EC-COUNCIL.412-79V8.v2018-03-16.

q189

Exam Code: 412-79v8

Exam Name: EC-Council Certified Security Analyst (ECSA)
Certification Provider: EC-COUNCIL
Free Question Number: 189
Version: v2018-03-16
# of views: 1734
# of Questions views: 90056
https://www.freecram.net/torrent/EC-COUNCIL.412-79V8.v2018-03-16.q189.html

NEW QUESTION: 1
A security policy is a document or set of documents that describes, at a high level, the security controls
that will be implemented by the company. Which one of the following policies forbids everything and
restricts usage of company computers, whether it is system usage or network usage?
A. Promiscuous Policy
B. Paranoid Policy
C. Prudent Policy
D. Information-Protection Policy
Answer: (SHOW ANSWER)

NEW QUESTION: 2
The framework primarily designed to fulfill a methodical and organized way of addressing five threat
classes to network and that can be used to access, plan, manage, and maintain secure computers and
communication networks is:
A. Bell Labs Network Security Framework
B. Nortells Unified Security Framework
C. Microsoft Internet Security Framework
D. The IBM Security Framework
Answer: (SHOW ANSWER)

NEW QUESTION: 3
Which one of the following Snort logger mode commands is associated to run a binary log file through
Snort in sniffer mode to dump the packets to the screen?
A. ./snort -dv -r packet.log
B. ./snort -dev -l ./log
C. ./snort -l ./log -b
D. ./snort -dvr packet.log icmp
Answer: (SHOW ANSWER)

NEW QUESTION: 4
Which of the following protocol's traffic is captured by using the filter tcp.port==3389 in the Wireshark
tool?
A. Reverse Gossip Transport Protocol (RGTP)
B. Real-time Transport Protocol (RTP)
C. Remote Desktop Protocol (RDP)
D. Session Initiation Protocol (SIP)
Answer: (SHOW ANSWER)
Explanation/Reference:
Reference: http://wiki.wireshark.org/RDP

NEW QUESTION: 5
Which of the following is NOT generally included in a quote for penetration testing services?
A. Type of testing carried out
B. Type of testers involved
C. Expected timescale required to finish the project
D. Budget required
Answer: (SHOW ANSWER)

NEW QUESTION: 6
What is the difference between penetration testing and vulnerability testing?

A. Penetration testing is conducted purely for meeting compliance standards while vulnerability testing is
focused on online scans
B. Vulnerability testing is more expensive than penetration testing
C. Penetration testing goes one step further than vulnerability testing; while vulnerability tests check for
known vulnerabilities, penetration testing adopts the concept of 'in-depth ethical hacking'
D. Penetration testing is based on purely online vulnerability analysis while vulnerability testing engages
ethical hackers to find vulnerabilities
Answer: C (LEAVE A REPLY)

NEW QUESTION: 7
When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type
of IDS is being used?
A. Active IDS
B. NIPS
C. Progressive IDS
D. Passive IDS
Answer: (SHOW ANSWER)

NEW QUESTION: 8
SQL injection attacks are becoming significantly more popular amongst hackers and there has been an
estimated 69 percent increase of this attack type.
This exploit is used to great effect by the hacking community since it is the primary way to steal sensitive
data from web applications. It takes advantage of non-validated input vulnerabilities to pass SQL
commands through a web application for execution by a back-end database.
The below diagram shows how attackers launched SQL injection attacks on web applications.

Which of the following can the attacker use to launch an SQL injection attack?
A. Blah' "2=2 -"
B. Blah' and 2=2 --
C. Blah' or 1=1 --
D. Blah' and 1=1 --
Answer: (SHOW ANSWER)

