412-79V8 Exam Questions

Mason is footprinting an organization to gather competitive intelligence. He visits the company's website for contact information and telephone numbers but does not find any. He kn...

Application security assessment is one of the activity that a pen tester performs in the attack phase. It is designed to identify and assess threats to the organization through bes...

Which of the following is not a characteristic of a firewall?

John, the penetration testing manager in a pen testing firm, needs to prepare a pen testing pricing report for a client. Which of the following factors does he need to consider whi...

A wireless intrusion detection system (WIDS) monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools. The system moni...

A penetration test will show you the vulnerabilities in the target system and the risks associated with it. An educated valuation of the risk will be performed so that the vulnerab...

Which of the following is not the SQL injection attack character?

Which of the following is the objective of Gramm-Leach-Bliley Act?

Which of the following contents of a pen testing project plan addresses the strengths, weaknesses, opportunities, and threats involved in the project?

In a TCP packet filtering firewall, traffic is filtered based on specified session rules, such as when a session is initiated by a recognized computer. Identify the level up to whi...

Which of the following are the default ports used by NetBIOS service?

Phishing is typically carried out by email spoofing or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to t...

What is the maximum value of a "tinyint" field in most database systems?

Which of the following policies states that the relevant application owner must authorize requests for additional access to specific business applications in writing to the IT Depa...

Black-box testing is a method of software testing that examines the functionality of an application (e.g. what the software does) without peering into its internal structures or wo...

Which of the following is NOT related to the Internal Security Assessment penetration testing strategy?

What are placeholders (or markers) in an HTML document that the web server will dynamically replace with data just before sending the requested documents to a browser?

Attackers create secret accounts and gain illegal access to resources using backdoor while bypassing the authentication procedures. Creating a backdoor is a where an attacker obtai...

Rule of Engagement (ROE) is the formal permission to conduct a pen-test. It provides top- level guidance for conducting the penetration testing. Various factors are considered whil...

Which of the following protocols cannot be used to filter VoIP traffic?

A penetration test consists of three phases: pre-attack phase, attack phase, and post- attack phase. Active reconnaissance which includes activities such as network mapping, web pr...

Identify the type of testing that is carried out without giving any information to the employees or administrative head of the organization.

Before performing the penetration testing, there will be a pre-contract discussion with different pen-testers (the team of penetration testers) to gather a quotation to perform pen...

Identify the transition mechanism to deploy IPv6 on the IPv4 network from the following diagram.

John, a penetration tester, was asked for a document that defines the project, specifies goals, objectives, deadlines, the resources required, and the approach of the project. Whic...

A WHERE clause in SQL specifies that a SQL Data Manipulation Language (DML) statement should only affect rows that meet specified criteria. The criteria are expressed in the form o...

External penetration testing is a traditional approach to penetration testing and is more focused on the servers, infrastructure and the underlying software comprising the target....

What information can be collected by dumpster diving?

In which of the following firewalls are the incoming or outgoing packets blocked from accessing services for which there is no proxy?

Which of the following policies helps secure data and protects the privacy of organizational information?

Why is a legal agreement important to have before launching a penetration test?

What are the 6 core concepts in IT security?

Which vulnerability assessment phase describes the scope of the assessment, identifies and ranks the critical assets, and creates proper information protection procedures such as e...

In Linux, /etc/shadow file stores the real password in encrypted format for user's account with added properties associated with the user's password. In the example of a /etc/shado...

What is a difference between host-based intrusion detection systems (HIDS) and network-based intrusion detection systems (NIDS)?

What is the difference between penetration testing and vulnerability testing?

Information gathering is performed to:

Which type of vulnerability assessment tool provides security to the IT system by testing for vulnerabilities in the applications and operation system?

A penetration tester performs OS fingerprinting on the target server to identify the operating system used on the target server with the help of ICMP packets. While performing ICMP...

Traffic on which port is unusual for both the TCP and UDP ports?

Which of the following statements is true about Multi-Layer Intrusion Detection Systems (mIDSs)?

Hackers today have anever-increasinglist of weaknesses in the web application structure at their disposal, which they can exploit to accomplish a wide variety of malicious tasks. N...

What sort of vulnerability assessment approach starts by building an inventory of protocols found on the machine?

During the process of fingerprinting a web application environment, what do you need to do in order to analyze HTTP and HTTPS request headers and the HTML source code?

Identify the type of firewall represented in the diagram below:

Due to illegal inputs, various types of TCP stacks respond in a different manner. Some IDSs do not take into account the TCP protocol's urgency feature, which could allow testers t...

Identify the correct formula for Return on Investment (ROI).

Identify the person who will lead thepenetration-testingproject and be the client point of contact.

A man enters a PIN number at an ATM machine, being unaware that the person next to him was watching. Which of the following social engineering techniques refers to this type of inf...

The Internet is a giant database where people store some of their most private information on the cloud, trusting that the service provider can keep it all safe. Trojans, Viruses,...