312-50 Free Practice Test

- (Topic 23)
Wayne is the senior security analyst for his company. Wayne is examining some traffic logs on a server and came across some inconsistencies. Wayne finds some IP packets from a computer purporting to be on the internal network. The packets originate from
192.168.12.35 with a TTL of 15. The server replied to this computer and received a response from 192.168.12.35 with a TTL of 21. What can Wayne infer from this traffic log?

1. A. The initial traffic from 192.168.12.35 was being spoofed.
2. B. The traffic from 192.168.12.25 is from a Linux computer.
3. C. The TTL of 21 means that the client computer is on wireless.
4. D. The client computer at 192.168.12.35 is a zombie computer.

Correct Answer: A

- (Topic 4)
Which DNS resource record can indicate how long any "DNS poisoning" could last?

1. A. MX
2. B. SOA
3. C. NS
4. D. TIMEOUT

Correct Answer: B
The SOA contains information of secondary servers, update intervals and expiration times.

- (Topic 23)
You generate MD5 128-bit hash on all files and folders on your computer to keep a baseline check for security reasons?

What is the length of the MD5 hash?

1. A. 32 bit
2. B. 64 byte
3. C. 48 char
4. D. 128 kb

Correct Answer: C

- (Topic 18)
Rebecca is a security analyst and knows of a local root exploit that has the ability to enable local users to use available exploits to gain root privileges. This vulnerability exploits a condition in the Linux kernel within the execve() system call. There is no known workaround that exists for this vulnerability. What is the correct action to be taken by Rebecca in this situation as a recommendation to management?

1. A. Rebecca should make a recommendation to disable the () system call
2. B. Rebecca should make a recommendation to upgrade the Linux kernel promptly
3. C. Rebecca should make a recommendation to set all child-process to sleep within the execve()
4. D. Rebecca should make a recommendation to hire more system administrators to monitor all child processes to ensure that each child process can't elevate privilege

Correct Answer: B

- (Topic 8)
A Buffer Overflow attack involves:

1. A. Using a trojan program to direct data traffic to the target host's memory stack
2. B. Flooding the target network buffers with data traffic to reduce the bandwidth available to legitimate users
3. C. Using a dictionary to crack password buffers by guessing user names and passwords
4. D. Poorly written software that allows an attacker to execute arbitrary code on a target system

Correct Answer: D
B is a denial of service. By flooding the data buffer in an application with trash you could get access to write in the code segment in the application and that way insert your own code.