312-50v13 Free Practice Test

- (Topic 1)
A large mobile telephony and data network operator has a data center that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems.
What is the best security policy concerning this setup?

1. A. Network elements must be hardened with user ids and strong password
2. B. Regular security tests and audits should be performed.
3. C. As long as the physical access to the network elements is restricted, there is no need for additional measures.
4. D. There is no need for specific security measures on the network elements as long as firewalls and IPS systems exist.
5. E. The operator knows that attacks and down time are inevitable and should have a backup site.

Correct Answer: A

- (Topic 3)
A sophisticated attacker targets your web server with the intent to execute a Denial of Service (DoS) attack. His strategy involves a unique mixture of TCP SYN, UDP, and ICMP floods, using 'r' packets per second. Your server, reinforced with advanced security measures, can handle 'h' packets per second before it starts showing signs of strain. If 'r' surpasses 'h', it overwhelms the server, causing it to become unresponsive. In a peculiar pattern, the attacker selects 'r' as a composite number and 'h' as a prime number, making the attack detection more challenging. Considering 'r=2010' and different values for 'h', which of the following scenarios would potentially cause the server to falter?

1. A. h=1999 (prime): Despite the attacker's packet flood, the server can handle these requests, remaining responsive
2. B. h=2003 (prime): The server can manage more packets than the attacker is sending,hence it stays operational
3. C. h=1993 (prime): Despite being less than 'r', the server's prime number capacity keeps it barely operational, but the risk of falling is imminent
4. D. h=1987 (prime): The attacker's packet rate exceeds the server's capacity, causing potential unresponsiveness

Correct Answer: D
A Denial of Service (DoS) attack is a type of cyberattack that aims to make a machine or network resource unavailable to its intended users by flooding it with traffic or requests that consume its resources. A TCP SYN flood attack is a type of DoS attack that exploits the TCP handshake process by sending a large number of SYN requests to the target server, without completing the connection. A UDP flood attack is a type of DoS attack that sends a large number of UDP packets to random ports on the target server, forcing it to check for the application listening at that port and reply with an ICMP packet. An ICMP flood attack is a type of DoS attack that sends a large number of ICMP packets, such as ping requests, to the target server, overwhelming its ICMP processing capacity. The attacker??s strategy involves a unique mixture of TCP SYN, UDP, and ICMP floods, using ??r?? packets per second. The server can handle ??h?? packets per second before it starts showing signs of strain. If ??r?? surpasses ??h??, it overwhelms the server, causing it to become unresponsive. The attacker selects ??r?? as a composite number and ??h?? as a prime number, making the attack detection more challenging. This is because prime numbers are less predictable and more difficult to factorize than composite numbers, which may hinder the analysis of the attack pattern.
Considering ??r=2010?? and different values for ??h??, the scenario that would potentially cause the server to falter is the one where ??h=1987?? (prime). This is because ??r?? is greater than ??h?? by 23 packets per second, which means the server cannot handle the incoming traffic and will eventually run out of resources. The other scenarios would not cause the server to falter, as ??h?? is either greater than or very close to ??r??, which means the server can either manage or barely cope with the incoming traffic. References:
✑ What is a denial-of-service (DoS) attack? | Cloudflare
✑ Denial-of-Service (DoS) Attack: Examples and Common Targets - Investopedia
✑ DDoS Attack Types: Glossary of Terms
✑ What is a Denial of Service (DoS) Attack? | Webopedia

- (Topic 1)
While using your bank??s online servicing you notice the following string in the URL bar:
??http: // www. MyPersonalBank. com/ account?id=368940911028389&Damount=10980&Camount=21??
You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflects the changes.
Which type of vulnerability is present on this site?

1. A. Cookie Tampering
2. B. SQL Injection
3. C. Web Parameter Tampering
4. D. XSS Reflection

Correct Answer: C

- (Topic 2)
Samuel a security administrator, is assessing the configuration of a web server. He noticed that the server permits SSlv2 connections, and the same private key certificate is used on a different server that allows SSLv2 connections. This vulnerability makes the web server vulnerable to attacks as the SSLv2 server can leak key information.
Which of the following attacks can be performed by exploiting the above vulnerability?

