The Secret of 312-50 exam question

The article at going over is very comprehensive.

Q41. In the following example, which of these is the "exploit"? 

Today, Microsoft Corporation released a security notice. It detailed how a person could bring down the Windows 2003 Server operating system, by sending malformed packets to it. They detailed how this malicious process had been automated using basic scripting. Even worse, the new automated method for bringing down the server has already been used to perform denial of service attacks on many large commercial websites. 

Select the best answer. 

A. Microsoft Corporation is the exploit. 

B. The security "hole" in the product is the exploit. 

C. Windows 2003 Server 

D. The exploit is the hacker that would use this vulnerability. 

E. The documented method of how to use the vulnerability to gain unprivileged access. 



Microsoft is not the exploit, but if Microsoft documents how the vulnerability can be used to gain unprivileged access, they are creating the exploit. If they just say that there is a hole in the product, then it is only a vulnerability. The security "hole" in the product is called the "vulnerability". It is documented in a way that shows how to use the vulnerability to gain unprivileged access, and it then becomes an "exploit". In the example given, Windows 2003 Server is the TOE (Target of Evaluation). A TOE is an IT System, product or component that requires security evaluation or is being identified. The hacker that would use this vulnerability is exploiting it, but the hacker is not the exploit. The documented method of how to use the vulnerability to gain unprivileged access is the correct answer. 

Q42. There is some dispute between two network administrators at your company. Your boss asks you to come and meet with the administrators to set the record straight. Which of these are true about PKI and encryption? 

Select the best answers. 

A. PKI provides data with encryption, compression, and restorability. 

B. Public-key encryption was invented in 1976 by Whitfield Diffie and Martin Hellman. 

C. When it comes to eCommerce, as long as you have authenticity, and authenticity, you do not need encryption. 

D. RSA is a type of encryption. 

Answer: BD

Explanation: PKI provides confidentiality, integrity, and authenticity of the messages exchanged between these two types of systems. The 3rd party provides the public key and the receiver verifies the message with a combination of the private and public key. Public-key encryption WAS invented in 1976 by Whitfield Diffie and Martin Hellman. The famous hashing algorithm Diffie-Hellman was named after them. The RSA Algorithm is created by the RSA Security company that also has created other widely used encryption algorithms. 

Q43. What does the term “Ethical Hacking” mean? 

A. Someone who is hacking for ethical reasons. 

B. Someone who is using his/her skills for ethical reasons. 

C. Someone who is using his/her skills for defensive purposes. 

D. Someone who is using his/her skills for offensive purposes. 

Answer: C

Explanation: Ethical hacking is only about defending your self or your employer against malicious persons by using the same techniques and skills. 

Q44. Bill successfully executed a buffer overflow against a Windows IIS web server. He has been able to spawn in interactive shell and plans to deface the main web page. He fist attempts to use the “Echo” command to simply overwrite index.html and remains unsuccessful. He then attempts to delete the page and achieves no progress. Finally, he tires to overwrite it with another page in which also he remains unsuccessful. What is the probable cause of Bill’s problem? 

A. The system is a honeypot 

B. The HTML file has permissions of read only 

C. You can’t use a buffer overflow to deface a web page 

D. There is a problem with the shell and he needs to run the attack again 

Answer: B

Explanation: A honeypot has no interest in stopping an intruder from altering the “target” files. A buffer overflow is a way to gain access to the target computer. Once he has spawned a shell it is unlikely that it will not work as intended, but the user context that the shell is spawned in might stop him from altering the index.html file incase he doesn’t have sufficient rights. 

Q45. Attackers footprint target Websites using Google Hacking techniques. Google hacking is a term that refers to the art of creating complex search engine queries. It detects websites that are vulnerable to numerous exploits and vulnerabilities. Google operators are used to locate specific strings of text within the search results. 

The configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database. WordPress uses config.php that stores the database Username and Password. 

Which of the below Google search string brings up sites with "config.php" files? 

A. Search:index config/php 

B. Wordpress:index config.php 

C. intitle:index.of config.php 

D. Config.php:index list 

Answer: C

Q46. Dave has been assigned to test the network security of Acme Corp. The test was announced to the employees. He created a webpage to discuss the progress of the tests with employees who were interested in following the test. Visitors were allowed to click on a sand clock to mark the progress of the test. Dave successfully embeds a keylogger. He also added some statistics on the webpage. The firewall protects the network well and allows strict Internet access. How was security compromised and how did the firewall respond? 

A. The attack did not fall through as the firewall blocked the traffic 

B. The attack was social engineering and the firewall did not detect it 

C. The attack was deception and security was not directly compromised 

D. Security was not compromised as the webpage was hosted internally 

Answer: B

Explanation: This was just another way to trick the information out of the users without the need to hack into any systems. All traffic is outgoing and initiated by the user so the firewall will not react. 

Q47. Where should a security tester be looking for information that could be used by an attacker against an organization? (Select all that apply) 

A. CHAT rooms 

B. WHOIS database 

C. News groups 

D. Web sites E. Search engines 

F. Organization’s own web site 

Answer: ABCDEF 

Explanation: A Security tester should search for information everywhere that he/she can access. 

You never know where you find that small piece of information that could penetrate a strong defense. 

Q48. Annie has just succeeded in stealing a secure cookie via a XSS attack. She is able to replay the cookie even while the session is valid on the server. Why do you think this is possible? 

A. Any cookie can be replayed irrespective of the session status 

B. The scenario is invalid as a secure cookie cannot be replayed 

C. It works because encryption is performed at the network layer (layer 1 encryption) 

D. It works because encryption is performed at the application layer (single encryption key) 

Answer: D

Q49. How would you permanently wipe the data in the hard disk? 

A. wipe -fik /dev/hda1 

B. erase -fik /dev/hda1 

C. delete -fik /dev/hda1 

D. secdel -fik /dev/hda1 

Answer: A

Q50. NetBIOS over TCP/IP allows files and/or printers to be shared over the network. You are trying to intercept the traffic from a victim machine to a corporate network printer. You are attempting to hijack the printer network connection from your laptop by sniffing the wire. Which port does SMB over TCP/IP use? 

A. 443 

B. 139 

C. 179 

D. 445 

Answer: D