412-79V9 Exam Questions

Which of the following reports provides a summary of the complete pen testing process, its outcomes, and recommendations?

Fuzzing testing or fuzzing is a software/application testing technique used to discover coding errors and security loopholes in software, operating systems, or networks by inputtin...

Port numbers are used to keep track of different conversations crossing the network at the same time. Both TCP and UDP use port (socket) numbers to pass information to the upper la...

John, the penetration tester in a pen test firm, was asked to find whether NTP services are opened on the target network (10.0.0.7) using Nmap tool. Which one of the following Nmap...

In the context of penetration testing, what does blue teaming mean?

Identify the port numbers used by POP3 and POP3S protocols.

The objective of social engineering pen testing is to test the strength of human factors in a security chain within the organization. It is often used to raise the level of securit...

What threat categories should you use to prioritize vulnerabilities detected in the pen testing report?

Which of the following has an offset field that specifies the length of the header and data?

What is the formula to calculate risk?

Which of the following defines the details of services to be provided for the client's organization and the list of services required for performing the test in the organization?

Which of the following is not a condition specified by Hamel and Prahalad (1990)?

The first and foremost step for a penetration test is information gathering. The main objective of this test is to gather information about the target system which can be used in a...

Today, most organizations would agree that their most valuable IT assets reside within applications and databases. Most would probably also agree that these are areas that have the...

James is testing the ability of his routers to withstand DoS attacks. James sends ICMP ECHO requests to the broadcast address of his network. What type of DoS attack is James testi...

In which of the following IDS evasion techniques does IDS reject the packets that an end system accepts?

Which of the following attacks does a hacker perform in order to obtain UDDI information such as businessEntity, businessService, bindingTemplate, and tModel?

DNS information records provide important data about:

Which of the following is NOT a pen testing component to be tested?

The SAM file in Windows Server 2008 is located in which of the following locations?

A firewall's decision to forward or reject traffic in network filtering is dependent upon which of the following?

What are the scanning techniques that are used to bypass firewall rules and logging mechanisms and disguise themselves as usual network traffic?

Which of the following shields Internet users from artificial DNS data, such as a deceptive or mischievous address instead of the genuine address that was requested?

Why is an appliance-based firewall more secure than those implemented on top of the commercial operating system (Software based)?

To perform a directory traversal attack, which sequence does a pen tester need to follow to manipulate variables of reference files?

During external penetration testing, which of the following techniques uses tools like Nmap to predict the sequence numbers generated by the targeted server and use this informatio...

Which of the following acts related to information security in the US establish that the management of an organization is responsible for establishing and maintaining an adequate i...

Identify the data security measure which defines a principle or state that ensures that an action or transaction cannot be denied.

Which search keywords would you use in the Google search engine to find all the PowerPoint presentations containing information about a target company, ROCHESTON?

Which type of security policy applies to the below configuration? i)Provides a maximum security while allowing known, but necessary, dangers ii)All services are blocked, nothing is...

Assessing a network from a hacker's point of view to discover the exploits and vulnerabilities that are accessible to the outside world is which sort of vulnerability assessment?

You work as an IT security auditor hired by a law firm in Boston. You have been assigned the responsibility to audit the client for security risks. When assessing the risk to the c...

A security policy is a document or set of documents that describes, at a high level, the security controls that will be implemented by the company. Which one of the following polic...

Identify the policy that defines the standards for the organizational network connectivity and security standards for computers that are connected in the organizational network.

Which one of the following acts related to the information security in the US fix the responsibility of management for establishing and maintaining an adequate internal control str...

Which one of the following acts makes reputational risk of poor security a reality because it requires public disclosure of any security breach that involves personal information i...

A framework is a fundamental structure used to support and resolve complex issues. The framework that delivers an efficient set of technologies in order to develop applications whi...

The framework primarily designed to fulfill a methodical and organized way of addressing five threat classes to network and that can be used to access, plan, manage, and maintain s...

A framework for security analysis is composed of a set of instructions, assumptions, and limitations to analyze and solve security concerns and develop threat free applications. Wh...

Identify the framework that comprises of five levels to guide agency assessment of their security programs and assist in prioritizing efforts for improvement:

TCP/IP provides a broad range of communication protocols for the various applications on the network. The TCP/IP model has four layers with major protocols included within each lay...

Transmission Control Protocol (TCP) is a connection-oriented four layer protocol. It is responsible for breaking messages into segments, re-assembling them at the destination stati...

Port numbers are used to keep track of different conversations crossing the network at the same time. Both TCP and UDP use port (socket) numbers to pass information to the upper la...

Firewall is an IP packet filter that enforces the filtering and security policies to the flowing network traffic. Using firewalls in IPv6 is still the best way of protection from l...

Which one of the following is a command line tool used for capturing data from the live network and copying those packets to a file?

Besides the policy implications of chat rooms, Internet Relay Chat (IRC) is frequented by attackers and used as a command and control mechanism. IRC normally uses which one of the...

Network scanning is used to identify the available network resources. Which one of the following is also known as a half-open scan, because a full TCP connection is never completed...

One needs to run "Scan Server Configuration" tool to allow a remote connection to Nessus from the remote Nessus clients. This tool allows the port and bound interface of the Nessus...

Which one of the following scans starts, but does not complete the TCP handshake sequence for each port selected, and it works well for direct scanning and often works well through...

Timing is an element of port-scanning that can catch one unaware. If scans are taking too long to complete or obvious ports are missing from the scan, various time parameters may n...