312-50v12 Free Practice Test

- (Exam Topic 1)
Todd has been asked by the security officer to purchase a counter-based authentication system. Which of the following best describes this type of system?

1. A. A biometric system that bases authentication decisions on behavioral attributes.
2. B. A biometric system that bases authentication decisions on physical attributes.
3. C. An authentication system that creates one-time passwords that are encrypted with secret keys.
4. D. An authentication system that uses passphrases that are converted into virtual passwords.

Correct Answer: C

- (Exam Topic 2)
Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/feed.php?url:externaIsile.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed In the above scenario?

1. A. website defacement
2. B. Server-side request forgery (SSRF) attack
3. C. Web server misconfiguration
4. D. web cache poisoning attack

Correct Answer: B
Server-side request forgery (also called SSRF) is a net security vulnerability that allows an assaulter to induce the server-side application to make http requests to associate arbitrary domain of the attacker’s choosing.
In typical SSRF examples, the attacker might cause the server to make a connection back to itself, or to other web-based services among the organization’s infrastructure, or to external third-party systems.
Another type of trust relationship that often arises with server-side request forgery is where the application server is able to interact with different back-end systems that aren’t directly reachable by users. These systems typically have non-routable private informatics addresses. Since the back-end systems normally ordinarily protected by the topology, they typically have a weaker security posture. In several cases, internal back-end systems contain sensitive functionality that may be accessed while not authentication by anyone who is able to act with the systems.
In the preceding example, suppose there’s an body interface at the back-end url https://192.168.0.68/admin. Here, an attacker will exploit the SSRF vulnerability to access the executive interface by submitting the following request:
POST /product/stock HTTP/1.0
Content-Type: application/x-www-form-urlencoded Content-Length: 118 stockApi=http://192.168.0.68/admin

- (Exam Topic 1)
An attacker has installed a RAT on a host. The attacker wants to ensure that when a user attempts to go to "www.MyPersonalBank.com", the user is directed to a phishing site.
Which file does the attacker need to modify?

1. A. Boot.ini
2. B. Sudoers
3. C. Networks
4. D. Hosts

Correct Answer: D

- (Exam Topic 2)
Taylor, a security professional, uses a tool to monitor her company's website, analyze the website's traffic, and track the geographical location of the users visiting the company's website. Which of the following tools did Taylor employ in the above scenario?

1. A. WebSite Watcher
2. B. web-Stat
3. C. Webroot
4. D. WAFW00F

Correct Answer: B
Increase your web site’s performance and grow! Add Web-Stat to your site (it’s free!) and watch individuals act together with your pages in real time.
Learn how individuals realize your web site. Get details concerning every visitor’s path through your web site and track pages that flip browsers into consumers.
One-click install. observe locations, in operation systems, browsers and screen sizes and obtain alerts for new guests and conversions

- (Exam Topic 2)
This kind of password cracking method uses word lists in combination with numbers and special characters:

1. A. Hybrid
2. B. Linear
3. C. Symmetric
4. D. Brute Force

Correct Answer: A