412-79V10 Exam Questions

Black-box testing is a method of software testing that examines the functionality of an application (e.g., what the software does) without peering into its internal structures or w...

Which vulnerability assessment phase describes the scope of the assessment, identifies and ranks the critical assets, and creates proper information protection procedures, such as...

Which of the following acts is a proprietary information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM,...

To locate the firewall, SYN packet is crafted using Hping or any other packet crafter and sent to the firewall. If ICMP unreachable type 13 message (which is an administrative-proh...

Vulnerability assessment is an examination of the ability of a system or application, including the current security procedures and controls, to withstand assault. What does a vuln...

Which of the following policies states that the relevant application owner must authorize for additional access to specific business applications in writing to the IT Department Ad...

In Linux, /etc/shadow file stores the real password in encrypted format for user's account with added properties associated with the user's password. In the example of a /etc/shado...

Which of the following is not the SQL injection attack character?

Which of the following documents helps in creating a confidential relationship between the pen tester and client to protect critical and confidential information or trade secrets?

Which of the following external pen testing tests reveals information on price, usernames and passwords, sessions, URL characters, special instructors, encryption used, and web pag...

This phase of the penetration testing plan is to develop the scope of the project in consultation with the client. Pen testing test components depend on the user's business require...

Identify the port numbers used by POP3 and POP3S protocols.

Amazon, an IT based company, conducts a survey on the usage of the Internet. They found that company employees spend most of the time at work surfing the web for non-personal use f...

In which of the following firewalls are the incoming or outgoing packets blocked from accessing services for which there is no proxy?

How many possible sequence number combinations are there in TCP/IP protocol?

Logs are generated of the system and network activities. Syslog protocol is used for delivering log information across an IP network. Syslog messages can be sent via which one of t...

Variables are used to define parameters for detection, specifically those of your local network and/or specific servers or ports for inclusion or exclusion in rules. These variable...

What does ICMP Type 3/Code 13 mean?

Which network tool in an open source platform for vulnerability research, development, and penetration testing. Which one of the following metasploit options is used to exploit mul...

Wireless communication allows networks to extend to places that might otherwise go untouched by the wired networks. When most people say 'Wireless' these days, they are referring t...

An open source network-based intrusion detection sensor, is the most widely installed NIDS in the world. It can be configured to run in the four modes. Which one of the following m...

Which one of the following tools of trade is a commercial shellcode and payload generator written in Python by Dave Aitel?

Simon is a former employee of Trinitron XML Inc. He feels he was wrongly terminated and wants to hack into his former company's network. Since Simon knows about the company's DNS s...

What operating system would respond to the following command? C:> nmap -v W 10.10.145.65

Which one of the following 802.11 types has WLAN as a network support?

Identify the injection attack represented in the diagram below.

One of the steps in information gathering is to run searches on a company using complex keywords in Google. Which search keywords would you use in the Google search engine to find...

The framework primarily designed to fulfill a methodical and organized way of addressing five threat classes to network and that can be used to access, plan, manage, and evaluate y...

Identify the type of firewall represented in the diagram below.

You are a compromised a lower-level administrator account on an Active Directory network of a small company in Dallas, Texas. You discover Domain Controllers through nbtstat.exe an...

In the TCP/IP model, the transport layer is responsible for reliability and flow control from source to the destination. TCP provides the mechanism for flow control by using three-...

You have carried out the last round of testing for your new website before it goes live. The website has many dynamic pages and connects to a SQL backend that authenticates and ret...

Which of the following policy forbids everything with strict restrictions on all usage of the company systems and network?

Wireshark is a network analyzer. It reads packets from the network, decodes them, and presents them in an easy-to-understand format. Which one of the following is the command-line...

The following is a framework of open standards developed by the Internet Engineering Task Force (IETF) that provides secure transmission of the sensitive data over an unprotected m...

Each Snort function begins by associating a set of handlers for the signals. Snort receives. It does this using the signal () function. Which one of the following functions is used...

Terri works for a security consulting firm that is currently performing a penetration test on First National Bank in Tokyo. Terri's duties include bypassing firewalls and intrusion...

A firewall's decision to forward or reject traffic in network filtering is dependent upon which of the following?

The objective of this act was to protect consumers personal financial information held by financial institutions and their service providers.

Which of the following are the default ports used by NetBIOS service?

Kimberly is studying to be an IT security analyst at a vocational school in her town. The school offers many different programming as well as networking disciplines. What networkin...

Computer Forensics Systems just recently had a number of laptops stolen out of their office. On these laptops contained sensitive corporate information regarding patents and compan...

Which of the following types of penetration testing is performed with no prior knowledge of the site?

A penetration tester can suggest you setup a false survey website that will require users to create a username and a strong password. You send the link to all the employees of the...

Which of the following equipment could a pen-tester use to perform shoulder surfing?

What is the following command trying to accomplish? C:\> nmap -sU -p445 192.168.0.0/24

You suggest a DMZ (DMZ) is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network. Usage of a protocol wit...

Which of the following is the objective of Gramm-Leach-Bliley Act?

During the CEH security seminar, you make a list of changes you would like to perform to your network to increase its security. One of the first things you change is to switch the...

You, a penetration testing manager in a pen testing firm, needs to prepare a pen testing pricing report for a client. Which of the following factors does he need to consider while...