312-50 Free Practice Test

- (Topic 4)
Jonathan being a keen administrator has followed all of the best practices he could find on securing his Windows Server. He renamed the Administrator account to a new name that can’t be easily guessed but there remain people who attempt to
compromise his newly renamed administrator account. How can a remote attacker decipher the name of the administrator account if it has been renamed?

1. A. The attacker guessed the new name
2. B. The attacker used the user2sid program
3. C. The attacker used to sid2user program
4. D. The attacker used NMAP with the V option

Correct Answer: C
User2sid.exe can retrieve a SID from the SAM (Security Accounts Manager) from the local or a remote machine Sid2user.exe can then be used to retrieve the names of all the user accounts and more. These utilities do not exploit a bug but call the functions LookupAccountName and LookupAccountSid respectively. What is more these can be called against a remote machine without providing logon credentials save those needed for a null session connection.

- (Topic 5)
Password cracking programs reverse the hashing process to recover passwords.(True/False.

1. A. True
2. B. False

Correct Answer: B
Password cracking programs do not reverse the hashing process. Hashing is a one-way process. What these programs can do is to encrypt words, phrases, and characters using the same encryption process and compare them to the original password. A hashed match reveals the true password.

- (Topic 20)
Buffer X in an Accounting application module for Brownies Inc. can contain 200 characters. The programmer makes an assumption that 200 characters are more than enough. Because there were no proper boundary checks being conducted, Bob decided to insert 400 characters into the 200-character buffer. (Overflows the buffer). Below is the code snippet.

How can you protect/fix the problem of your application as shown above?

1. A. Because the counter starts with 0, we would stop when the counter is less than 200
2. B. Because the counter starts with 0, we would stop when the counter is more than 200
3. C. Add a separate statement to signify that if we have written 200 characters to the buffer, the stack should stop because it can’t hold any more data
4. D. Add a separate statement to signify that if we have written less than 200 characters to the buffer, the stack should stop because it can’t hold any more data

Correct Answer: AC
I=199 would be the character number 200. The stack holds exact 200 characters so there is no need to stop before 200.

- (Topic 3)
While reviewing the results of a scan run against a target network you come across the following:

What was used to obtain this output?

1. A. An SNMP Walk
2. B. Hping2 diagnosis
3. C. A Bo2K System query
4. D. Nmap protocol/port scan

Correct Answer: A
The snmpwalk command is designed to perform a sequence of chained GETNEXT requests automatically, rather than having to issue the necessary snmpgetnext requests by hand. The command takes a single OID, and will display a list of all the results which lie within the subtree rooted on this OID.

- (Topic 23)
Which type of sniffing technique is generally referred as MiTM attack?

1. A. Password Sniffing
2. B. ARP Poisoning
3. C. Mac Flooding
4. D. DHCP Sniffing

Correct Answer: C