How Many Questions Of 412-79v9 Samples

NEW QUESTION 1
Which of the following has an offset field that specifies the length of the header and data?

• A. IP Header
• B. UDP Header
• C. ICMP Header
• D. TCP Header

Answer: D

NEW QUESTION 2
Identify the injection attack represented in the diagram below:

• A. XPath Injection Attack
• B. XML Request Attack
• C. XML Injection Attack
• D. Frame Injection Attack

Answer: C

Explanation:
Reference: http://projects.webappsec.org/w/page/13247004/XML%20Injection

NEW QUESTION 3
Vulnerability assessment is an examination of the ability of a system or application, including current security procedures and controls, to withstand assault. It recognizes, measures, and classifies security vulnerabilities in a computer system, network, and communication channels.
A vulnerability assessment is used to identify weaknesses that could be exploited and predict the effectiveness of additional security measures in protecting information resources from attack.

Which of the following vulnerability assessment technique is used to test the web server infrastructure for any misconfiguration and outdated content?

• A. Passive Assessment
• B. Host-based Assessment
• C. External Assessment
• D. Application Assessment

Answer: D

NEW QUESTION 4
An external intrusion test and analysis identify security weaknesses and strengths of the client's systems and networks as they appear from outside the client's security perimeter, usually from the Internet. The goal of an external intrusion test and analysis is to demonstrate the existence of known vulnerabilities that could be exploited by an external attacker.

During external penetration testing, which of the following scanning techniques allow you to determine a port’s state without making a full connection to the host?

• A. XMAS Scan
• B. SYN scan
• C. FIN Scan
• D. NULL Scan

Answer: B

NEW QUESTION 5
One needs to run “Scan Server Configuration” tool to allow a remote connection to Nessus from the remote Nessus clients. This tool allows the port and bound interface of the Nessus daemon to be configured. By default, the Nessus daemon listens to connections on which one of the following?

• A. Localhost (127.0.0.1) and port 1241
• B. Localhost (127.0.0.1) and port 1240
• C. Localhost (127.0.0.1) and port 1246
• D. Localhost (127.0.0.0) and port 1243

Answer: A

NEW QUESTION 6
Which one of the following log analysis tools is a Cisco Router Log Format log analyzer and it parses logs, imports them into a SQL database (or its own built-in database), aggregates them, and generates the dynamically filtered reports, all through a web interface?

• A. Event Log Tracker
• B. Sawmill
• C. Syslog Manager
• D. Event Log Explorer

Answer: B

NEW QUESTION 7
Which of the following is NOT generally included in a quote for penetration testing services?

• A. Type of testing carried out
• B. Type of testers involved
• C. Budget required
• D. Expected timescale required to finish the project

Answer: B

NEW QUESTION 8
Rules of Engagement (ROE) document provides certain rights and restriction to the test team for performing the test and helps testers to overcome legal, federal, and policy-related restrictions to use different penetration testing tools and techniques.

What is the last step in preparing a Rules of Engagement (ROE) document?

• A. Conduct a brainstorming session with top management and technical teams
• B. Decide the desired depth for penetration testing
• C. Conduct a brainstorming session with top management and technical teams
• D. Have pre-contract discussions with different pen-testers

Answer: C

NEW QUESTION 9
In a TCP packet filtering firewall, traffic is filtered based on specified session rules, such as when a session is initiated by a recognized computer.

Identify the level up to which the unknown traffic is allowed into the network stack.

• A. Level 5 – Application
• B. Level 2 – Data Link
• C. Level 4 – TCP
• D. Level 3 – Internet Protocol (IP)

Answer: D

Explanation:
Reference: http://books.google.com.pk/books?id=KPjLAyA7HgoC&pg=PA208&lpg=PA208&dq=TCP+packet+filtering+firewall+level+up+to+which+the+unknown+traffic+is+allowed+into+the+network+stack&source=bl&ots=zRrbchVYng&sig=q5G3T8lggTfAMNRkL7Kp0SRslHU&hl=en&sa=X&ei=5PUeVLSbC8TmaMzrgZgC&ved=0CBsQ6AEwAA#v=onepage&q=TCP%20packet%20filtering%20firewall%20level%20up%20to%20which%20the%20unknown%20traffic%20is%20allowed%20into%20the%20network%20stack&f=false

NEW QUESTION 10
Which of the following policy forbids everything with strict restrictions on all usage of the company systems and network?

• A. Information-Protection Policy
• B. Paranoid Policy
• C. Promiscuous Policy
• D. Prudent Policy

Answer: B

NEW QUESTION 11
In Linux, /etc/shadow file stores the real password in encrypted format for user’s account with added properties associated with the user’s password.

