older version of Internet Explorer that allows them to bypass the proxy server. 

Answer: B

Explanation: This can be accomplished by, for example, tunneling the http traffic over SSH if you have a SSH server answering to your connection, you enable dynamic forwarding in the ssh client and configure Internet Explorer to use a SOCKS Proxy for network traffic. 

Q13. What port scanning method is the most reliable but also the most detectable? 

A. Null Scanning 

B. Connect Scanning 

C. ICMP Scanning 

D. Idlescan Scanning 

E. Half Scanning 

F. Verbose Scanning 

Answer: B

Explanation: A TCP Connect scan, named after the Unix connect() system call is the most accurate scanning method. If a port is open the operating system completes the TCP three-way handshake, and the port scanner immediately closes the connection. 

Q14. What type of session hijacking attack is shown in the exhibit? 

A. Cross-site scripting Attack 

B. SQL Injection Attack 

C. Token sniffing Attack 

D. Session Fixation Attack 

Answer: D

Q15. While testing web applications, you attempt to insert the following test script into the search area on the company's web site: 

<script>alert('Testing Testing Testing')</script> 

Afterwards, when you press the search button, a pop up box appears on your screen with the text "Testing Testing Testing". What vulnerability is detected in the web application here? 

A. A hybrid attack 

B. A buffer overflow 

C. Password attacks 

D. Cross Site Scripting 

Answer: D

Explanation: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. 

Q16. Attackers can potentially intercept and modify unsigned SMB packets, modify the traffic and forward it so that the server might perform undesirable actions. Alternatively, the attacker could pose as the server or client after a legitimate authentication and gain unauthorized access to data. Which of the following is NOT a means that can be used to minimize or protect against such an attack? 

A. Timestamps 

B. SMB Signing 

C. File permissions 

D. Sequence numbers monitoring 

Answer: ABD

Q17. E-mail tracking is a method to monitor and spy the delivered e-mails to the intended recipient. 

Select a feature, which you will NOT be able to accomplish with this probe? 

A. When the e-mail was received and read 

B. Send destructive e-mails 

C. GPS location and map of the recipient 

D. Time spent on reading the e-mails 

E. Whether or not the recipient visited any links sent to them 

F. Track PDF and other types of attachments 

G. Set messages to expire after specified time 

H. Remote control the User's E-mail client application and hijack the traffic 

Answer: H

Q18. _____ ensures that the enforcement of organizational security policy does not rely on voluntary web application user compliance. It secures information by assigning sensitivity labels on information and comparing this to the level of security a user is operating at. 

A. Mandatory Access Control 

B. Authorized Access Control 

C. Role-based Access Control 

D. Discretionary Access Control 

Answer: A

Explanation : In computer security, mandatory access control (MAC) is a kind of access control, defined by the TCSEC as "a means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity." 

Q19. You have successfully run a buffer overflow attack against a default IIS installation running on a Windows 2000 Server. The server allows you to spawn a shell. In order to perform the actions you intend to do, you need elevated permission. You need to know what your current privileges are within the shell. Which of the following options would be your current privileges? 

A. Administrator 



D. Whatever account IIS was installed with 

Answer: C

Explanation: If you manage to get the system to start a shell for you, that shell will be running as LOCAL_SYSTEM. 

Q20. What is the proper response for a X-MAS scan if the port is closed? 






F. No response 


Explanation: Closed ports respond to a X-MAS scan with a RST.