412-79V8 Exam Questions

Which of the following shields Internet users from artificial DNS data, such as a deceptive or mischievous address instead of the genuine address that was requested?

A firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. It examines all...

A directory traversal (or path traversal) consists in exploiting insufficient security validation/sanitization of user-supplied input file names, so that characters representing "t...

During external penetration testing, which of the following techniques uses tools like Nmap to predict the sequence numbers generated by the targeted server and use this informatio...

Which of the following acts related to information security in the US establish that the management of an organization is responsible for establishing and maintaining an adequate i...

Identify the data security measure which defines a principle or state that ensures that an action or transaction cannot be denied.

One of the steps in information gathering is to run searches on a company using complex keywords in Google. Which search keywords would you use in the Google search engine to find...

Which type of security policy applies to the below configuration? i)Provides maximum security while allowing known, but necessary, dangers ii)All services are blocked; nothing is a...

Assessing a network from a hacker's point of view to discover the exploits and vulnerabilities that are accessible to the outside world is which sort of vulnerability assessment?

Which of the following password cracking techniques is used when the attacker has some information about the password?

Which of the following is an application alert returned by a web application that helps an attacker guess a valid username?

A pen tester has extracted a database name by using a blind SQL injection. Now he begins to test the table inside the database using the below query and finds the table: sysobjects...

When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is beingused?

HTTP protocol specifies that arbitrary binary characters can be passed within the URL by using %xx notation, where 'xx' is the

An external intrusion test and analysis identify security weaknesses and strengths of the client's systems and networks as they appear from outside the client's security perimeter,...

Which of the following appendices gives detailed lists of all the technical terms used in the report?

Passwords protect computer resources and files from unauthorized access by malicious users. Using passwords is the most capable and effective way to protect information and to incr...

Rules of Engagement (ROE) document provides certain rights and restriction to the test team for performing the test and helps testers to overcome legal, federal, and policy-related...

Which of the following is a framework of open standards developed by the Internet Engineering Task Force (IETF) that provides secure transmission of the sensitive data over an unpr...

From where can clues about the underlying application environment can be collected?

Which of the following information gathering techniques collects information from an organization's web-based calendar and email services?

Which Wireshark filter displays all the packets where the IP address of the source host is 10.0.0.7?

Which of the following statements is true about the LM hash?

Which of the following statement holds true for TCP Operation?

Which of the following will not handle routing protocols properly?

What is a goal of the penetration testing report?

Identify the injection attack represented in the diagram below:

Which of the following is the range for assigned ports managed by the Internet Assigned Numbers Authority (IANA)?

Which of the following approaches to vulnerability assessment relies on the administrator providing baseline of system configuration and then scanning continuously without incorpor...

In the TCP/IP model, the transport layer is responsible for reliability and flow control from source to the destination. TCP provides the mechanism for flow control by allowing the...

Which of the following external pen testing tests reveals information on price, usernames and passwords, sessions, URL characters, special instructors, encryption used, and web pag...

You are conducting a penetration test against a company and you would like to know a personal email address of John, a crucial employee. What is the fastest, cheapest way to find o...

A Blind SQL injection is a type of SQL Injection attack that asks the database true or false questions and determines the answer based on the application response. This attack is o...

A penetration tester tries to transfer the database from the target machine to a different machine. For this, he uses OPENROWSET to link the target database to his own database, re...

Which of the following is an ARP cache poisoning technique aimed at network switches?

Which of the following documents helps in creating a confidential relationship between the pen tester and client to protect critical and confidential information or trade secrets?

TCP/IP model is a framework for the Internet Protocol suite of computer network protocols that defines the communication in an IP-based network. It provides end-to-end connectivity...

Amazon, an IT based company, conducts a survey on the usage of the Internet. They found that company employees spend most of the time at work surfing the web for their personal use...

Internet Control Message Protocol (ICMP) messages occur in many situations, such as whenever a datagram cannot reach the destination or the gateway does not have the buffering capa...

To locate the firewall, SYN packet is crafted using Hping or any other packet crafter and sent to the firewall. If ICMP unreachable type 13 message (which is an admin prohibited pa...

An automated electronic mail message from a mail system which indicates that the user does not exist on that server is called as?

Which of the following reports provides a summary of the complete pen testing process, its outcomes, and recommendations?

The IP protocol was designed for use on a wide variety of transmission links. Although the maximum length of an IP datagram is 64K, most transmission links enforce a smaller maximu...

Vulnerability assessment is an examination of the ability of a system or application, including the current security procedures and controls, to withstand assault. What does a vuln...

The Web parameter tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and...

This is a group of people hired to give details of the vulnerabilities present in the system found after a penetration test. They are elite and extremely competent penetration test...

ARP spoofing is a technique whereby an attacker sends fake ("spoofed") Address Resolution Protocol (ARP) messages onto a Local Area Network. Generally, the aim is to associate the...

Fuzz testing or fuzzing is a software/application testing technique used to discover coding errors and security loopholes in software, operating systems, or networks by inputting m...

Amazon Consulting Corporation provides penetration testing and managed security services to companies. Legality and regulatory compliance is one of the important components in cond...

Law enforcement officers are conducting a legal search for which a valid warrant was obtaineD. While conducting the search, officers observe an item of evidence for an unrelated cr...