- Home
- EC-COUNCIL
- EC-Council Certified Security Analyst (ECSA)
- EC-COUNCIL.412-79V8.v2018-03-16.q189
- Question 137
Valid 412-79v8 Dumps shared by ExamDiscuss.com for Helping Passing 412-79v8 Exam! ExamDiscuss.com now offer the newest 412-79v8 exam dumps, the ExamDiscuss.com 412-79v8 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com 412-79v8 dumps with Test Engine here:
Access 412-79v8 Dumps Premium Version
(196 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 137/189
Identify the type of testing that is carried out without giving any information to the employees or administrative head of the organization.
Correct Answer: C
- Question List (189q)
- Question 1: A security policy is a document or set of documents that des...
- Question 2: The framework primarily designed to fulfill a methodical and...
- Question 3: Which one of the following Snort logger mode commands is ass...
- Question 4: Which of the following protocol's traffic is captured by usi...
- Question 5: Which of the following is NOT generally included in a quote ...
- Question 6: What is the difference between penetration testing and vulne...
- Question 7: When you are running a vulnerability scan on a network and t...
- Question 8: SQL injection attacks are becoming significantly more popula...
- Question 9: A directory traversal (or path traversal) consists in exploi...
- Question 10: Which of the following policy forbids everything with strict...
- Question 11: Network scanning is used to identify the available network r...
- Question 12: Output modules allow Snort to be much more flexible in the f...
- Question 13: Which of the following has an offset field that specifies th...
- Question 14: What are placeholders (or markers) in an HTML document that ...
- Question 15: Which one of the following 802.11 types uses either FHSS or ...
- Question 16: Which of the following is an ARP cache poisoning technique a...
- Question 17: In Linux, /etc/shadow file stores the real password in encry...
- Question 18: A wireless intrusion detection system (WIDS) monitors the ra...
- Question 19: One of the steps in information gathering is to run searches...
- Question 20: What is a goal of the penetration testing report? (Exhibit)...
- Question 21: Which of the following password cracking techniques is used ...
- Question 22: Which of the following is the range for assigned ports manag...
- Question 23: SQL injection attack consists of insertion or "injection" of...
- Question 24: Identify the attack represented in the diagram below: (Exhib...
- Question 25: Port numbers are used to keep track of different conversatio...
- Question 26: Which of the following pen testing reports provides detailed...
- Question 27: Which of the following documents helps in creating a confide...
- Question 28: What are the scanning techniques that are used to bypass fir...
- Question 29: Which of the following is not a characteristic of a firewall...
- Question 30: In a TCP packet filtering firewall, traffic is filtered base...
- Question 31: John, the penetration tester in a pen test firm, was asked t...
- Question 32: Transmission control protocol accepts data from a data strea...
- Question 33: John, a penetration tester from a pen test firm, was asked t...
- Question 34: Traceroute is a computer network diagnostic tool for display...
- Question 35: In the process of hacking a web application, attackers manip...
- Question 36: Amazon Consulting Corporation provides penetration testing a...
- Question 37: A framework is a fundamental structure used to support and r...
- Question 38: Identify the port numbers used by POP3 and POP3S protocols....
- Question 39: Which one of the following log analysis tools is used for an...
- Question 40: The term social engineering is used to describe the various ...
- Question 41: In which of the following firewalls are the incoming or outg...
- Question 42: Windows stores user passwords in the Security Accounts Manag...
- Question 43: TCP/IP model is a framework for the Internet Protocol suite ...
- Question 44: Identify the policy that defines the standards for the organ...
- Question 45: Which one of the following is a useful formatting token that...
- Question 46: A penetration test consists of three phases: pre-attack phas...
- Question 47: Which one of the following tools of trade is a commercial sh...
- Question 48: Identify the correct formula for Return on Investment (ROI)....
- Question 49: DMZ is a network designed to give the public access to the s...
- Question 50: Attackers create secret accounts and gain illegal access to ...
- Question 51: During external penetration testing, which of the following ...
- Question 52: Which of the following is not a condition specified by Hamel...
- Question 53: Which of the following is NOT related to the Internal Securi...
- Question 54: Traffic on which port is unusual for both the TCP and UDP po...
- Question 55: A firewall protects networked computers from intentional hos...
- Question 56: The SnortMain () function begins by associating a set of han...
- Question 57: Today, most organizations would agree that their most valuab...