NEW QUESTION: 9
A directory traversal (or path traversal) consists in exploiting insufficient security validation/sanitization of
user-supplied input file names, so that characters representing "traverse to parent directory" are passed
through to the file APIs.
The goal of this attack is to order an application to access a computer file that is not intended to be
accessible. This attack exploits a lack of security (the software is acting exactly as it is supposed to) as
opposed to exploiting a bug in the code.
To perform a directory traversal attack, which sequence does a pen tester need to follow to manipulate
variables of reference files?
A. dot-dot-slash (../) sequence
B. Denial-of-Service sequence
C. Brute force sequence
D. SQL Injection sequence
Answer: (SHOW ANSWER)
Explanation/Reference:
Reference: https://www.cs.ucsb.edu/~vigna/publications/2010_doupe_cova_vigna_dimva10.pdf (pae 7,
directory traversal)

NEW QUESTION: 10

A. Promiscuous Policy
B. Information-Protection Policy
C. Prudent Policy
D. Paranoid Policy
Answer: (SHOW ANSWER)

NEW QUESTION: 11
Network scanning is used to identify the available network resources. Which one of the following is also
known as a half-open scan, because a full TCP connection is never completed and it is used to
determine which ports are open and listening on a target device?
A. XMAS Scan
B. Null Scan
C. SYN Scan
D. TCP Connect Scan
Answer: (SHOW ANSWER)

NEW QUESTION: 12
Output modules allow Snort to be much more flexible in the formatting and presentation of output to its
users. Snort has 9 output plug-ins that push out data in different formats. Which one of the following
output plug-ins allows alert data to be written in a format easily importable to a database?
A. csv
B. unified
C. alert_unixsock
D. alert_fast
Answer: (SHOW ANSWER)

NEW QUESTION: 13
Which of the following has an offset field that specifies the length of the header and data?
A. TCP Header
B. ICMP Header
C. IP Header
D. UDP Header
Answer: A (LEAVE A REPLY)

NEW QUESTION: 14
What are placeholders (or markers) in an HTML document that the web server will dynamically replace
with data just before sending the requested documents to a browser?
A. Server Sort Includes
B. Sort Server Includes
C. Slide Server Includes
D. Server Side Includes
Answer: (SHOW ANSWER)

NEW QUESTION: 15
Which one of the following 802.11 types uses either FHSS or DSSS for modulation?
A. 802.11-Legacy
B. 802.11b
C. 802.11n
D. 802.11a
Answer: (SHOW ANSWER)

NEW QUESTION: 16
Which of the following is an ARP cache poisoning technique aimed at network switches?
A. Replay Attack
B. Mac Flooding
C. Man-in-the Middle Attack
D. DNS Poisoning
Answer: (SHOW ANSWER)
Explanation/Reference:
Reference: http://www.watchguard.com/infocenter/editorial/135324.asp (see mac flooding)
 Valid 412-79v8 Dumps shared by ExamDiscuss.com for Helping Passing 412-79v8 Exam!
ExamDiscuss.com now offer the newest 412-79v8 exam dumps, the ExamDiscuss.com 412-79v8
exam questions have been updated and answers have been corrected get the newest
ExamDiscuss.com 412-79v8 dumps with Test Engine here: https://www.examdiscuss.com/EC-
COUNCIL/exam/412-79v8/premium/ (196 Q&As Dumps, 35%OFF Special Discount Code:
freecram)

NEW QUESTION: 17
In Linux, /etc/shadow file stores the real password in encrypted format for user's account with added
properties associated with the user's password.
In the example of a /etc/shadow file below, what does the bold letter string indicate?
Vivek: $1$fnffc$GteyHdicpGOfffXX40w#5:13064:0:99999:7
A. Number of days the user is warned before the expiration date
B. Minimum number of days required between password changes
C. Maximum number of days the password is valid
D. Last password changed
Answer: B (LEAVE A REPLY)
Explanation/Reference:
Reference: http://www.cyberciti.biz/faq/understanding-etcshadow-file/ (bullet # 4)

NEW QUESTION: 18
A wireless intrusion detection system (WIDS) monitors the radio spectrum for the presence of
unauthorized, rogue access points and the use of wireless attack tools. The system monitors the radio
spectrum used by wireless LANs, and immediately alerts a systems administrator whenever a rogue
access point is detected.
Conventionally it is achieved by comparing the MAC address of the participating wireless devices.
Which of the following attacks can be detected with the help of wireless intrusion detection system
(WIDS)?

