412-79V10 Exam Questions

What is kept in the following directory? HKLM\SECURITY\Policy\Secrets

An automated electronic mail message from a mail system which indicates that the user does not exist on that server is called as?

Which of the following scan option is able to identify the SSL services?

A penetration test consists of three phases: pre-attack phase, attack phase, and post-attack phase. Active reconnaissance which includes activities such as network mapping, web pro...

George, the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP programs...

HTTP protocol specifies that arbitrary binary characters can be passed within the URL by using %xx notation, where 'xx' is the

Which one of the following architectures has the drawback of internally considering the hosted services individually?

Jessica works as systems administrator for a large electronics firm. She wants to scan her network quickly to detect live hosts by using ICMP ECHO Requests. Which tool will help Je...

This type of attack consists of insertion or "injection" of either a partial or complete SQL query via the data input or transmitted from the client (browser) to the web applicatio...

Which of the following have an ever-increasing list of weaknesses in the web application structure at their disposal, which they can exploit to accomplish a wide variety of malicio...

A firewall will need to be set up on his network but is not sure which one would be the most appropriate. He knows he needs to allow FTP traffic to one of the servers on his networ...

Which of the following acts related to information security in the US establish the management of an organization is responsible for establishing and maintaining an adequate intern...

Which of the following contents of a pen testing project plan addresses the strengths, weaknesses, opportunities, and threats involved in the project?

Which of the following is not a characteristic of a firewall?

Which of the following policies helps secure data and protects the privacy of organizational information?

When can clues about the underlying application environment be collected?

Harold installs a wireless network for his business that he runs out of his home. He has followed all the directions from the ISP as well as the wireless router manual. He does not...

Which of the following statement holds true for TCP Operation?

A penetration tester, from a pen test firm, was asked to collect information about the host file in a Windows system directory. Which of the following is the location of the host f...

Which type of vulnerability assessment tool provides security to the IT system by testing for vulnerabilities in the applications and operation system?

An "idle" system is also referred to as what?

You are a security analyst for Berber Consulting Group. She is currently working on a contract for a small accounting firm in Florida. They have given her permission to perform soc...

Identify the type of authentication mechanism represented below:

You have passed your ECESA exam and are about to start your first consulting job running security audits for a financial institution in Los Angeles. The IT manager for the company...

Which one of the following 802.11 types uses either FHSS or DSSS for modulation?

One needs to run "Scan Server Configuration" tool to allow a remote connection to Nessus from the remote Nessus clients. This tool allows the port and bound interfaces to the TCP/I...

Which of the following is the range for assigned ports managed by the Internet Assigned Numbers Authority (IANA)?

Attackers create secret accounts and gain illegal access to resources using backdoor while bypassing the authentication procedures. Creating a backdoor is a common way for attacker...

Which of the following shields Internet users from artificial DNS data, such as a deceptive or mischievous address instead of the genuine address that was requested?

Transmission control protocol accepts data from a data stream, divides it into chunks, and adds a TCP header creating a TCP segment. The TCP header is the data that divides it into...

Which of the following protocols cannot be used to filter VoIP traffic?

Which one of the following acts related to the information security in the US fix the responsibility of management for establishing and maintaining an adequate internal control str...

You are performing through a series of tests on your network to check for any security vulnerabilities. After normal working hours, you initiate a DoS attack against your external...

You are trying to locate Microsoft Outlook Web Access Default Portal using Google search on the Internet. What search string will you use to locate them?

Which one of the following is a supporting tool for 802.11 (wireless) packet injections, it spoofs 802.11 packets to verify whether the access point is valid or not?

You are a senior consultant who works for corporations and government agencies. Larry plans on shutting down the city's network using BGP devices and Zombies? What type of Penetrat...

DNS information records provide important data about:

Kyle is performing the final testing of an application he developed for the accounting department. His last round of testing is to ensure that the program is as secure as possible....

Before we perform the penetration testing, there will be a pre-contract discussion with different pen- testers (the team of penetration testers) to gather a quotation and to perfor...

In Linux, what is the smallest possible shellcode?

Which one of the following is a useful formatting token that takes an int * as an argument, and writes the number of bytes already written, to that location?

Which Wireshark filter displays all the packets where the IP address of the source host is 10.0.0.7?

If we detect unmanaged networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. It examines a...

Large organizations would agree that their most valuable IT assets reside within applications and databases. Most would probably also agree that these are areas that have the weake...

An external penetration test and analysis identify security weaknesses and strengths of the client's systems and networks as they appear from outside the client's security perimete...

In a virtual test environment, Michael is testing the strength and security of BGP using multiple routers to mimic the backbone of the Internet. This project will help to improve t...

Which among the following information is not furnished by the Rules of Engagement (ROE) document?

DMA is a tool designed to give the public access to the specific internal resources and you might want to do the same thing for guests visiting organizations without compromising t...

Which of the following allows Snort to be much more flexible in the formatting and presentation of output to its users. Snort has 6 output plug-ins that push out data in different...

Windows stores user passwords in the Security Accounts Manager (SAM), or in the Active Directory database in domains. Passwords are never stored in plain text but as one-way hashes...