312-50 Free Practice Test

- (Topic 18)
Clive is conducting a pen-test and has just port scanned a system on the network. He has identified the operating system as Linux and been able to elicit responses from ports 23, 25 and 53. He infers port 23 as running Telnet service, port 25 as running SMTP service and port 53 as running DNS service. The client confirms these
findings and attests to the current availability of the services. When he tries to telnet to port 23 or 25, he gets a blank screen in response. On typing other commands, he sees only blank spaces or underscores symbols on the screen. What are you most likely to infer from this?

1. A. The services are protected by TCP wrappers
2. B. There is a honeypot running on the scanned machine
3. C. An attacker has replaced the services with trojaned ones
4. D. This indicates that the telnet and SMTP server have crashed

Correct Answer: A
TCP Wrapper is a host-based network ACL system, used to filter network access to Internet protocol services run on (Unix-like) operating systems such as Linux or BSD. It allows host or subnetwork IP addresses, names and/or ident query replies, to be used as tokens on which to filter for access control purposes.

- (Topic 9)
Which type of hacker represents the highest risk to your network?

1. A. script kiddies
2. B. grey hat hackers
3. C. black hat hackers
4. D. disgruntled employees

Correct Answer: D
The disgruntled users have some permission on your database, versus a hacker who might not get into the database. Global Crossings is a good example of how a disgruntled employee -- who took the internal payroll database home on a hard drive -- caused big problems for the telecommunications company. The employee posted the names, Social Security numbers and birthdates of company employees on his Web site. He may have been one of the factors that helped put them out of business.

- (Topic 14)
Bob has been hired to do a web application security test. Bob notices that the site is dynamic and infers that they mist be making use of a database at the application back end. Bob wants to validate whether SQL Injection would be possible.
What is the first character that Bob should use to attempt breaking valid SQL requests?

1. A. Semi Column
2. B. Double Quote
3. C. Single Quote
4. D. Exclamation Mark

Correct Answer: C
In SQL single quotes are used around values in queries, by entering another single quote Bob tests if the application will submit a null value and probably returning an error.

- (Topic 7)
The follows is an email header. What address is that of the true originator of the message?
Return-Path:
Received: from smtp.com (fw.emumail.com [215.52.220.122].
by raq-221-181.ev1.net (8.10.2/8.10.2. with ESMTP id h78NIn404807 for ; Sat, 9 Aug 2003 18:18:50 -0500
Received: (qmail 12685 invoked from network.; 8 Aug 2003 23:25:25 -0000
Received: from ([19.25.19.10]. by smtp.com with SMTP
Received: from unknown (HELO CHRISLAPTOP. (168.150.84.123. by localhost with SMTP; 8 Aug 2003 23:25:01 -0000
From: "Bill Gates" To: "mikeg" Subject: We need your help!
Date: Fri, 8 Aug 2003 19:12:28 -0400
Message-ID: <51>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0052_01C35DE1.03202950" X-Priority: 3 (Normal.
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal

1. A. 19.25.19.10
2. B. 51.32.123.21
3. C. 168.150.84.123
4. D. 215.52.220.122
5. E. 8.10.2/8.10.2

Correct Answer: C
Spoofing can be easily achieved by manipulating the "from" name field, however, it is much more difficult to hide the true source address. The "received from" IP address 168.150.84.123 is the true source of the

- (Topic 3)
Which of the following is an automated vulnerability assessment tool.

1. A. Whack a Mole
2. B. Nmap
3. C. Nessus
4. D. Kismet
5. E. Jill32

Correct Answer: C
Nessus is a vulnerability assessment tool.