In the example of a /etc/shadow file below, what does the bold letter string indicate?
Vivek: $1$fnffc$GteyHdicpGOfffXX40w#5:13064:0:99999:7

• A. Number of days the user is warned before the expiration date
• B. Minimum number of days required between password changes
• C. Maximum number of days the password is valid
• D. Last password changed

Answer: B

Explanation:
Reference: http://www.cyberciti.biz/faq/understanding-etcshadow-file/ (bullet # 4)

NEW QUESTION 12
Which of the following are the default ports used by NetBIOS service?

• A. 135, 136, 139, 445
• B. 134, 135, 136, 137
• C. 137, 138, 139, 140
• D. 133, 134, 139, 142

Answer: A

NEW QUESTION 13
Which of the following acts is a proprietary information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards and applies to all entities involved in payment card processing?

• A. PIPEDA
• B. PCI DSS
• C. Human Rights Act 1998
• D. Data Protection Act 1998

Answer: B

Explanation:
Reference: http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard

NEW QUESTION 14
A wireless intrusion detection system (WIDS) monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools. The system monitors the radio spectrum used by wireless LANs, and immediately alerts a systems administrator whenever a rogue access point is detected.
Conventionally it is achieved by comparing the MAC address of the participating wireless devices.
Which of the following attacks can be detected with the help of wireless intrusion detection system (WIDS)?

• A. Social engineering
• B. SQL injection
• C. Parameter tampering
• D. Man-in-the-middle attack

Answer: D

Explanation:
Reference: http://www.infosecwriters.com/text_resources/pdf/Wireless_IDS_JDixon.pdf (page 5)

NEW QUESTION 15
In which of the following IDS evasion techniques does IDS reject the packets that an end system accepts?

• A. IPS evasion technique
• B. IDS evasion technique
• C. UDP evasion technique
• D. TTL evasion technique

Answer: D

Explanation:
Reference: http://is.muni.cz/th/172999/fi_m/MT_Bukac.pdf (page 24)

NEW QUESTION 16
Identify the data security measure which defines a principle or state that ensures that an action or transaction cannot be denied.

• A. Availability
• B. Integrity
• C. Authorization
• D. Non-Repudiation

Answer: D

Explanation:
Reference: http://en.wikipedia.org/wiki/Information_security (non-repudiation)

NEW QUESTION 17
A Blind SQL injection is a type of SQL Injection attack that asks the database true or false questions and determines the answer based on the application response. This attack is often used when the web application is configured to show generic error messages, but has not mitigated the code that is vulnerable to SQL injection.

It is performed when an error message is not received from application while trying to exploit SQL vulnerabilities. The developer's specific message is displayed instead of an error message. So it is quite difficult to find SQL vulnerability in such cases.
A pen tester is trying to extract the database name by using a blind SQL injection. He tests the database using the below query and finally finds the database name.
http://juggyboy.com/page.aspx?id=1; IF (LEN(DB_NAME())=4) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((DB_NAME()),1,1)))=97) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((DB_NAME()),2,1)))=98) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((DB_NAME()),3,1)))=99) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((DB_NAME()),4,1)))=100) WAITFOR DELAY '00:00:10'--
What is the database name?

• A. WXYZ
• B. PQRS
• C. EFGH
• D. ABCD

Answer: D

Explanation:
Reference: http://www.scribd.com/doc/184891028/CEHv8-Module-14-SQL-Injection-pdf (see module 14, page 2049 to 2051)

NEW QUESTION 18
Amazon Consulting Corporation provides penetration testing and managed security services to companies. Legality and regulatory compliance is one of the important components in conducting a successful security audit.
Before starting a test, one of the agreements both the parties need to sign relates to limitations, constraints, liabilities, code of conduct, and indemnification considerations between the parties.

Which agreement requires a signature from both the parties (the penetration tester and the company)?

• A. Non-disclosure agreement
• B. Client fees agreement
• C. Rules of engagement agreement
• D. Confidentiality agreement

Answer: C

NEW QUESTION 19
Wireless communication allows networks to extend to places that might otherwise go untouched by the wired networks. When most people say ‘Wireless’ these days, they are referring to one of the 802.11 standards. There are three main 802.11 standards: B, A, and

• A. Which one of the following 802.11 types uses DSSS Modulation, splitting the 2.4ghz band into channels?
• B. 802.11b
• C. 802.11g
• D. 802.11-Legacy
• E. 802.11n

Answer: A

NEW QUESTION 20
Which of the following reports provides a summary of the complete pen testing process, its outcomes, and recommendations?

• A. Vulnerability Report
• B. Executive Report
• C. Client-side test Report
• D. Host Report

Answer: B

NEW QUESTION 21
What are the scanning techniques that are used to bypass firewall rules and logging mechanisms and disguise themselves as usual network traffic?

