312-50 Free Practice Test

- (Topic 3)
____ is an automated vulnerability assessment tool.

1. A. Whack a Mole
2. B. Nmap
3. C. Nessus
4. D. Kismet
5. E. Jill32

Correct Answer: C
Nessus is a vulnerability assessment tool.

- (Topic 4)
Maurine is working as a security consultant for Hinklemeir Associate. She has asked the Systems Administrator to create a group policy that would not allow null sessions on the network. The Systems Administrator is fresh out of college and has never heard of null sessions and does not know what they are used for. Maurine is trying to explain to the Systems Administrator that hackers will try to create a null session when footprinting the network.
Why would an attacker try to create a null session with a computer on a network?

1. A. Enumerate users shares
2. B. Install a backdoor for later attacks
3. C. Escalate his/her privileges on the target server
4. D. To create a user with administrative privileges for later use

Correct Answer: A
The Null Session is often referred to as the "Holy Grail" of Windows hacking. Listed as the number 5 windows vulnerability on the SANS/FBI Top 20 list, Null Sessions take advantage of flaws in the CIFS/SMB (Common Internet File System/Server Messaging Block) architecture. You can establish a Null Session with a Windows (NT/2000/XP) host by logging on with a null user name and password. Using these null connections allows you to gather the following information from the host:
- List of users and groups
- List of machines
- List of shares
- Users and host SID' (Security Identifiers)

- (Topic 19)
Neil monitors his firewall rules and log files closely on a regular basis. Some of the users have complained to Neil that there are a few employees who are visiting offensive web sites during work hours, without consideration for others. Neil knows that he has an updated content filtering system and that such access should not be authorized.
What type of technique might be used by these offenders to access the Internet without restriction?

1. A. They are using UDP which is always authorized at the firewall.
2. B. They are using tunneling software which allows them to communicate with protocols in a way it was not intended.
3. C. They have been able to compromise the firewall, modify the rules, and give themselves proper access.
4. D. They are using an older version of Internet Explorer that allows them to bypass the proxy server.

Correct Answer: B
This can be accomplished by, for example, tunneling the http traffic over SSH if you have a SSH server answering to your connection, you enable dynamic forwarding in the ssh client and configure Internet Explorer to use a SOCKS Proxy for network traffic.

- (Topic 19)
What is the tool Firewalk used for?

1. A. To test the IDS for proper operation
2. B. To test a firewall for proper operation
3. C. To determine what rules are in place for a firewall
4. D. To test the webserver configuration
5. E. Firewalk is a firewall auto configuration tool

Correct Answer: C
Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device "firewall" will pass. Firewalk works by sending out TCP or UDP packets with a TTL one greater than the targeted gateway. If the gateway allows the traffic, it will forward the packets to the next hop where they will expire and elicit an ICMP_TIME_EXCEEDED message. If the gateway host does not allow the traffic, it will likely drop the packets and no response will be returned.

- (Topic 5)
Attackers can potentially intercept and modify unsigned SMB packets, modify the traffic and forward it so that the server might perform undesirable actions. Alternatively, the attacker could pose as the server or client after a legitimate authentication and gain unauthorized access to data. Which of the following is NOT a means that can be used to minimize or protect against such an attack?

1. A. Timestamps
2. B. SMB Signing
3. C. File permissions
4. D. Sequence numbers monitoring

Correct Answer: ABD