312-50v12 Free Practice Test

- (Exam Topic 2)
Every company needs a formal written document which spells out to employees precisely what they are allowed to use the company's systems for, what is prohibited, and what will happen to them if they break the rules. Two printed copies of the policy should be given to every employee as soon as possible after they join the organization. The employee should be asked to sign one copy, which should be safely filed by the company. No one should be allowed to use the company's computer systems until they have signed the policy in acceptance of its terms.
What is this document called?

1. A. Information Audit Policy (IAP)
2. B. Information Security Policy (ISP)
3. C. Penetration Testing Policy (PTP)
4. D. Company Compliance Policy (CCP)

Correct Answer: B

- (Exam Topic 2)
What is the minimum number of network connections in a multi homed firewall?

1. A. 3
2. B. 5
3. C. 4
4. D. 2

Correct Answer: A

- (Exam Topic 3)
Attempting an injection attack on a web server based on responses to True/False QUESTION NO:s is called which of the following?

1. A. Compound SQLi
2. B. Blind SQLi
3. C. Classic SQLi
4. D. DMS-specific SQLi

Correct Answer: B
https://en.wikipedia.org/wiki/SQL_injection#Blind_SQL_injection
Blind SQL injection is used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker. The page with the vulnerability may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. This type of attack has traditionally been considered time-intensive because a new statement needed to be crafted for each bit recovered, and depending on its structure, the attack may consist of many unsuccessful requests. Recent advancements have allowed each request to recover multiple bits, with no unsuccessful requests, allowing for more consistent and efficient extraction.

- (Exam Topic 3)
You have compromised a server on a network and successfully opened a shell. You aimed to identify all operating systems running on the network. However, as you attempt to fingerprint all machines in the network using the nmap syntax below, it is not going through.
invictus@victim_server.~$ nmap -T4 -O 10.10.0.0/24 TCP/IP fingerprinting (for OS scan) xxxxxxx xxxxxx
xc. QUITTING!
What seems to be wrong?

1. A. The nmap syntax is wrong.
2. B. This is a common behavior for a corrupted nmap application.
3. C. The outgoing TCP/IP fingerprinting is blocked by the host firewall.
4. D. OS Scan requires root privileges.

Correct Answer: D

- (Exam Topic 3)
Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days, Bab denies that he had ever sent a mail. What do you want to ““know”” to prove yourself that it was Bob who had send a mail?

1. A. Non-Repudiation
2. B. Integrity
3. C. Authentication
4. D. Confidentiality

Correct Answer: A
Non-repudiation is the assurance that someone cannot deny the validity of something. Non-repudiation is a legal concept that is widely used in information security and refers to a service, which provides proof of the origin of data and the integrity of the data. In other words, non-repudiation makes it very difficult to successfully deny who/where a message came from as well as the authenticity and integrity of that message.