312-50 Online Practice Questions and Answers

What type of Virus is shown here?

A. Cavity Virus

B. Macro Virus

C. Boot Sector Virus

D. Metamorphic Virus

E. Sparse Infector Virus

Which of the following represent weak password? (Select 2 answers)

A. Passwords that contain letters, special characters, and numbers Example: ap1$%##f@52

B. Passwords that contain only numbers Example: 23698217

C. Passwords that contain only special characters Example: and*#@!(%)

D. Passwords that contain letters and numbers Example: meerdfget123

E. Passwords that contain only letters Example: QWERTYKLRTY

F. Passwords that contain only special characters and numbers Example: 123@$45

G. Passwords that contain only letters and special characters Example: bob@andba

H. Passwords that contain Uppercase/Lowercase from a dictionary list Example: OrAnGe

Bob has a good understanding of cryptography, having worked with it for many years. Cryptography is used to secure data from specific threats but it does not secure the data from the specific threats but it does no secure the application from coding errors. It can provide data privacy; integrity and enable strong authentication but it can't mitigate programming errors. What is a good example of a programming error that Bob can use to explain to the management how encryption will not address all their security concerns?

A. Bob can explain that using a weak key management technique is a form of programming error

B. Bob can explain that using passwords to derive cryptographic keys is a form of a programming error

C. Bob can explain that a buffer overflow is an example of programming error and it is a common mistake associated with poor programming technique

D. Bob can explain that a random number generation can be used to derive cryptographic keys but it uses a weak seed value and this is a form of a programming error

Ron has configured his network to provide strong perimeter security. As part of his network architecture, he has included a host that is fully exposed to attack. The system is on the public side of the demilitarized zone, unprotected by a firewall or filtering router. What would you call such a host?

A. Honeypot

B. DMZ host

C. DWZ host

D. Bastion Host

Why do you need to capture five to ten million packets in order to crack WEP with AirSnort?

A. All IVs are vulnerable to attack

B. Air Snort uses a cache of packets

C. Air Snort implements the FMS attack and only encrypted packets are counted

D. A majority of weak IVs transmitted by access points and wireless cards are not filtered by contemporary wireless manufacturers

How can you determine if an LM hash you extracted contains a password that is less than 8 characters long?

A. There is no way to tell because a hash cannot be reversed

B. The right most portion of the hash is always the same

C. The hash always starts with AB923D

D. The left most portion of the hash is always the same

E. A portion of the hash will be all 0's

Maurine is working as a security consultant for Hinklemeir Associate. She has asked the Systems Administrator to create a group policy that would not allow null sessions on the network. The Systems Administrator is fresh out of college and has never heard of null sessions and does not know what they are used for. Maurine is trying to explain to the Systems Administrator that hackers will try to create a null session when footprinting the network.

Why would an attacker try to create a null session with a computer on a network?

A. Enumerate users shares

B. Install a backdoor for later attacks

C. Escalate his/her privileges on the target server

D. To create a user with administrative privileges for later use

What is the proper response for a X-MAS scan if the port is closed?

A. SYN

B. ACK

C. FIN

D. PSH

E. RST

F. No response

Exhibit

(Note: the student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.)

Snort has been used to capture packets on the network. On studying the packets, the penetration tester finds it to be abnormal. If you were the penetration tester, why would you find this abnormal?

What is odd about this attack? Choose the best answer.

A. This is not a spoofed packet as the IP stack has increasing numbers for the three flags.

B. This is back orifice activity as the scan comes form port 31337.

C. The attacker wants to avoid creating a sub-carries connection that is not normally valid.

D. These packets were crafted by a tool, they were not created by a standard IP stack.

Samantha has been actively scanning the client network for which she is doing a vulnerability assessment test. While doing a port scan she notices ports open in the 135 to 139 range. What protocol is most likely to be listening on those ports?

A. SMB

B. FTP

C. SAMBA

D. FINGER