A. Social engineering
B. SQL injection
C. Parameter tampering
D. Man-in-the-middle attack
Answer: (SHOW ANSWER)
Explanation/Reference:
Reference: http://www.infosecwriters.com/text_resources/pdf/Wireless_IDS_JDixon.pdf (page 5)

NEW QUESTION: 19
One of the steps in information gathering is to run searches on a company using complex keywords in
Google.

Which search keywords would you use in the Google search engine to find all the PowerPoint
presentations containing information about a target company, ROCHESTON?
A. ROCHESTON fileformat:+ppt
B. ROCHESTON ppt:filestring
C. ROCHESTON filetype:ppt
D. ROCHESTON +ppt:filesearch
Answer: (SHOW ANSWER)
Explanation/Reference:
Reference: http://blog.hubspot.com/blog/tabid/6307/bid/1264/12-Quick-Tips-To-Search-Google-Like-An-
Expert.aspx (specific document types)

NEW QUESTION: 20
What is a goal of the penetration testing report?
A. The penetration testing report allows you to sleep better at night thinking your organization is
protected
B. The pen testing report helps executive management to make decisions on implementing security
controls in the organization and helps the security team implement security controls and patch any flaws
discovered during testing.
C. The penetration testing report helps you comply with local laws and regulations related to
environmental conditions in the organization.
D. The penetration testing report allows you to increase sales performance by effectively communicating
with the internal security team.
Answer: (SHOW ANSWER)

NEW QUESTION: 21
Which of the following password cracking techniques is used when the attacker has some information
about the password?
A. Hybrid Attack
B. Dictionary Attack
C. Syllable Attack
D. Rule-based Attack
Answer: (SHOW ANSWER)
Explanation/Reference:
Reference: http://202.154.59.182/mfile/files/Information%20System/Computer%20Forensics%3B
%20Hard
%20Disk%20and%20Operating%20Systems/CHAPTER%207%20Application%20Password%
20Crackers.pdf (page 4, rule-based attack)

NEW QUESTION: 22
Which of the following is the range for assigned ports managed by the Internet Assigned Numbers
Authority (IANA)?
A. 3001-3100
B. 5000-5099
C. 6666-6674
D. 0 - 1023
Answer: (SHOW ANSWER)
Explanation/Reference:
Reference: https://www.ietf.org/rfc/rfc1700.txt (well known port numbers, 4th para)

NEW QUESTION: 23
SQL injection attack consists of insertion or "injection" of either a partial or complete SQL query via the
data input or transmitted from the client (browser) to the web application.
A successful SQL injection attack can:
i)Read sensitive data from the database
ii)Modify database data (insert/update/delete)
iii)Execute administration operations on the database (such as shutdown the DBMS) iV)Recover the
content of a given file existing on the DBMS file system or write files into the file system v)Issue
commands to the operating system

Pen tester needs to perform various tests to detect SQL injection vulnerability. He has to make a list of all
input fields whose values could be used in crafting a SQL query, including the hidden fields of POST
requests and then test them separately, trying to interfere with the query and to generate an error.
In which of the following tests is the source code of the application tested in a non-runtime environment
to detect the SQL injection vulnerabilities?
A. Automated Testing
B. Function Testing
C. Dynamic Testing
D. Static Testing
Answer: (SHOW ANSWER)
Explanation/Reference:
Reference: http://ijritcc.org/IJRITCC%20Vol_2%20Issue_5/Removal%20of%20Data%20Vulnerabilities%
20Using%20SQL.pdf

NEW QUESTION: 24
Identify the attack represented in the diagram below:
A. Input Validation
B. Session Hijacking
C. SQL Injection
D. Denial-of-Service
Answer: (SHOW ANSWER)
Explanation/Reference:
Reference: http://en.wikipedia.org/wiki/Session_hijacking

