312-50V8 Online Practice Questions and Answers

A file integrity program such as Tripwire protects against Trojan horse attacks by:

A. Automatically deleting Trojan horse programs

B. Rejecting packets generated by Trojan horse programs

C. Using programming hooks to inform the kernel of Trojan horse behavior

D. Helping you catch unexpected changes to a system utility file that might indicate it had been replaced by a Trojan horse

Where should a security tester be looking for information that could be used by an attacker against an organization? (Select all that apply)

A. CHAT rooms

B. WHOIS database

C. News groups

D. Web sites

E. Search engines

F. Organization's own web site

You receive an email with the following message:

Hello Steve,

We are having technical difficulty in restoring user database record after the recent blackout. Your account

data is corrupted. Please logon to the SuperEmailServices.com and

change your password.

http://[email protected]/support/logon.htm

If you do not reset your password within 7 days, your account will be permanently disabled locking you out

from our e-mail services. Sincerely, Technical Support SuperEmailServices From this e-mail you suspect that this message was sent by some hacker since you have been using their

e-mail services for the last 2 years and they have never sent out an e-mail such as this. You also observe

the URL in the message and confirm your suspicion about 0xde.0xad.0xbde.0xef which looks like

hexadecimal numbers. You immediately enter the following at Windows 2000 command prompt:

Ping 0xde.0xad.0xbe.0xef

You get a response with a valid IP address.

What is the obstructed IP address in the e-mail URL?

A. 222.173.190.239

B. 233.34.45.64

C. 54.23.56.55

D. 199.223.23.45

Which of the following describes the characteristics of a Boot Sector Virus?

A. Moves the MBR to another location on the RAM and copies itself to the original location of the MBR

B. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR

C. Modifies directory table entries so that directory entries point to the virus code instead of the actual program

D. Overwrites the original MBR and only executes the new virus code

A company firewall engineer has configured a new DMZ to allow public systems to be located away from

the internal network. The engineer has three security zones set:

Untrust (Internet) – (Remote network = 217.77.88.0/24)

DMZ (DMZ) – (11.12.13.0/24)

Trust (Intranet) – (192.168.0.0/24)

The engineer wants to configure remote desktop access from a fixed IP on the remote network to a remote

desktop server in the DMZ.

Which rule would best fit this requirement?

A. Permit 217.77.88.0/24 11.12.13.0/24 RDP 3389

B. Permit 217.77.88.12 11.12.13.50 RDP 3389

C. Permit 217.77.88.12 11.12.13.0/24 RDP 3389

D. Permit 217.77.88.0/24 11.12.13.50 RDP 3389

Which command lets a tester enumerate alive systems in a class C network via ICMP using native Windows tools?

A. ping 192.168.2.

B. ping 192.168.2.255

C. for %V in (1 1 255) do PING 192.168.2.%V

D. for /L %V in (1 1 254) do PING -n 1 192.168.2.%V | FIND /I "Reply"

You are writing security policy that hardens and prevents Footprinting attempt by Hackers.

Which of the following countermeasures will NOT be effective against this attack?

A. Configure routers to restrict the responses to Footprinting requests

B. Configure Web Servers to avoid information leakage and disable unwanted protocols

C. Lock the ports with suitable Firewall configuration

D. Use an IDS that can be configured to refuse suspicious traffic and pick up Footprinting patterns

E. Evaluate the information before publishing it on the Website/Intranet

F. Monitor every employee computer with Spy cameras,keyloggers and spy on them

G. Perform Footprinting techniques and remove any sensitive information found on DMZ sites

H. Prevent search engines from caching a Webpage and use anonymous registration services

I. Disable directory and use split-DNS

This is an example of whois record.

Sometimes a company shares a little too much information on their organization through public domain records. Based on the above whois record, what can an attacker do? (Select 2 answers)

A. Search engines like Google,Bing will expose information listed on the WHOIS record

B. An attacker can attempt phishing and social engineering on targeted individuals using the information from WHOIS record

C. Spammers can send unsolicited e-mails to addresses listed in the WHOIS record

D. IRS Agents will use this information to track individuals using the WHOIS record information

While probing an organization you discover that they have a wireless network. From your attempts to connect to the WLAN you determine that they have deployed MAC filtering by using ACL on the access points.

What would be the easiest way to circumvent and communicate on the WLAN?

A. Attempt to crack the WEP key using Airsnort.

B. Attempt to brute force the access point and update or delete the MAC ACL.

C. Steel a client computer and use it to access the wireless network.

D. Sniff traffic if the WLAN and spoof your MAC address to one that you captured.

In order to attack a wireless network, you put up an access point and override the signal of the real access point. As users send authentication data, you are able to capture it.

What kind of attack is this?

A. Rouge access point attack

B. Unauthorized access point attack

C. War Chalking

D. WEP attack