All About 312-50 free exam May 2021


The article at Testaimer.com going over http://www.testaimer.com/312-50-test is very comprehensive.

Q341. Bob is conducting a password assessment for one of his clients. Bob suspects that password policies are not in place and weak passwords are probably the norm throughout the company he is evaluating. Bob is familiar with password weakness and key loggers. What are the means that Bob can use to get password from his client hosts and servers? 

A. Hardware, Software and Sniffing 

B. Hardware and Software Keyloggers 

C. Software only, they are the most effective 

D. Passwords are always best obtained using Hardware key loggers 

Answer:

Explanation: All loggers will work as long as he has physical access to the computers. 

Topic 8, Denial of Service 

275. The evil hacker, is purposely sending fragmented ICMP packets to a remote target. The total size of this ICMP packet once reconstructed is over 65,536 bytes. From the information given, what type of attack is attempting to perform? 

A. Syn flood 

B. Smurf 

C. Ping of death 

D. Fraggle 

Answer:

Reference: http://insecure.org/sploits/ping-o-death.html 


Q342. Jason works in the sales and marketing department for a very large advertising agency located in Atlanta. Jason is working on a very important marketing campaign for his company's largest client. Before the project could be completed and implemented, a competing advertising company comes out with the exact same marketing materials and advertising, thus rendering all the work done for Jason's client unusable. Jason is questioned about this and says he has no idea how all the material ended up in the hands of a competitor. 

Without any proof, Jason's company cannot do anything except move on. After working on another high profile client for about a month, all the marketing and sales material again ends up in the hands of another competitor and is released to the public before Jason's company can finish the project. Once again, Jason says that he had nothing to do with it and does not know how this could have happened. Jason is given leave with pay until they can figure out what is going on. 

Jason's supervisor decides to go through his email and finds a number of emails that were sent to the competitors that ended up with the marketing material. The only items in the emails were attached jpg files, but nothing else. Jason's supervisor opens the picture files, but cannot find anything out of the ordinary with them. 

What technique has Jason most likely used? 

A. Stealth Rootkit Technique 

B. Snow Hiding Technique 

C. ADS Streams Technique 

D. Image Steganography Technique 

Answer: D


Q343. You are the CIO for Avantes Finance International, a global finance company based in Geneva. You are responsible for network functions and logical security throughout the entire corporation. Your company has over 250 servers running Windows Server, 5000 workstations running Windows Vista, and 200 mobile users working from laptops on Windows 7. 

Last week, 10 of your company's laptops were stolen from salesmen while at a conference in Amsterdam. These laptops contained proprietary company information. While doing damage assessment on the possible public relations nightmare this may become, a news story leaks about the stolen laptops and also that sensitive information from those computers was posted to a blog online. 

What built-in Windows feature could you have implemented to protect the sensitive information on these laptops? 

A. You should have used 3DES which is built into Windows 

B. If you would have implemented Pretty Good Privacy (PGP) which is built into Windows, the sensitive information on the laptops would not have leaked out 

C. You should have utilized the built-in feature of Distributed File System (DFS) to protect the sensitive information on the laptops 

D. You could have implemented Encrypted File System (EFS) to encrypt the sensitive files on the laptops 

Answer: D


Q344. Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command. 

For /f "tokens=1 %%a in (hackfile.txt) do net use * \10.1.2.3c$ /user:"Administrator" %%a 

What is Eve trying to do? 

A. Eve is trying to connect as an user with Administrator privileges 

B. Eve is trying to enumerate all users with Administrative privileges 

C. Eve is trying to carry out a password crack for user Administrator 

D. Eve is trying to escalate privilege of the null user to that of Administrator 

Answer: C

Explanation: Eve tries to get a successful login using the username Administrator and passwords from the file hackfile.txt. 


Q345. Which of the following buffer overflow exploits are related to Microsoft IIS web server? (Choose three) 

A. Internet Printing Protocol (IPP) buffer overflow 

B. Code Red Worm 

C. Indexing services ISAPI extension buffer overflow 

D. NeXT buffer overflow 

Answer: ABC

Explanation: Both the buffer overflow in the Internet Printing Protocol and the ISAPI extension buffer overflow is explained in Microsoft Security Bulletin MS01-023. The Code Red worm was a computer worm released on the Internet on July 13, 2001. It attacked computers running Microsoft's IIS web server. 


Q346. The FIN flag is set and sent from host A to host B when host A has no more data to transmit (Closing a TCP connection). This flag releases the connection resources. However, host A can continue to receive data as long as the SYN sequence number of transmitted packets from host B are lower than the packet segment containing the set FIN flag. 

A. True 

B. False 

Answer: A

Explanation: For sequence number purposes, the SYN is considered to occur before the first actual data octet of the segment in which it occurs, while the FIN is considered to occur after the last actual data octet in a segment in which it occurs. So packets receiving out of order will still be accepted. 


Q347. What is a sniffing performed on a switched network called? 

A. Spoofed sniffing 

B. Passive sniffing 

C. Direct sniffing 

D. Active sniffing 

Answer: D


Q348. What makes web application vulnerabilities so aggravating? (Choose two) 

A. They can be launched through an authorized port. 

B. A firewall will not stop them. 

C. They exist only on the Linux platform. 

D. They are detectable by most leading antivirus software. 

Answer: AB

Explanation: As the vulnerabilities exists on a web server, incoming traffic on port 80 will probably be allowed and no firewall rules will stop the attack. 


Q349. Gerald is a Certified Ethical Hacker working for a large financial institution in Oklahoma City. Gerald is currently performing an annual security audit of the company's network. One of the company's primary concerns is how the corporate data is transferred back and forth from the banks all over the city to the data warehouse at the company's home office. To see what type of traffic is being passed back and forth and to see how secure that data really is, Gerald uses a session hijacking tool to intercept traffic between a server and a client. Gerald hijacks an HTML session between a client running a web application which connects to a SQL database at the home office. Gerald does not kill the client's session; he simply monitors the traffic that passes between it and the server. 

What type of session attack is Gerald employing here? 

A. He is utilizing a passive network level hijack to see the session traffic used to communicate between the two devices 

B. Gerald is using a passive application level hijack to monitor the client and server traffic 

C. This type of attack would be considered an active application attack since he is actively monitoring the traffic 

D. This type of hijacking attack is called an active network attack 

Answer: C

Explanation: Session Hijacking is an active attack 


Q350. What are the three phases involved in security testing? 

A. Reconnaissance, Conduct, Report 

B. Reconnaissance, Scanning, Conclusion 

C. Preparation, Conduct, Conclusion 

D. Preparation, Conduct, Billing 

Answer: C

Explanation: Preparation phase - A formal contract is executed containing non-disclosure of the client's data and legal protection for the tester. At a minimum, it also lists the IP addresses to be tested and time to test. Conduct phase - In this phase the penetration test is executed, with the tester looking for potential vulnerabilities. Conclusion phase - The results of the evaluation are communicated to the pre-defined organizational contact, and corrective action is advised.