NEW QUESTION: 25
Port numbers are used to keep track of different conversations crossing the network at the same time.
Both TCP and UDP use port (socket) numbers to pass information to the upper layers. Port numbers
have the assigned ranges. The port numbers above 1024 are considered as which one of the following?
(Select all that apply)
A. Dynamically assigned port numbers
B. Unregistered port numbers
C. Statically assigned port numbers
D. Well-known port numbers
Answer: (SHOW ANSWER)

NEW QUESTION: 26
Which of the following pen testing reports provides detailed information about all the tasks performed
during penetration testing?
A. Client-Side Test Report
B. Activity Report
C. Host Report
D. Vulnerability Report
Answer: A (LEAVE A REPLY)
Explanation/Reference:
NEW QUESTION: 27
Which of the following documents helps in creating a confidential relationship between the pen tester and
client to protect critical and confidential information or trade secrets?
A. Liability Insurance
B. Non-Disclosure Agreement
C. Penetration Testing Agreement
D. Rules of Behavior Agreement
Answer: (SHOW ANSWER)

NEW QUESTION: 28
What are the scanning techniques that are used to bypass firewall rules and logging mechanisms and
disguise themselves as usual network traffic?
A. Connect Scanning Techniques
B. SYN Scanning Techniques
C. Stealth Scanning Techniques
D. Port Scanning Techniques
Answer: (SHOW ANSWER)
Explanation/Reference:
Reference: http://wwww.pc-freak.net/tutorials/hacking_info/arkin%20network%20scanning%
20techniques.pdf (page 7

NEW QUESTION: 29
Which of the following is not a characteristic of a firewall?
A. Filters only inbound traffic but not outbound traffic
B. Examines all traffic routed between the two networks to see if it meets certain criteria
C. Routes packets between the networks
D. Manages public access to private networked resources
Answer: (SHOW ANSWER)

NEW QUESTION: 30
In a TCP packet filtering firewall, traffic is filtered based on specified session rules, such as when a
session is initiated by a recognized computer.
Identify the level up to which the unknown traffic is allowed into the network stack.
A. Level 5 - Application
B. Level 2 - Data Link
C. Level 4 - TCP
D. Level 3 - Internet Protocol (IP)
Answer: (SHOW ANSWER)
Explanation/Reference:
Reference: http://books.google.com.pk/books?id=KPjLAyA7HgoC&pg=PA208&lpg=PA208&dq=TCP
+packet+filtering+firewall+level+up+to+which+the+unknown+traffic+is+allowed+into+the+network
+stack&source=bl&ots=zRrbchVYng&sig=q5G3T8lggTfAMNRkL7Kp0SRslHU&hl=en&sa=X&ei=5PUeVLS
bC8TmaMzrgZgC&ved=0CBsQ6AEwAA#v=onepage&q=TCP%20packet%20filtering%20firewall
%20level
% 20up%20to%20which%20the%20unknown%20traffic%20is%20allowed%20into%20the%20network%
20stack&f=false

NEW QUESTION: 31
John, the penetration tester in a pen test firm, was asked to find whether NTP services are opened on the
target network (10.0.0.7) using Nmap tool.
Which one of the following Nmap commands will he use to find it?
A. nmap -sU -p 135 10.0.0.7
B. nmap -sU -p 389 10.0.0.7
C. nmap -sU -p 123 10.0.0.7
D. nmap -sU -p 161 10.0.0.7
Answer: (SHOW ANSWER)

Valid 412-79v8 Dumps shared by ExamDiscuss.com for Helping Passing 412-79v8 Exam!
ExamDiscuss.com now offer the newest 412-79v8 exam dumps, the ExamDiscuss.com 412-79v8
exam questions have been updated and answers have been corrected get the newest
ExamDiscuss.com 412-79v8 dumps with Test Engine here: https://www.examdiscuss.com/EC-
COUNCIL/exam/412-79v8/premium/ (196 Q&As Dumps, 35%OFF Special Discount Code:
freecram)

NEW QUESTION: 32
Transmission control protocol accepts data from a data stream, divides it into chunks, and adds a TCP
header creating a TCP segment.
The TCP header is the first 24 bytes of a TCP segment that contains the parameters and state of an end-
to-end TCP socket. It is used to track the state of communication between two TCP endpoints.
For a connection to be established or initialized, the two hosts must synchronize. The synchronization
requires each side to send its own initial sequence number and to receive a confirmation of exchange in
an acknowledgment (ACK) from the other side
The below diagram shows the TCP Header format:

How many bits is a acknowledgement number?