• A. Connect Scanning Techniques
• B. SYN Scanning Techniques
• C. Stealth Scanning Techniques
• D. Port Scanning Techniques

Answer: C

Explanation:
Reference: http://wwww.pc-freak.net/tutorials/hacking_info/arkin%20network%20scanning%20techniques.pdf (page 7

NEW QUESTION 22
The IP protocol was designed for use on a wide variety of transmission links. Although the maximum length of an IP datagram is 64K, most transmission links enforce a smaller maximum packet length limit, called a MTU.
The value of the MTU depends on the type of the transmission link. The design of IP accommodates MTU differences by allowing routers to fragment IP datagrams as necessary. The receiving station is responsible for reassembling the fragments back into the original full size IP datagram.
IP fragmentation involves breaking a datagram into a number of pieces that can be reassembled later. The IP source, destination, identification, total length, and fragment offset fields in the IP header, are used for IP fragmentation and reassembly.

The fragment offset is 13 bits and indicates where a fragment belongs in the original IP datagram. This value is a:

• A. Multiple of four bytes
• B. Multiple of two bytes
• C. Multiple of eight bytes
• D. Multiple of six bytes

Answer: C

Explanation:
Reference: http://www.freesoft.org/CIE/Course/Section3/7.htm (fragment offset: 13 bits)

NEW QUESTION 23
Which of the following attributes has a LM and NTLMv1 value as 64bit + 64bit + 64bit and NTLMv2 value as 128 bits?

• A. Hash Key Length
• B. C/R Value Length
• C. C/R Key Length
• D. Hash Value Length

Answer: B

Explanation:
Reference: http://books.google.com.pk/books?id=QWQRSTnkFsQC&pg=SA4-PA5&lpg=SA4-PA5&dq=attributes+has+a+LM+and+NTLMv1+value+as+64bit+%2B+64bit+%2B+64bit+and+NTLMv2+value+as+128+bits&source=bl&ots=wJPR32BaF6&sig=YEt9LNfQAbm2M-c6obVggKCkQ2s&hl=en&sa=X&ei=scMfVMfdC8u7ygP4xYGQDg&ved=0CCkQ6AEwAg#v=onepage&q=attributes%20has%20a%20LM%20and%20NTLMv1%20value%20as%2064bit%20%2B%2064bit%20%2B%2064bit%20and%20NTLMv2%20value%20as%20128%20bits&f=false (see Table 4-1)

NEW QUESTION 24
Which one of the following tools of trade is a commercial shellcode and payload generator written in Python by Dave Aitel?

• A. Microsoft Baseline Security Analyzer (MBSA)
• B. CORE Impact
• C. Canvas
• D. Network Security Analysis Tool (NSAT)

Answer: C

NEW QUESTION 25
Which one of the following is a supporting tool for 802.11 (wireless) packet injections, it spoofs 802.11 packets to verify whether the access point is valid or not?

• A. Airsnort
• B. Aircrack
• C. Airpwn
• D. WEPCrack

Answer: C

NEW QUESTION 26
Which type of vulnerability assessment tool provides security to the IT system by testing for vulnerabilities in the applications and operation system?

• A. Active/Passive Tools
• B. Application-layer Vulnerability Assessment Tools
• C. Location/Data Examined Tools
• D. Scope Assessment Tools

Answer: D

Explanation:
Reference: http://books.google.com.pk/books?id=7dwEAAAAQBAJ&pg=SA7- PA11&lpg=SA7- PA11&dq=vulnerability+assessment+tool+provides+security+to+the+IT+system+by+testing
+for+vulnerabilities+in+the+applications+and+operation+system&source=bl&ots=SQCLHR nnjI&sig=HpenOheCU4GBOnkA4EurHCMfND4&hl=en&sa=X&ei=DqYfVJCLHMTnyQODn 4C4Cw&ved=0CDQQ6AEwAw#v=onepage&q=vulnerability%20assessment%20tool%20pr ovides%20security%20to%20the%20IT%20system%20by%20testing%20for%20vulnerabili ties%20in%20the%20applications%20and%20operation%20system&f=false

NEW QUESTION 27
SQL injection attacks are becoming significantly more popular amongst hackers and there has been an estimated 69 percent increase of this attack type.
This exploit is used to great effect by the hacking community since it is the primary way to steal sensitive data from web applications. It takes advantage of non-validated input vulnerabilities to pass SQL commands through a web application for execution by a back- end database.
The below diagram shows how attackers launched SQL injection attacks on web applications.

Which of the following can the attacker use to launch an SQL injection attack?

• A. Blah' “2=2 –“
• B. Blah' and 2=2 --
• C. Blah' and 1=1 --
• D. Blah' or 1=1 --

Answer: D

NEW QUESTION 28
An antenna is a device that is designed to transmit and receive the electromagnetic waves that are generally called radio waves. Which one of the following types of antenna is
developed from waveguide technology?

• A. Leaky Wave Antennas
• B. Aperture Antennas
• C. Reflector Antenna
• D. Directional Antenna

Answer: B

NEW QUESTION 29
......