412-79V8 Exam Questions

Which of the following pen testing reports provides detailed information about all the tasks performed during penetration testing?

You have compromised a lower-level administrator account on an Active Directory network of a small company in Dallas, Texas. You discover Domain Controllers through enumeration. Yo...

Choose the correct option to define the Prefix Length.

Which of the following attacks is an offline attack?

Transmission control protocol accepts data from a data stream, divides it into chunks, and adds a TCP header creating a TCP segment. The TCP header is the first 24 bytes of a TCP s...

Which of the following protocol's traffic is captured by using the filter tcp.port==3389 in the Wireshark tool?

In the process of hacking a web application, attackers manipulate the HTTP requests to subvert the application authorization schemes by modifying input fields that relate to the us...

The amount of data stored in organizational databases has increased rapidly in recent years due to the rapid advancement of information technologies. A high percentage of these dat...

Which of the following scan option is able to identify the SSL services?

If a web application sends HTTP cookies as its method for transmitting session tokens, it may be vulnerable which of the following attacks?

SQL injection attack consists of insertion or "injection" of either a partial or complete SQL query via the data input or transmitted from the client (browser) to the web applicati...

Which of the following is NOT generally included in a quote for penetration testing services?

Traceroute is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network. It sends a sequen...

Which of the following attributes has a LM and NTLMv1 value as 64bit + 64bit + 64bit and NTLMv2 value as 128 bits?

Which of the following password hashing algorithms is used in the NTLMv2 authentication mechanism?

Identify the attack represented in the diagram below:

Which of the following is developed to address security concerns on time and reduce the misuse or threat of attacks in an organization?

Which of the following equipment could a pen tester use to perform shoulder surfing?

The term social engineering is used to describe the various tricks used to fool people (employees, business partners, or customers) into voluntarily giving away information that wo...

Which of the following acts is a proprietary information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM,...

Which among the following information is not furnished by the Rules of Engagement (ROE) document?

Identify the type of authentication mechanism represented below:

John, a penetration tester from a pen test firm, was asked to collect information about the host file in a Windows system directory. Which of the following is the location of the h...

Packet filtering firewalls are usually a part of a router. In a packet filtering firewall, each packet is compared to a set of criteria before it is forwarded. Depending on the pac...

By default, the TFTP server listens on UDP port 69. Which of the following utility reports the port status of target TCP and UDP ports on a local or a remote computer and is used t...

Vulnerability assessment is an examination of the ability of a system or application, including current security procedures and controls, to withstand assault. It recognizes, measu...

Which of the following methods is used to perform server discovery?

In the example of a /etc/passwd file below, what does the bold letter string indicate? nomad:HrLNrZ3VS3TF2:501:100: Simple Nomad:/home/nomad:/bin/bash

Which of the following policy forbids everything with strict restrictions on all usage of the company systems and network?

Port numbers are used to keep track of different conversations crossing the network at the same time. Both TCP and UDP use port (socket) numbers to pass information to the upper la...

John, the penetration tester in a pen test firm, was asked to find whether NTP services are opened on the target network (10.0.0.7) using Nmap tool. Which one of the following Nmap...

In the context of penetration testing, what does blue teaming mean?

Identify the port numbers used by POP3 and POP3S protocols.

The objective of social engineering pen testing is to test the strength of human factors in a security chain within the organization. It is often used to raise the level of securit...

SQL injection attacks are becoming significantly more popular amongst hackers and there has been an estimated 69 percent increase of this attack type. This exploit is used to great...

What threat categories should you use to prioritize vulnerabilities detected in the pen testing report?

Which of the following has an offset field that specifies the length of the header and data?

Many security and compliance projects begin with a simple idea: assess the organization's risk, vulnerabilities, and breaches. Implementing an IT security risk assessment is critic...

Which of the following defines the details of services to be provided for the client's organization and the list of services required for performing the test in the organization?

Which of the following is not a condition specified by Hamel and Prahalad (1990)?

The first and foremost step for a penetration test is information gathering. The main objective of this test is to gather information about the target system which can be used in a...

Today, most organizations would agree that their most valuable IT assets reside within applications and databases. Most would probably also agree that these are areas that have the...

James is testing the ability of his routers to withstand DoS attacks. James sends ICMP ECHO requests to the broadcast address of his network. What type of DoS attack is James testi...

In which of the following IDS evasion techniques does IDS reject the packets that an end system accepts?

Which of the following attacks does a hacker perform in order to obtain UDDI information such as businessEntity, businesService, bindingTemplate, and tModel?

DNS information records provide important data about:

The first phase of the penetration testing plan is to develop the scope of the project in consultation with the client. Pen testing test components depend on the client's operating...

Windows stores user passwords in the Security Accounts Manager database (SAM), or in the Active Directory database in domains. Passwords are never stored in clear text; passwords a...

A firewall's decision to forward or reject traffic in network filtering is dependent upon which of the following?

What are the scanning techniques that are used to bypass firewall rules and logging mechanisms and disguise themselves as usual network traffic?