A. 16 bits
B. 32 bits
C. 8 bits
D. 24 bits
Answer: (SHOW ANSWER)
Explanation/Reference:
Reference: http://en.wikipedia.org/wiki/Transmission_Control_Protocol (acknowledgement number)

NEW QUESTION: 33
John, a penetration tester from a pen test firm, was asked to collect information about the host file in a
Windows system directory. Which of the following is the location of the host file in Window system
directory?
A. C:\Windows\System32\Boot
B. C:\WINNT\system32\drivers\etc
C. C:\WINDOWS\system32\cmd.exe
D. C:\Windows\System32\restore
Answer: (SHOW ANSWER)
Explanation/Reference:
Reference: http://en.wikipedia.org/wiki/Hosts_(file) (location in the file system, see the table)

NEW QUESTION: 34
Traceroute is a computer network diagnostic tool for displaying the route (path) and measuring transit
delays of packets across an Internet Protocol (IP) network. It sends a sequence of three Internet Control
Message Protocol (ICMP) echo request packets addressed to a destination host.
The time-to-live (TTL) value, also known as hop limit, is used in determining the intermediate routers
being traversed towards the destination.

During routing, each router reduces packets' TTL value by

A. 3
B. 1
C. 4
D. 2
Answer: (SHOW ANSWER)
Explanation/Reference:
Reference: http://www.packetu.com/2009/10/09/traceroute-through-the-asa/

NEW QUESTION: 35
In the process of hacking a web application, attackers manipulate the HTTP requests to subvert the
application authorization schemes by modifying input fields that relate to the user ID, username, access
group, cost, file names, file identifiers, etc. They first access the web application using a low privileged
account and then escalate privileges to access protected resources. What attack has been carried out?
A. XPath Injection Attack
B. Authorization Attack
C. Authentication Attack
D. Frame Injection Attack
Answer: (SHOW ANSWER)
Explanation/Reference:
Reference: http://luizfirmino.blogspot.com/2011_09_01_archive.html (see authorization attack)

NEW QUESTION: 36
Amazon Consulting Corporation provides penetration testing and managed security services to
companies. Legality and regulatory compliance is one of the important components in conducting a
successful security audit.
Before starting a test, one of the agreements both the parties need to sign relates to limitations,
constraints, liabilities, code of conduct, and indemnification considerations between the parties.

Which agreement requires a signature from both the parties (the penetration tester and the company)?
A. Non-disclosure agreement
B. Confidentiality agreement
C. Client fees agreement
D. Rules of engagement agreement
Answer: (SHOW ANSWER)

NEW QUESTION: 37
A framework is a fundamental structure used to support and resolve complex issues. The framework that
delivers an efficient set of technologies in order to develop applications which are more secure in using
Internet and Intranet is:
A. Microsoft Internet Security Framework
B. Information System Security Assessment Framework (ISSAF)
C. The IBM Security Framework
D. Bell Labs Network Security Framework
Answer: (SHOW ANSWER)
NEW QUESTION: 38
Identify the port numbers used by POP3 and POP3S protocols.
A. 113 and 981
B. 111 and 982
C. 110 and 995
D. 109 and 973
Answer: (SHOW ANSWER)
Explanation/Reference:
Reference: https://publib.boulder.ibm.com/infocenter/wsmashin/v1r1/index.jsp?topic=/
com.ibm.websphere.sMash.doc/using/zero.mail/MailStoreConfiguration.html

NEW QUESTION: 39
Which one of the following log analysis tools is used for analyzing the server's log files?
A. Network Sniffer Interface Test tool
B. Performance Analysis of Logs tool
C. Ka Log Analyzer tool
D. Event Log Tracker tool
Answer: C (LEAVE A REPLY)

NEW QUESTION: 40
The term social engineering is used to describe the various tricks used to fool people (employees,
business partners, or customers) into voluntarily giving away information that would not normally be
known to the general public.

