312-50 Online Practice Questions and Answers

What is a sniffing performed on a switched network called?

A. Spoofed sniffing

B. Passive sniffing

C. Direct sniffing

D. Active sniffing

XSS attacks occur on Web pages that do not perform appropriate bounds checking on data entered by users. Characters like < > that mark the beginning/end of a tag should be converted into HTML entities.

What is the correct code when converted to html entities?

A. Option A

B. Option B

C. Option C

D. Option D

Harold works for Jacobson Unlimited in the IT department as the security manager. Harold has created a security policy requiring all employees to use complex 14 character passwords. Unfortunately, the members of management do not want to have to use such long complicated passwords so they tell Harold's boss this new password policy should not apply to them. To comply with the management's wishes, the IT department creates another Windows domain and moves all the management users to that domain. This new domain has a password policy only requiring 8 characters.

Harold is concerned about having to accommodate the managers, but cannot do anything about it. Harold is also concerned about using LanManager security on his network instead of NTLM or NTLMv2, but the many legacy applications on the network prevent using the more secure NTLM and NTLMv2. Harold pulls the SAM files from the DC's on the original domain and the new domain using Pwdump6.

Harold uses the password cracking software John the Ripper to crack users' passwords to make sure they are strong enough. Harold expects that the users' passwords in the original domain will take much longer to crack than the management's passwords in the new domain. After running the software, Harold discovers that the 14 character passwords only took a short time longer to crack than the 8 character passwords. Why did the 14 character passwords not take much longer to crack than the 8 character passwords?

A. Harold should have used Dumpsec instead of Pwdump6

B. Harold's dictionary file was not large enough

C. Harold should use LC4 instead of John the Ripper

D. LanManger hashes are broken up into two 7 character fields

You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c

What is the hexadecimal value of NOP instruction?

A. 0x60

B. 0x80

C. 0x70

D. 0x90

Yancey is a network security administrator for a large electric company. This company provides power for over 100,000 people in Las Vegas. Yancey has worked for his company for over 15 years and has become very successful. One day, Yancey comes in to work and finds out that the company will be downsizing and he will be out of a job in two weeks. Yancey is very angry and decides to place logic bombs, viruses, Trojans, and backdoors all over the network to take down the company once he has left. Yancey does not care if his actions land him in jail for 30 or more years, he just wants the company to pay for what they are doing to him. What would Yancey be considered?

A. Yancey would be considered a Suicide Hacker

B. Since he does not care about going to jail, he would be considered a Black Hat

C. Because Yancey works for the company currently; he would be a White Hat

D. Yancey is a Hacktivist Hacker since he is standing up to a company that is downsizing

Simon is security analyst writing signatures for a Snort node he placed internally that captures all mirrored traffic from his border firewall. From the following signature, what will Snort look for in the payload of the suspected packets?

alert tcp $EXTERNAL_NET any -> $HOME_NET 27374 (msg: "BACKDOOR SIG - SubSseven 22";flags: A+; content: "|0d0a5b52504c5d3030320d0a|"; reference:arachnids,485;) alert

A. The payload of 485 is what this Snort signature will look for.

B. Snort will look for 0d0a5b52504c5d3030320d0a in the payload.

C. Packets that contain the payload of BACKDOOR SIG - SubSseven 22 will be flagged.

D. From this snort signature, packets with HOME_NET 27374 in the payload will be flagged.

SSL has been seen as the solution to several common security problems. Administrators will often make use of SSL to encrypt communication from point A to point B. Why do you think this could be a bad idea if there is an Intrusion Detection System deployed to monitor the traffic between point A and B?

A. SSL is redundant if you already have IDS in place.

B. SSL will trigger rules at regular interval and force the administrator to turn them off.

C. SSL will slow down the IDS while it is breaking the encryption to see the packet content.

D. SSL will mask the content of the packet and Intrusion Detection System will be blinded.

Bret is a web application administrator and has just read that there are a number of surprisingly common web application vulnerabilities that can be exploited by unsophisticated attackers with easily available tools on the Internet.

He has also read that when an organization deploys a web application, they invite the world to send HTTP requests. Attacks buried in these requests sail past firewalls, filters, platform hardening, SSL, and IDS without notice because they are inside legal HTTP requests. Bret is determined to weed out any vulnerabilities. What are some common vulnerabilities in web applications that he should be concerned about?

A. Non-validated parameters, broken access control, broken account and session management, cross- side scripting and buffer overflows are just a few common vulnerabilities

B. No IDS configured, anonymous user account set as default, missing latest security patch, no firewall filters set and visible clear text passwords are just a few common vulnerabilities

C. Visible clear text passwords, anonymous user account set as default, missing latest security patch, no firewall filters set and no SSL configured are just a few common vulnerabilities

D. No SSL configured, anonymous user account set as default, missing latest security patch, no firewall filters set and an inattentive system administrator are just a few common vulnerabilities

Which is the right sequence of packets sent during the initial TCP three way handshake?

A. FIN, FIN-ACK, ACK

B. SYN, URG, ACK

C. SYN, ACK, SYN-ACK

D. SYN, SYN-ACK, ACK

NSLookup is a good tool to use to gain additional information about a target network. What does the following command accomplish? nslookup

> server

> set type =any

> ls -d

A. Enables DNS spoofing

B. Loads bogus entries into the DNS table

C. Verifies zone security

D. Performs a zone transfer

E. Resets the DNS cache