312-50 Free Practice Test

- (Topic 3)
An attacker is attempting to telnet into a corporation’s system in the DMZ. The attacker doesn’t want to get caught and is spoofing his IP address. After numerous tries he remains unsuccessful in connecting to the system. The attacker rechecks that the target system is actually listening on Port 23 and he verifies it with both nmap and hping2. He is still unable to connect to the target system.
What is the most probable reason?

1. A. The firewall is blocking port 23 to that system.
2. B. He cannot spoof his IP and successfully use TCP.
3. C. He needs to use an automated tool to telnet in.
4. D. He is attacking an operating system that does not reply to telnet even when open.

Correct Answer: B
Spoofing your IP will only work if you don’t need to get an answer from the target system. In this case the answer (login prompt) from the telnet session will be sent to the “real” location of the IP address that you are showing as the connection initiator.

- (Topic 15)
On wireless networks, SSID is used to identify the network. Why are SSID not
considered to be a good security mechanism to protect a wireless networks?

1. A. The SSID is only 32 bits in length.
2. B. The SSID is transmitted in clear text.
3. C. The SSID is the same as the MAC address for all vendors.
4. D. The SSID is to identify a station, not a network.

Correct Answer: B
The SSID IS constructed to identify a network, it IS NOT the same as the MAC address and SSID’s consists of a maximum of 32 alphanumeric characters.

- (Topic 19)
Exhibit:

Given the following extract from the snort log on a honeypot, what do you infer from the attack?

1. A. A new port was opened
2. B. A new user id was created
3. C. The exploit was successful
4. D. The exploit was not successful

Correct Answer: D
The attacker submits a PASS to the honeypot and receives a login incorrect
before disconnecting.

- (Topic 7)
Which of the following display filters will you enable in Ethereal to view the three- way handshake for a connection from host 192.168.0.1?

1. A. ip == 192.168.0.1 and tcp.syn
2. B. ip.addr = 192.168.0.1 and syn = 1
3. C. ip.addr==192.168.0.1 and tcp.flags.syn
4. D. ip.equals 192.168.0.1 and syn.equals on

Correct Answer: C

- (Topic 19)
John has a proxy server on his network which caches and filters web access. He shuts down all unnecessary ports and services. Additionally, he has installed a firewall (Cisco PIX) that will not allow users to connect to any outbound ports. Jack, a network user has successfully connected to a remote server on port 80 using netcat. He could in turn drop a shell from the remote machine. Assuming an attacker wants to penetrate John's network, which of the following options is he likely to choose?

1. A. Use ClosedVPN
2. B. Use Monkey shell
3. C. Use reverse shell using FTP protocol
4. D. Use HTTPTunnel or Stunnel on port 80 and 443

Correct Answer: D
As long as you allow http or https traffic attacks can be tunneled over those protocols with Stunnel or HTTPTunnel.