- Question 58: The IP protocol was designed for use on a wide variety of tr...
- Question 59: What sort of vulnerability assessment approach starts by bui...
- Question 60: Internet Control Message Protocol (ICMP) messages occur in m...
- Question 61: James is testing the ability of his routers to withstand DoS...
- Question 62: Identify the type of authentication mechanism represented be...
- Question 63: The Web parameter tampering attack is based on the manipulat...
- Question 64: Port numbers are used to keep track of different conversatio...
- Question 65: Wireless communication allows networks to extend to places t...
- Question 66: Which of the following attacks does a hacker perform in orde...
- Question 67: Besides the policy implications of chat rooms, Internet Rela...
- Question 68: Which of the following policies states that the relevant app...
- Question 69: A penetration tester tries to transfer the database from the...
- Question 70: In the TCP/IP model, the transport layer is responsible for ...
- Question 71: One needs to run "Scan Server Configuration" tool to allow a...
- Question 72: Vulnerability assessment is an examination of the ability of...
- Question 73: If a web application sends HTTP cookies as its method for tr...
- Question 74: Which vulnerability assessment phase describes the scope of ...
- Question 75: Application security assessment is one of the activity that ...
- Question 76: An antenna is a device that is designed to transmit and rece...
- Question 77: Choose the correct option to define the Prefix Length. (Exhi...
- Question 78: Which Wireshark filter displays all the packets where the IP...
- Question 79: Identify the injection attack represented in the diagram bel...
- Question 80: Which of the following acts is a proprietary information sec...
- Question 81: Which of the following attacks is an offline attack?...
- Question 82: The Internet is a giant database where people store some of ...
- Question 83: Assessing a network from a hacker's point of view to discove...
- Question 84: What is a difference between host-based intrusion detection ...
- Question 85: Why is a legal agreement important to have before launching ...
- Question 86: A framework for security analysis is composed of a set of in...
- Question 87: An attacker injects malicious query strings in user input fi...
- Question 88: Which one of the following 802.11 types has WLAN as a networ...
- Question 89: Which of the following is a framework of open standards deve...
- Question 90: Which of the following is an application alert returned by a...
- Question 91: Which of the following approaches to vulnerability assessmen...
- Question 92: Metasploit framework in an open source platform for vulnerab...
- Question 93: Which of the following protocols cannot be used to filter Vo...
- Question 94: Security auditors determine the use of WAPs on their network...
- 1 commentQuestion 95: Wireshark is a network analyzer. It reads packets from the n...
- Question 96: Variables are used to define parameters for detection, speci...
- Question 97: ARP spoofing is a technique whereby an attacker sends fake (...
- Question 98: Fuzz testing or fuzzing is a software/application testing te...
- Question 99: The amount of data stored in organizational databases has in...
- Question 100: Which one of the following commands is used to search one of...
- Question 101: Which of the following is the objective of Gramm-Leach-Blile...
- Question 102: Black-box testing is a method of software testing that exami...
- Question 103: War Driving is the act of moving around a specific area, map...
- Question 104: Timing is an element of port-scanning that can catch one una...
- Question 105: Which among the following information is not furnished by th...
- Question 106: Which of the following statements is true about Multi-Layer ...
- Question 107: Which of the following equipment could a pen tester use to p...
- Question 108: Due to illegal inputs, various types of TCP stacks respond i...
- Question 109: External penetration testing is a traditional approach to pe...
- Question 110: Which of the following information gathering techniques coll...
- Question 111: Which of the following shields Internet users from artificia...
- Question 112: Which of the following scan option is able to identify the S...
- Question 113: Information gathering is performed to: i) Collect basic info...
- Question 114: Phishing is typically carried out by email spoofing or insta...
- Question 115: Which of the following statements is true about the LM hash?...
- Question 116: Nessus can test a server or a network for DoS vulnerabilitie...
- Question 117: Identify the transition mechanism to deploy IPv6 on the IPv4...
- Question 118: In which of the following IDS evasion techniques does IDS re...
- Question 119: Amazon, an IT based company, conducts a survey on the usage ...
- Question 120: Which of the following statement holds true for TCP Operatio...
- Question 121: Identify the data security measure which defines a principle...
- Question 122: Rule of Engagement (ROE) is the formal permission to conduct...
- Question 123: Which of the following attributes has a LM and NTLMv1 value ...
