312-50v9 Practice Test

The Open Web Application Security Project (OWASP) isthe worldwide not-for-profit
charitable organization focused on improving the security of software. What item is the
primary concern on OWASP’s Top Ten Project most Critical Web application Security
Rules?

A.

Injection

B.

Cross site Scripting

C.

Cross site Request Forgery

D.

Path Disclosure

Session splicing is an IDS evasiontechnique in which an attacker delivers data in multiple,
smallsized packets to the target computer, making it very difficult for an IDS to detect the
attack signatures.
Which tool can used to perform session splicing attacks?

A.

Hydra

B.

Burp

C.

Whisker

D.

Tcpsplice

Which of the following isthe greatest threat posed by backups?

A.

An un-encrypted backup can be misplaced or stolen

B.

A back is incomplete because no verification was performed.

C.

A backup is the source of Malware or illicit information.

D.

A backup is unavailable duringdisaster recovery.

A new wireless client is configured to join a 802.11 network. Thisclient uses the same
hardware and software as many of the other clients on the network. The client can see the
network, but cannot connect. A wireless packet sniffer shows that the Wireless Access
Point (WAP) is not responding to the association requests being sent by the wireless client.
What is a possible source of this problem?

A.

The client cannot see the SSID of the wireless network

B.

The wireless client is not configured to use DHCP

C.

The WAP does not recognize the client's MAC address

D.

Client isconfigured for the wrong channel

What does a firewall check to prevent particularports and applications from getting packets
into an organizations?

A.

Transport layer port numbers and application layer headers

B.

Network layer headers and the session layer port numbers

C.

Application layer port numbers and the transport layer headers

D.

Presentation layer headers and the session layer port numbers