312-50 Online Practice Questions and Answers

Giles is the network administrator for his company, a graphics design company based in Dallas. Most of the network is comprised of Windows servers and workstations, except for some designers that prefer to use MACs. These MAC users are running on the MAC OS X operating system. These MAC users also utilize iChat to talk between each other. Tommy, one of these MAC users, calls Giles and says that his computer is running very slow. Giles then gets more calls from the other MAC users saying they are receiving instant messages from Tommy even when he says he is not on his computer. Giles immediately unplugs Tommy's computer from the network to take a closer look. He opens iChat on Tommy's computer and it says that it sent a file called latestpics.tgz to all the other MAC users. Tommy says he never sent those files. Giles also sees that many of the computer's applications appear to be altered. The path where the files should be has an altered file and the original application is stored in the file's resource fork.

What has Giles discovered on Tommy's computer?

A. He has discovered OSX/Chat-burner virus on Tommy's computer

B. Giles has found the OSX/Leap-A virus on Tommy's computer

C. This behavior is indicative of the OSX/Inqtana.A virus

D. On Tommy's computer, Giles has discovered an apparent infection of the OSX/Transmitter.B virus

Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches. If these switches' ARP cache is successfully flooded, what will be the result?

A. The switches will drop into hub mode if the ARP cache is successfully flooded.

B. If the ARP cache is flooded, the switches will drop into pix mode making it less susceptible to attacks.

C. Depending on the switch manufacturer, the device will either delete every entry in its ARP cache or reroute packets to the nearest switch.

D. The switches will route all traffic to the broadcast address created collisions.

Trojan horse attacks pose one of the most serious threats to computer security. The image below shows different ways a Trojan can get into a system. Which are the easiest and most convincing ways to infect a computer?

A. IRC (Internet Relay Chat)

B. Legitimate "shrink-wrapped" software packaged by a disgruntled employee

C. NetBIOS (File Sharing)

D. Downloading files, games and screensavers from Internet sites

A particular database threat utilizes a SQL injection technique to penetrate a target system. How would an attacker use this technique to compromise a database?

A. An attacker uses poorly designed input validation routines to create or alter SQL commands to gain access to unintended data or execute commands of the database

B. An attacker submits user input that executes an operating system command to compromise a target system

C. An attacker gains control of system to flood the target system with requests, preventing legitimate users from gaining access

D. An attacker utilizes an incorrect configuration that leads to access with higher-than-expected privilege of the database

Exhibit:

You have captured some packets in Ethereal. You want to view only packets sent from 10.0.0.22. What filter will you apply?

A. ip = 10.0.0.22

B. ip.src == 10.0.0.22

C. ip.equals 10.0.0.22

D. ip.address = 10.0.0.22

A file integrity program such as Tripwire protects against Trojan horse attacks by:

A. Automatically deleting Trojan horse programs

B. Rejecting packets generated by Trojan horse programs

C. Using programming hooks to inform the kernel of Trojan horse behavior

D. Helping you catch unexpected changes to a system utility file that might indicate it had been replaced by a Trojan horse

John Beetlesman, the hacker has successfully compromised the Linux System of Agent Telecommunications, Inc's WebServer running Apache. He has downloaded sensitive documents and database files off the machine.

Upon performing various tasks, Beetlesman finally runs the following command on the Linux box before disconnecting.

for ((i=0;i<1;i++));do

?dd if=/dev/random of=/dev/hda andand dd if=/dev/zero of=/dev/hda done

What exactly is John trying to do?

A. He is making a bit stream copy of the entire hard disk for later download

B. He is deleting log files to remove his trace

C. He is wiping the contents of the hard disk with zeros

D. He is infecting the hard disk with random virus strings

What type of port scan is shown below?

A. Idle Scan

B. Windows Scan

C. XMAS Scan

D. SYN Stealth Scan

What does an ICMP (Code 13) message normally indicates?

A. It indicates that the destination host is unreachable

B. It indicates to the host that the datagram which triggered the source quench message will need to be re-sent

C. It indicates that the packet has been administratively dropped in transit

D. It is a request to the host to cut back the rate at which it is sending traffic to the Internet destination

System Administrators sometimes post questions to newsgroups when they run into technical challenges. As an ethical hacker, you could use the information in newsgroup posting to glean insight into the makeup of a target network. How would you search for these posting using Google search?

A. Search in Google using the key strings "the target company" and "newsgroups"

B. Search for the target company name at http://groups.google.com

C. Use NNTP websites to search for these postings

D. Search in Google using the key search strings "the target company" and "forums"