- Question 124: John, a penetration tester, was asked for a document that de...
- Question 125: Identify the framework that comprises of five levels to guid...
- Question 126: Which of the following methods is used to perform server dis...
- Question 127: What threat categories should you use to prioritize vulnerab...
- Question 128: An automated electronic mail message from a mail system whic...
- Question 129: The first phase of the penetration testing plan is to develo...
- Question 130: Which type of security policy applies to the below configura...
- Question 131: The first and foremost step for a penetration test is inform...
- Question 132: DNS information records provide important data about:...
- Question 133: A Demilitarized Zone (DMZ) is a computer host or small netwo...
- Question 134: Which of the following is developed to address security conc...
- Question 135: Which of the following contents of a pen testing project pla...
- Question 136: A man enters a PIN number at an ATM machine, being unaware t...
- Question 137: Identify the type of testing that is carried out without giv...
- Question 138: The objective of social engineering pen testing is to test t...
- Question 139: Firewall and DMZ architectures are characterized according t...
- Question 140: This is a group of people hired to give details of the vulne...
- Question 141: Which one of the following is a command line tool used for c...
- Question 142: A penetration tester performs OS fingerprinting on the targe...
- Question 143: A pen tester has extracted a database name by using a blind ...
- Question 144: A firewall's decision to forward or reject traffic in networ...
- Question 145: Passwords protect computer resources and files from unauthor...
- Question 146: You are conducting a penetration test against a company and ...
- Question 147: In the example of a /etc/passwd file below, what does the bo...
- Question 148: Which of the following is not the SQL injection attack chara...
- Question 149: Which type of vulnerability assessment tool provides securit...
- Question 150: Which of the following policies helps secure data and protec...
- Question 151: In the context of penetration testing, what does blue teamin...
- Question 152: A Blind SQL injection is a type of SQL Injection attack that...
- Question 153: What is the maximum value of a "tinyint" field in most datab...
- Question 154: Before performing the penetration testing, there will be a p...
- Question 155: Internet Control Message Protocol (ICMP) messages occur in m...
- Question 156: Which of the following reports provides a summary of the com...
- Question 157: By default, the TFTP server listens on UDP port 69. Which of...
- Question 158: Firewall is an IP packet filter that enforces the filtering ...
- Question 159: Which one of the following log analysis tools is a Cisco Rou...
- Question 160: Identify the type of firewall represented in the diagram bel...
- Question 161: From where can clues about the underlying application enviro...
- Question 162: Which one of the following is a supporting tool for 802.11 (...
- Question 163: HTTP protocol specifies that arbitrary binary characters can...
- Question 164: Which one of the following acts makes reputational risk of p...
- Question 165: Which one of the following scans starts, but does not comple...
- 1 commentQuestion 166: Which of the following acts related to information security ...
- Question 167: Which of the following appendices gives detailed lists of al...
- Question 168: Mason is footprinting an organization to gather competitive ...
- Question 169: Which of the following are the default ports used by NetBIOS...
- Question 170: Which one of the following is false about Wireshark? (Select...
- Question 171: NTP protocol is used to synchronize the system clocks of com...
- Question 172: A chipset is a group of integrated circuits that are designe...
- Question 173: Rules of Engagement (ROE) document provides certain rights a...
- Question 174: Which of the following password hashing algorithms is used i...
- Question 175: An external intrusion test and analysis identify security we...
- Question 176: Identify the person who will lead the penetration-testing pr...
- Question 177: Which of the following defines the details of services to be...
- 1 commentQuestion 178: Which one of the following tools of trade is an automated, c...
- Question 179: Snort, an open source network-based intrusion detection sens...
- Question 180: Which one of the following acts related to the information s...
- Question 181: A WHERE clause in SQL specifies that a SQL Data Manipulation...
- Question 182: Transmission Control Protocol (TCP) is a connection-oriented...
- Question 183: Many security and compliance projects begin with a simple id...
- Question 184: During the process of fingerprinting a web application envir...
- Question 185: You work as an IT security auditor hired by a law firm in Bo...
- Question 186: John, the penetration testing manager in a pen testing firm,...
- Question 187: Which one of the following components of standard Solaris Sy...
- Question 188: Packet filtering firewalls are usually a part of a router. I...
- Question 189: Logs are the record of the system and network activities. Sy...
