Download ECCouncil.412-79v8.RealExams.2019-02-20.200q.vcex

Download Exam

File Info

Exam EC-Council Certified Security Analyst
Number 412-79v8
File Name ECCouncil.412-79v8.RealExams.2019-02-20.200q.vcex
Size 10 MB
Posted Feb 20, 2019
Download ECCouncil.412-79v8.RealExams.2019-02-20.200q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%





Demo Questions

Question 1

Which of the following password cracking techniques is used when the attacker has some information about the password?


  1. Hybrid Attack
  2. Dictionary Attack
  3. Syllable Attack
  4. Rule-based Attack
Correct answer: D
Explanation:
Reference: http://202.154.59.182/mfile/files/Information%20System/Computer%20Forensics%3B%20Hard%20Disk%20and%20Operating%20Systems/CHAPTER%207%20Application%20Password%20Crackers.pdf (page 4, rule-based attack)
Reference: http://202.154.59.182/mfile/files/Information%20System/Computer%20Forensics%3B%20Hard%20Disk%20and%20Operating%20Systems/CHAPTER%207%20Application%20Password%20Crackers.pdf (page 4, rule-based attack)



Question 2

Which of the following is an application alert returned by a web application that helps an attacker guess a valid username?


  1. Invalid username or password
  2. Account username was not found
  3. Incorrect password
  4. Username or password incorrect
Correct answer: C



Question 3

A pen tester has extracted a database name by using a blind SQL injection. Now he begins to test the table inside the database using the below query and finds the table: 
http://juggyboy.com/page.aspx?id=1; IF (LEN(SELECT TOP 1 NAME from sysobjects where xtype='U')=3) WAITFOR DELAY '00:00:10'-- 
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),1,1)))=101) WAITFOR DELAY '00:00:10'-- 
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),2,1)))=109) WAITFOR DELAY '00:00:10'-- 
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),3,1)))=112) WAITFOR DELAY '00:00:10'— 
What is the table name?


  1. CTS
  2. QRT
  3. EMP
  4. ABC
Correct answer: C



Question 4

When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?


  1. Passive IDS
  2. Active IDS
  3. Progressive IDS
  4. NIPS
Correct answer: B



Question 5

HTTP protocol specifies that arbitrary binary characters can be passed within the URL by using %xx notation, where 'xx' is the


  1. ASCII value of the character
  2. Binary value of the character
  3. Decimal value of the character
  4. Hex value of the character
Correct answer: D
Explanation:
https://books.google.nl/books?id=0RfANAwOUdIC&pg=PA720&lpg=PA720&dq=%22xx+notation%22+binary&source=bl&ots=pGMqass7ti&sig=rnIg1xZ78ScUvuIlTmDY3r7REuc&hl=nl&sa=X&ei=8C4dVYe1NorgasrzgoAL&ved=0CEQQ6AEwBQ#v=onepage&q=%22xx%20notation%22%20binary&f=false
https://books.google.nl/books?id=0RfANAwOUdIC&pg=PA720&lpg=PA720&dq=%22xx+notation%22+binary&source=bl&ots=pGMqass7ti&sig=rnIg1xZ78ScUvuIlTmDY3r7REuc&hl=nl&sa=X&ei=8C4dVYe1NorgasrzgoAL&ved=0CEQQ6AEwBQ#v=onepage&q=%22xx%20notation%22%20binary&f=false



Question 6

Which of the following appendices gives detailed lists of all the technical terms used in the report?


  1. Required Work Efforts
  2. References
  3. Research
  4. Glossary
Correct answer: D
Explanation:
Refere’ http://en.wikipedia.org/wiki/Glossary
Refere’ http://en.wikipedia.org/wiki/Glossary



Question 7

An external intrusion test and analysis identify security weaknesses and strengths of the client's systems and networks as they appear from outside the client's security perimeter, usually from the Internet. The goal of an external intrusion test and analysis is to demonstrate the existence of known vulnerabilities that could be exploited by an external attacker.  
  
During external penetration testing, which of the following scanning techniques allow you to determine a port’s state without making a full connection to the host?


  1. XMAS Scan
  2. SYN scan
  3. FIN Scan
  4. NULL Scan
Correct answer: B



Question 8

Passwords protect computer resources and files from unauthorized access by malicious users. Using passwords is the most capable and effective way to protect information and to increase the security level of a company.  
Password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system to gain unauthorized access to a system.  
  
Which of the following password cracking attacks tries every combination of characters until the password is broken?


  1. Brute-force attack
  2. Rule-based attack
  3. Hybrid attack
  4. Dictionary attack
Correct answer: A
Explanation:
Reference: http://books.google.com.pk/books?id=m2qZNW4dcyIC&pg=PA237&lpg=PA237&dq=password+cracking+attacks+tries+every+combination+of+characters+until+the+password+is+broken&source=bl&ots=RKEUUo6LYj&sig=MPEfFBEpoO0yvOwMxYCoPQuqM5g&hl=en&sa=X&ei=ZdwdVJm3CoXSaPXsgPgM&ved=0CCEQ6AEwAQ#v=onepage&q=password%20cracking%20attacks%20tries%20every%20combination%20of%20characters%20until%20the%20password%20is%20broken&f=false
Reference: http://books.google.com.pk/books?id=m2qZNW4dcyIC&pg=PA237&lpg=PA237&dq=password+cracking+attacks+tries+every+combination+of+characters+until+the+password+is+broken&source=bl&ots=RKEUUo6LYj&sig=MPEfFBEpoO0yvOwMxYCoPQuqM5g&hl=en&sa=X&ei=ZdwdVJm3CoXSaPXsgPgM&ved=0CCEQ6AEwAQ#v=onepage&q=password%20cracking%20attacks%20tries%20every%20combination%20of%20characters%20until%20the%20password%20is%20broken&f=false



Question 9

Rules of Engagement (ROE) document provides certain rights and restriction to the test team for performing the test and helps testers to overcome legal, federal, and policy-related restrictions to use different penetration testing tools and techniques.  
  
What is the last step in preparing a Rules of Engagement (ROE) document?


  1. Conduct a brainstorming session with top management and technical teams
  2. Decide the desired depth for penetration testing
  3. Conduct a brainstorming session with top management and technical teams
  4. Have pre-contract discussions with different pen-testers
Correct answer: C



Question 10

Which of the following is a framework of open standards developed by the Internet Engineering Task Force (IETF) that provides secure transmission of the sensitive data over an unprotected medium, such as the Internet?


  1. DNSSEC
  2. Netsec
  3. IKE
  4. IPsec
Correct answer: D
Explanation:
Reference: http://www.cisco.com/c/en/us/td/docs/net_mgmt/vpn_solutions_center/2-0/ip_security/provisioning/guide/IPsecPG1.html
Reference: http://www.cisco.com/c/en/us/td/docs/net_mgmt/vpn_solutions_center/2-0/ip_security/provisioning/guide/IPsecPG1.html









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!

Get Now!


HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files