EC-Council 412-79v10 Dumps 2021

NEW QUESTION 1
Jim performed a vulnerability analysis on his network and found no potential problems. He runs another utility that executes exploits against his system to verify the results of the vulnerability test. The second utility executes five known exploits against his network in which the vulnerability analysis said were not exploitable.
What kind of results did Jim receive from his vulnerability analysis?

• A. True negatives
• B. False negatives
• C. False positives
• D. True positives

Answer: B

NEW QUESTION 2
Which of the following has an offset field that specifies the length of the header and data?

• A. IP Header
• B. UDP Header
• C. ICMP Header
• D. TCP Header

Answer: D

NEW QUESTION 3
Kimberly is studying to be an IT security analyst at a vocational school in her town. The school offers
many different programming as well as networking languages. What networking protocol language should she learn that routers utilize?

• A. OSPF
• B. BPG
• C. ATM
• D. UDP

Answer: A

NEW QUESTION 4
Larry is an IT consultant who works for corporations and government agencies. Larry plans on shutting down the city's network using BGP devices and Zombies? What type of Penetration Testing is Larry planning to carry out?

• A. Internal Penetration Testing
• B. Firewall Penetration Testing
• C. DoS Penetration Testing
• D. Router Penetration Testing

Answer: C

NEW QUESTION 5
The IP protocol was designed for use on a wide variety of transmission links. Although the maximum length of an IP datagram is 64K, most transmission links enforce a smaller maximum packet length limit, called a MTU.
The value of the MTU depends on the type of the transmission link. The design of IP accommodates MTU differences by allowing routers to fragment IP datagrams as necessary. The receiving station is responsible for reassembling the fragments back into the original full size IP datagram.
IP fragmentation involves breaking a datagram into a number of pieces that can be reassembled later. The IP source, destination, identification, total length, and fragment offset fields in the IP header, are used for IP fragmentation and reassembly.

The fragment offset is 13 bits and indicates where a fragment belongs in the original IP datagram. This value is a:

• A. Multiple of four bytes
• B. Multiple of two bytes
• C. Multiple of eight bytes
• D. Multiple of six bytes

Answer: C

NEW QUESTION 6
Which one of the following tools of trade is an automated, comprehensive penetration testing product for assessing the specific information security threats to an organization?

• A. Sunbelt Network Security Inspector (SNSI)
• B. CORE Impact
• C. Canvas
• D. Microsoft Baseline Security Analyzer (MBSA)

Answer: C

NEW QUESTION 7
Which of the following is not the SQL injection attack character?

• A. $
• B. PRINT
• C. #
• D. @@variable

Answer: A

NEW QUESTION 8
Which one of the following log analysis tools is a Cisco Router Log Format log analyzer and it parses logs, imports them into a SQL database (or its own built-in database), aggregates them, and generates the dynamically filtered reports, all through a web interface?

• A. Event Log Tracker
• B. Sawmill
• C. Syslog Manager
• D. Event Log Explorer

Answer: B

NEW QUESTION 9
Which of the following approaches to vulnerability assessment relies on the administrator providing baseline of system configuration and then scanning continuously without incorporating any information found at the time of scanning?

• A. Service-based Assessment Solutions
• B. Product-based Assessment Solutions
• C. Tree-based Assessment
• D. Inference-based Assessment

Answer: C

NEW QUESTION 10
Which one of the following architectures has the drawback of internally considering the hosted services individually?

• A. Weak Screened Subnet Architecture
• B. "Inside Versus Outside" Architecture
• C. "Three-Homed Firewall" DMZ Architecture
• D. Strong Screened-Subnet Architecture

Answer: C

NEW QUESTION 11
After passively scanning the network of Department of Defense (DoD), you switch over to active scanning to identify live hosts on their network. DoD is a large organization and should respond to any number of scans. You start an ICMP ping sweep by sending an IP packet to the broadcast address.
Only five hosts responds to your ICMP pings; definitely not the number of hosts you were expecting. Why did this ping sweep only produce a few responses?

• A. A switched network will not respond to packets sent to the broadcast address
• B. Only IBM AS/400 will reply to this scan
• C. Only Unix and Unix-like systems will reply to this scan
• D. Only Windows systems will reply to this scan

Answer: C

NEW QUESTION 12
In the process of hacking a web application, attackers manipulate the HTTP requests to subvert the application authorization schemes by modifying input fields that relate to the user ID, username, access group, cost, file names, file identifiers, etc.
They first access the web application using a low privileged account and then escalate privileges to access protected resources. What attack has been carried out?

• A. XPath Injection Attack
• B. Authorization Attack
• C. Authentication Attack
• D. Frame Injection Attack

Answer: B

NEW QUESTION 13
Which vulnerability assessment phase describes the scope of the assessment, identifies and ranks the critical assets, and creates proper information protection procedures such as effective planning, scheduling, coordination, and logistics?

• A. Threat-Assessment Phase
• B. Pre-Assessment Phase
• C. Assessment Phase
• D. Post-Assessment Phase

Answer: B

NEW QUESTION 14
Terri works for a security consulting firm that is currently performing a penetration test on First National Bank in Tokyo. Terri's duties include bypassing firewalls and switches to gain access to the network. Terri sends an IP packet to one of the company's switches with ACK bit and the source address of her machine set.
What is Terri trying to accomplish by sending this IP packet?

• A. Poison the switch's MAC address table by flooding it with ACK bits
• B. Enable tunneling feature on the switch
• C. Trick the switch into thinking it already has a session with Terri's computer
• D. Crash the switch with a DoS attack since switches cannot send ACK bits

Answer: C

NEW QUESTION 15
The first phase of the penetration testing plan is to develop the scope of the project in consultation with the client. Pen testing test components depend on the client’s operating environment, threat perception, security and compliance requirements, ROE, and budget.
Various components need to be considered for testing while developing the scope of the project.

Which of the following is NOT a pen testing component to be tested?

• A. System Software Security
• B. Intrusion Detection
• C. Outside Accomplices
• D. Inside Accomplices

Answer: C

NEW QUESTION 16
A firewall’s decision to forward or reject traffic in network filtering is dependent upon which of the following?

• A. Destination address
• B. Port numbers
• C. Source address
• D. Protocol used

Answer: D

NEW QUESTION 17
Which of the following pen testing reports provides detailed information about all the tasks performed during penetration testing?

• A. Client-Side Test Report
• B. Activity Report
• C. Host Report
• D. Vulnerability Report

Answer: A

NEW QUESTION 18
Which one of the following scans starts, but does not complete the TCP handshake sequence for each port selected, and it works well for direct scanning and often works well through firewalls?

• A. SYN Scan
• B. Connect() scan
• C. XMAS Scan
• D. Null Scan

Answer: A

NEW QUESTION 19
One needs to run “Scan Server Configuration” tool to allow a remote connection to Nessus from the remote Nessus clients. This tool allows the port and bound interface of the Nessus daemon to be configured.
By default, the Nessus daemon listens to connections on which one of the following?

• A. Localhost (127.0.0.1) and port 1241
• B. Localhost (127.0.0.1) and port 1240
• C. Localhost (127.0.0.1) and port 1246
• D. Localhost (127.0.0.0) and port 1243

Answer: A