312-50v13 Free Practice Test

- (Topic 3)
The security team of Debry Inc. decided to upgrade Wi-Fi security to thwart attacks such as dictionary attacks and key recovery attacks. For this purpose, the security team started implementing cutting-edge technology that uses a modern key establishment protocol called the simultaneous authentication of equals (SAE), also known as dragonfly key exchange, which replaces the PSK concept. What is the Wi-Fi encryption technology implemented by Debry Inc.?

1. A. WEP
2. B. WPA
3. C. WPA2
4. D. WPA3

Correct Answer: D

- (Topic 2)
Larry, a security professional in an organization, has noticed some abnormalities In the user accounts on a web server. To thwart evolving attacks, he decided to harden the security of the web server by adopting a countermeasures to secure the accounts on the web server.
Which of the following countermeasures must Larry implement to secure the user accounts on the web server?

1. A. Enable unused default user accounts created during the installation of an OS
2. B. Enable all non-interactive accounts that should exist but do not require interactive login
3. C. Limit the administrator or toot-level access to the minimum number of users
4. D. Retain all unused modules and application extensions

Correct Answer: C

- (Topic 2)
In the context of Windows Security, what is a 'null' user?

1. A. A user that has no skills
2. B. An account that has been suspended by the admin
3. C. A pseudo account that has no username and password
4. D. A pseudo account that was created for security administration purpose

Correct Answer: C

- (Topic 1)
Eve is spending her day scanning the library computers. She notices that Alice is using a computer whose port 445 is active and listening. Eve uses the ENUM tool to enumerate Alice machine. From the command prompt, she types the following command.

What is Eve trying to do?

1. A. Eve is trying to connect as a user with Administrator privileges
2. B. Eve is trying to enumerate all users with Administrative privileges
3. C. Eve is trying to carry out a password crack for user Administrator
4. D. Eve is trying to escalate privilege of the null user to that of Administrator

Correct Answer: C

- (Topic 1)
The ??Gray-box testing?? methodology enforces what kind of restriction?

1. A. Only the external operation of a system is accessible to the tester.
2. B. The internal operation of a system in only partly accessible to the tester.
3. C. Only the internal operation of a system is known to the tester.
4. D. The internal operation of a system is completely known to the tester.

Correct Answer: D
White-box testing (also known as clear box testing, glass box testing, transparent box testing, and structural testing) is a method of software testing that tests internal structures or workings of an application, as opposed to its functionality (i.e. black-box testing). In white-box testing, an internal perspective of the system, as well as programming skills, are used to design test cases. The tester chooses inputs to exercise paths through the code and determine the expected outputs. This is analogous to testing nodes in a circuit, e.g. in- circuit testing (ICT). White-box testing can be applied at the unit, integration and system levels of the software testing process. Although traditional testers tended to think of white- box testing as being done at the unit level, it is used for integration and system testing more frequently today. It can test paths within a unit, paths between units during integration, and between subsystems during a system-level test. Though this method of test design can uncover many errors or problems, it has the potential to miss unimplemented parts of the specification or missing requirements. Where white-box testing
is design-driven,[1] that is, driven exclusively by agreed specifications of how each component of the software is required to behave (as in DO-178C and ISO 26262 processes) then white-box test techniques can accomplish assessment for unimplemented or missing requirements.
White-box test design techniques include the following code coverage criteria:
· Control flow testing
· Data flow testing
· Branch testing
· Statement coverage
· Decision coverage
· Modified condition/decision coverage
· Prime path testing
· Path testing