312-50 Free Practice Test

- (Topic 3)
Study the log below and identify the scan type. tcpdump –w host 192.168.1.10

1. A. nmap R 192.168.1.10
2. B. nmap S 192.168.1.10
3. C. nmap V 192.168.1.10
4. D. nmap –sO –T 192.168.1.10

Correct Answer: D
-sO: IP protocol scans: This method is used to determine which IP protocols are supported on a host. The technique is to send raw IP packets without any further protocol header to each specified protocol on the target machine.

- (Topic 18)
Bob is a Junior Administrator at ABC Company. On One of Linux machine he entered the following firewall rules:
iptables –t filter –A INPUT -p tcp --dport 23 –j DROP
Why he entered the above line?

1. A. To accept the Telnet connection
2. B. To deny the Telnet connection
3. C. The accept all connection except telnet connection
4. D. None of Above

Correct Answer: B
-t, --table
This option specifies the packet matching table which the command should operate on. If the kernel is configured with automatic module loading, an attempt will be made to load the appropriate module for that table if it is not already there.
The tables are as follows: filter This is the default table, and contains the built-in chains INPUT (for packets coming into the box itself), FORWARD (for packets being routed through the box), and OUTPUT (for locally-generated packets). nat This table is consulted when a packet which is creates a new connection is encountered. It consists of three built-
ins: PREROUTING (for altering packets as soon as they come in), OUTPUT (for altering locally-generated packets before routing), and POSTROUTING (for altering packets as they are about to go out). mangle This table is used for specialized packet alteration. It has two built-in chains: PREROUTING (for altering incoming packets before routing) and OUTPUT (for altering locally-generated packets before routing).
-A, --append
Append one or more rules to the end of the selected chain. When the source and/or destination names resolve to more than one address, a rule will be added for each possible address combination.
-p, --protocol [!] protocol
The protocol of the rule or of the packet to check. The specified protocol can be one of tcp, udp, icmp, or all, or it can be a numeric value, representing one of these protocols or a different one. Also a protocol name from /etc/protocols is allowed. A "!" argument before the protocol inverts the test. The number zero is equivalent to all. Protocol all will match with all protocols and is taken as default when this option is omitted. All may not be used in in combination with the check command.
--destination-port [!] [port[:port]]
Destination port or port range specification. The flag --dport is an alias for this option.
-j, --jump target
This specifies the target of the rule; ie. what to do if the packet matches it. The target can be a user-defined chain (not the one this rule is in), one of the special builtin targets which decide the fate of the packet immediately, or an extension (see EXTENSIONS below). If this option is omitted in a rule, then matching the rule will have no effect on the packet's fate, but the counters on the rule will be incremented.

- (Topic 19)
What is a sheepdip?

1. A. It is another name for Honeynet
2. B. It is a machine used to coordinate honeynets
3. C. It is the process of checking physical media for virus before they are used in a computer
4. D. None of the above

Correct Answer: C
Also known as a footbath, a sheepdip is the process of checking physical media, such as floppy disks or CD-ROMs, for viruses before they are used in a computer. Typically, a computer that sheepdips is used only for that process and nothing else and is isolated from the other computers, meaning it is not connected to the network. Most sheepdips use at least two different antivirus programs in order to increase effectiveness.

- (Topic 6)
You suspect that your Windows machine has been compromised with a Trojan virus. When you run anti-virus software it does not pick of the Trojan. Next you run netstat
command to look for open ports and you notice a strange port 6666 open. What is the next step you would do?

1. A. Re-install the operating system.
2. B. Re-run anti-virus software.
3. C. Install and run Trojan removal software.
4. D. Run utility fport and look for the application executable that listens on port 6666.

Correct Answer: D
Fport reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the 'netstat -an' command, but it also maps those ports to running processes with the PID, process name and path. Fport can be used to quickly identify unknown open ports and their associated applications.

- (Topic 15)
Sally is a network admin for a small company. She was asked to install wireless accesspoints in the building. In looking at the specifications for the access-points, she sees that all of them offer WEP. Which of these are true about WEP?
Select the best answer.

1. A. Stands for Wireless Encryption Protocol
2. B. It makes a WLAN as secure as a LAN
3. C. Stands for Wired Equivalent Privacy
4. D. It offers end to end security

Correct Answer: C
Explanations:
WEP is intended to make a WLAN as secure as a LAN but because a WLAN is not constrained by wired, this makes access much easier. Also, WEP has flaws that make it less secure than was once thought.WEP does not offer end-to-end security. It only attempts to protect the wireless portion of the network.