What is the criminal practice of social engineering where an attacker uses the telephone system in an
attempt to scam the user into surrendering private information?
A. Phishing
B. Spoofing
C. Tapping
D. Vishing
Answer: (SHOW ANSWER)
NEW QUESTION: 41
In which of the following firewalls are the incoming or outgoing packets blocked from accessing services
for which there is no proxy?
A. Circuit level firewalls
B. Packet filters firewalls
C. Stateful multilayer inspection firewalls
D. Application level firewalls
Answer: D (LEAVE A REPLY)
Explanation/Reference:
Reference: http://www.vicomsoft.com/learning-center/firewalls/

NEW QUESTION: 42
Windows stores user passwords in the Security Accounts Manager database (SAM), or in the Active
Directory database in domains. Passwords are never stored in clear text; passwords are hashed and the
results are stored in the SAM.
NTLM and LM authentication protocols are used to securely store a user's password in the SAM
database using different hashing methods.

The SAM file in Windows Server 2008 is located in which of the following locations?
A. c:\windows\system32\drivers\SAM
B. c:\windows\system32\config\SAM
C. c:\windows\system32\Setup\SAM
D. c:\windows\system32\Boot\SAM
Answer: (SHOW ANSWER)

NEW QUESTION: 43
TCP/IP model is a framework for the Internet Protocol suite of computer network protocols that defines
the communication in an IP-based network. It provides end-to-end connectivity specifying how data
should be formatted, addressed, transmitted, routed and received at the destination. This functionality
has been organized into four abstraction layers which are used to sort all related protocols according to
the scope of networking involved.
Which of the following TCP/IP layers selects the best path through the network for packets to travel?
A. Application layer
B. Transport layer
C. Internet layer
D. Network Access layer
Answer: (SHOW ANSWER)

NEW QUESTION: 44
Identify the policy that defines the standards for the organizational network connectivity and security
standards for computers that are connected in the organizational network.
A. Acceptable-Use Policy
B. Special-Access Policy
C. Information-Protection Policy
D. Remote-Access Policy
Answer: (SHOW ANSWER)

NEW QUESTION: 45
Which one of the following is a useful formatting token that takes an int * as an argument, and writes the
number of bytes already written, to that location?
A. "%n"
B. "%s"
C. "%p"
D. "%w"
Answer: (SHOW ANSWER)
Explanation/Reference:

NEW QUESTION: 46
A penetration test consists of three phases: pre-attack phase, attack phase, and post-attack phase.
Active reconnaissance which includes activities such as network mapping, web profiling, and perimeter
mapping is a part which phase(s)?
A. Post-attack phase
B. Pre-attack phase and attack phase
C. Attack phase
D. Pre-attack phase
Answer: (SHOW ANSWER)
Explanation/Reference:
Reference: https://www.duo.uio.no/bitstream/handle/10852/34904/Shrestha-masterthesis.pdf?
sequence=1 (page 28, first para)

Valid 412-79v8 Dumps shared by ExamDiscuss.com for Helping Passing 412-79v8 Exam!
ExamDiscuss.com now offer the newest 412-79v8 exam dumps, the ExamDiscuss.com 412-79v8
exam questions have been updated and answers have been corrected get the newest
ExamDiscuss.com 412-79v8 dumps with Test Engine here: https://www.examdiscuss.com/EC-
COUNCIL/exam/412-79v8/premium/ (196 Q&As Dumps, 35%OFF Special Discount Code:
freecram)

NEW QUESTION: 47
Which one of the following tools of trade is a commercial shellcode and payload generator written in
Python by Dave Aitel?
A. Microsoft Baseline Security Analyzer (MBSA)
B. CORE Impact
C. Canvas
D. Network Security Analysis Tool (NSAT)
Answer: (SHOW ANSWER)