412-79V9 Exam Questions

Which of the following password cracking techniques is used when the attacker has some information about the password?

Which of the following is an application alert returned by a web application that helps an attacker guess a valid username?

When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?

HTTP protocol specifies that arbitrary binary characters can be passed within the URL by using %xx notation, where 'xx' is the

Which of the following is a framework of open standards developed by the Internet Engineering Task Force (IETF) that provides secure transmission of the sensitive data over an unpr...

An external intrusion test and analysis identify security weaknesses and strengths of the client's systems and networks as they appear from outside the client's security perimeter,...

Passwords protect computer resources and files from unauthorized access by malicious users. Using passwords is the most capable and effective way to protect information and to incr...

Rules of Engagement (ROE) document provides certain rights and restriction to the test team for performing the test and helps testers to overcome legal, federal, and policy-related...

Mason is footprinting an organization to gather competitive intelligence. He visits the company's website for contact information and telephone numbers but does not find any. He kn...

Application security assessment is one of the activity that a pen tester performs in the attack phase. It is designed to identify and assess threats to the organization through bes...

Which of the following is not a characteristic of a firewall?

The IP protocol was designed for use on a wide variety of transmission links. Although the maximum length of an IP datagram is 64K, most transmission links enforce a smaller maximu...

From where can clues about the underlying application environment can be collected?

Which of the following information gathering techniques collects information from an organization's web-based calendar and email services?

Which Wireshark filter displays all the packets where the IP address of the source host is 10.0.0.7?

Which of the following statements is true about the LM hash?

Which of the following statements holds true for TCP Operation?

Which of the following will not handle routing protocols properly?

What is a goal of the penetration testing report?

What type of attack would you launch after successfully deploying ARP spoofing?

Which agreement requires a signature from both the parties (the penetration tester and the company)?

John, the penetration testing manager in a pen testing firm, needs to prepare a pen testing pricing report for a client. Which of the following factors does he need to consider whi...

A wireless intrusion detection system (WIDS) monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools. The system moni...

What are the two types of 'white-box' penetration testing?

Which of the following is not the SQL injection attack character?

Which of the following is the objective of Gramm-Leach-Bliley Act?

In a TCP packet filtering firewall, traffic is filtered based on specified session rules, such as when a session is initiated by a recognized computer. Identify the level up to whi...

Phishing is typically carried out by email spoofing or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to t...

Which of the following are the default ports used by NetBIOS service?

What is the maximum value of a "tinyint" field in most database systems?

Which of the following policies states that the relevant application owner must authorize requests for additional access to specific business applications in writing to the IT Depa...

Most commonly, SQL injection vulnerabilities are a result of coding vulnerabilities during the Implementation/Development phase and will likely require code changes. Pen testers ne...

Which of the following is NOT related to the Internal Security Assessment penetration testing strategy?

What are placeholders (or markers) in an HTML document that the web server will dynamically replace with data just before sending the requested documents to a browser?

Attackers create secret accounts and gain illegal access to resources using backdoor while bypassing the authentication procedures. Creating a backdoor is a where an attacker obtai...

Which of the following factors is NOT considered while preparing the scope of the Rules of Engagment (ROE)?

Which of the following protocols cannot be used to filter VoIP traffic?

Active reconnaissance which includes activities such as network mapping, web profiling, and perimeter mapping is a part which phase(s)?

Identify the type of testing that is carried out without giving any information to the employees or administrative head of the organization.

Which of the following factors is NOT considered while preparing a price quote to perform pen testing?

Identify the transition mechanism to deploy IPv6 on the IPv4 network from the following diagram.

John, a penetration tester, was asked for a document that defines the project, specifies goals, objectives, deadlines, the resources required, and the approach of the project. Whic...

A WHERE clause in SQL specifies that a SQL Data Manipulation Language (DML) statement should only affect rows that meet specified criteri a. The criteria are expressed in the form...

Which of the following types of penetration testing is performed with no prior knowledge of the site?

Which of the following pen testing tests yields information about a company's technology infrastructure?

While performing ICMP scanning using Nmap tool, message received/type displays "3 - Destination Unreachable[S!]" and code 3. Which of the following is an appropriate description of...

What is the difference between penetration testing and vulnerability testing?

Which type of vulnerability assessment tool provides security to the IT system by testing for vulnerabilities in the applications and operation system?

Traffic on which unusual for both the TCP and UDP ports?

Which of the following statements is true about Multi-Layer Intrusion Detection Systems (mlDSs)?