312-50 Free Practice Test

- (Topic 23)
Stephanie works as senior security analyst for a manufacturing company in Detroit. Stephanie manages network security throughout the organization. Her colleague Jason told her in confidence that he was able to see confidential corporate information posted on the external website http://www.jeansclothesman.com. He tries random URLs on the company's website and finds confidential information leaked over the web. Jason says this happened about a month ago. Stephanie visits the said URLs, but she finds nothing. She is very concerned about this, since someone should be held accountable if there was sensitive information posted on the website.
Where can Stephanie go to see past versions and pages of a website?

1. A. She should go to the web page Samspade.org to see web pages that might no longer be on the website
2. B. If Stephanie navigates to Search.com; she will see old versions of the company website
3. C. Stephanie can go to Archive.org to see past versions of the company website
4. D. AddressPast.com would have any web pages that are no longer hosted on the company's website

Correct Answer: C

- (Topic 23)
Here is the ASCII Sheet.

You want to guess the DBO username juggyboy (8 characters) using Blind SQL Injection
technique.
What is the correct syntax?

1. A. Option A
2. B. Option B
3. C. Option C
4. D. Option D

Correct Answer: A

- (Topic 3)
Which of the following ICMP message types are used for destinations unreachables?

1. A. 3
2. B. 11
3. C. 13
4. D. 17

Correct Answer: B
Type 3 messages are used for unreachable messages. 0 is Echo Reply, 8 is Echo request, 11 is time exceeded, 13 is timestamp and 17 is subnet mask request. Learning these would be advisable for the test.

- (Topic 21)
Which of the following best describes session key creation in SSL?

1. A. It is created by the server after verifying theuser's identity
2. B. It is created by the server upon connection by the client
3. C. It is created by the client from the server's public key
4. D. It is created by the client after verifying the server's identity

Correct Answer: D
An SSL session always begins with an exchange of messages called the SSL handshake. The handshake allows the server to authenticate itself to the client using public-key techniques, then allows the client and the server to cooperate in the creation of symmetric keys used for rapid encryption, decryption, and tamper detection during the session that follows. Optionally, the handshake also allows the client to authenticate itself to the server.

- (Topic 15)
Derek has stumbled upon a wireless network and wants to assess its security. However, he does not find enough traffic for a good capture. He intends to use AirSnort on the captured traffic to crack the WEP key and does not know the IP address range or the AP. How can he generate traffic on the network so that he can capture enough packets to crack the WEP key?

1. A. Use any ARP requests found in the capture
2. B. Derek can use a session replay on the packets captured
3. C. Derek can use KisMAC as it needs two USB devices to generate traffic
4. D. Use Ettercap to discover the gateway and ICMP ping flood tool to generate traffic

Correct Answer: D
By forcing the network to answer to a lot of ICMP messages you can gather enough packets to crack the WEP key.