1. A. DROWN attack
2. B. Padding oracle attack
3. C. Side-channel attack
4. D. DUHK attack

Correct Answer: A
DROWN is a serious vulnerability that affects HTTPS and other services that deem SSL and TLS, some of the essential cryptographic protocols for net security. These protocols allow everyone on the net to browse the net, use email, look on-line, and send instant messages while not third-parties being able to browse the communication.
DROWN allows attackers to break the encryption and read or steal sensitive communications, as well as passwords, credit card numbers, trade secrets, or financial data. At the time of public disclosure on March 2016, our measurements indicated thirty third of all HTTPS servers were vulnerable to the attack. fortuitously, the vulnerability is much less prevalent currently. As of 2019, SSL Labs estimates that one.2% of HTTPS servers are vulnerable.
What will the attackers gain?Any communication between users and the server. This typically includes, however isn??t limited to, usernames and passwords, credit card numbers, emails, instant messages, and sensitive documents. under some common scenarios, an attacker can also impersonate a secure web site and intercept or change the content the user sees.
Who is vulnerable?Websites, mail servers, and other TLS-dependent services are in danger for the DROWN attack. At the time of public disclosure, many popular sites were affected. we used Internet-wide scanning to live how many sites are vulnerable:
SSLv2

Operators of vulnerable servers got to take action. there??s nothing practical that browsers or end-users will do on their own to protect against this attack.
Is my site vulnerable?Modern servers and shoppers use the TLS encryption protocol. However, because of misconfigurations, several servers also still support SSLv2, a 1990s- era precursor to TLS. This support did not matter in practice, since no up-to-date clients really use SSLv2. Therefore, despite the fact that SSLv2 is thought to be badly insecure, until now, simply supporting SSLv2 wasn??t thought of a security problem, is a clients never used it.
DROWN shows that merely supporting SSLv2 may be a threat to fashionable servers and clients. It modern associate degree attacker to modern fashionable TLS connections between up-to-date clients and servers by sending probes to a server that supports SSLv2 and uses the same private key.

SSLv2
✑ It allows SSLv2 connections. This is surprisingly common, due to misconfiguration and inappropriate default settings.
✑ Its private key is used on any other serverthat allows SSLv2 connections, even for another protocol. Many companies reuse the same certificate and key on their web and email servers, for instance. In this case, if the email server supports SSLv2
and the web server does not, an attacker can take advantage of the email server to break TLS connections to the web server.
A server is vulnerable to DROWN if:

SSLv2
How do I protect my server?To protect against DROWN, server operators need to ensure that their private keys software used anyplace with server computer code that enables SSLv2 connections. This includes net servers, SMTP servers, IMAP and POP servers, and the other software that supports SSL/TLS.
Disabling SSLv2 is difficult and depends on the particular server software. we offer instructions here for many common products:
OpenSSL: OpenSSL may be a science library employed in several server merchandise. For users of OpenSSL, the simplest and recommended solution is to upgrade to a recent OpenSSL version. OpenSSL 1.0.2 users ought to upgrade to 1.0.2g. OpenSSL 1.0.1 users ought to upgrade to one.0.1s. Users of older OpenSSL versions ought to upgrade to either one in every of these versions. (Updated March thirteenth, 16:00 UTC) Microsoft IIS (Windows Server): Support for SSLv2 on the server aspect is enabled by default only on the OS versions that correspond to IIS 7.0 and IIS seven.5, particularly Windows scene, Windows Server 2008, Windows seven and Windows Server 2008R2. This support is disabled within the appropriate SSLv2 subkey for ??Server??, as outlined in KB245030. albeit users haven??t taken the steps to disable SSLv2, the export-grade and 56-bit ciphers that build DROWN possible don??t seem to be supported by default.
Network Security Services (NSS): NSS may be a common science library designed into several server merchandise. NSS versions three.13 (released back in 2012) and higher than ought to have SSLv2 disabled by default. (A little variety of users might have enabled SSLv2 manually and can got to take steps to disable it.) Users of older versions ought to upgrade to a more moderen version. we tend to still advocate checking whether or not your non-public secret is exposed elsewhere
Other affected software and in operation systems:
Instructions and data for: Apache, Postfix, Nginx, Debian, Red Hat
Browsers and other consumers: practical nothing practical that net browsers or different client computer code will do to stop DROWN. only server operators ar ready to take action to guard against the attack.

- (Topic 1)
Why should the security analyst disable/remove unnecessary ISAPI filters?

1. A. To defend against social engineering attacks
2. B. To defend against webserver attacks
3. C. To defend against jailbreaking
4. D. To defend against wireless attacks

Correct Answer: B