Download EC-Council Certified Security Analyst.412-79v8.PracticeTest.2018-08-19.114q.vcex

Vendor: ECCouncil
Exam Code: 412-79v8
Exam Name: EC-Council Certified Security Analyst
Date: Aug 19, 2018
File Size: 7 MB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
What is a goal of the penetration testing report?  
  
  
  1. The penetration testing report helps you comply with local laws and regulations related to environmental conditions in the organization.
  2. The penetration testing report allows you to sleep better at night thinking your organization is protected
  3. The pen testing report helps executive management to make decisions on implementing security controls in the organization and helps the security team implement security controls and patch any flaws discovered during testing.
  4. The penetration testing report allows you to increase sales performance by effectively communicating with the internal security team.
Correct answer: C
Question 2
Which of the following is the range for assigned ports managed by the Internet Assigned Numbers Authority (IANA)?
  1. 3001-3100
  2. 5000-5099
  3. 6666-6674
  4. 0 – 1023
Correct answer: D
Explanation:
Reference: https://www.ietf.org/rfc/rfc1700.txt (well known port numbers, 4th para)
Reference: https://www.ietf.org/rfc/rfc1700.txt (well known port numbers, 4th para)
Question 3
Identify the injection attack represented in the diagram below: 
  
  
  1. XPath Injection Attack
  2. XML Request Attack
  3. XML Injection Attack
  4. Frame Injection Attack
Correct answer: C
Explanation:
Reference: http://projects.webappsec.org/w/page/13247004/XML%20Injection
Reference: http://projects.webappsec.org/w/page/13247004/XML%20Injection
Question 4
Which of the following approaches to vulnerability assessment relies on the administrator providing baseline of system configuration and then scanning continuously without incorporating any information found at the time of scanning?  
  
  
  1. Service-based Assessment Solutions
  2. Product-based Assessment Solutions
  3. Tree-based Assessment
  4. Inference-based Assessment
Correct answer: C
Explanation:
Reference: http://www.netsense.info/downloads/security_wp_mva.pdf (page 12, tree-based assessment technology, second para)
Reference: http://www.netsense.info/downloads/security_wp_mva.pdf (page 12, tree-based assessment technology, second para)
Question 5
The Web parameter tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. Usually, this information is stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control.  
This attack takes advantage of the fact that many programmers rely on hidden or fixed fields (such as a hidden tag in a form or a parameter in a URL) as the only security measure for certain operations. Attackers can easily modify these parameters to bypass the security mechanisms that rely on them.  
  
What is the best way to protect web applications from parameter tampering attacks?
  1. Validating some parameters of the web application
  2. Minimizing the allowable length of parameters
  3. Using an easily guessable hashing algorithm
  4. Applying effective input field filtering parameters
Correct answer: D
Question 6
Vulnerability assessment is an examination of the ability of a system or application, including the current security procedures and controls, to withstand assault.  
  
What does a vulnerability assessment identify?
  1. Disgruntled employees
  2. Weaknesses that could be exploited
  3. Physical security breaches
  4. Organizational structure
Correct answer: B
Question 7
This is a group of people hired to give details of the vulnerabilities present in the system found after a penetration test. They are elite and extremely competent penetration testers and intrusion analysts. This team prepares a report on the vulnerabilities in the system, attack methods, and how to defend against them.  
  
What is this team called?
  1. Blue team
  2. Tiger team
  3. Gorilla team
  4. Lion team
Correct answer: B
Question 8
ARP spoofing is a technique whereby an attacker sends fake ("spoofed") Address Resolution Protocol (ARP) messages onto a Local Area Network. Generally, the aim is to associate the attacker's MAC address with the IP address of another host (such as the default gateway), causing any traffic meant for that IP address to be sent to the attacker instead.  
ARP spoofing attack is used as an opening for other attacks.  
  
What type of attack would you launch after successfully deploying ARP spoofing?
  1. Parameter Filtering
  2. Social Engineering
  3. Input Validation
  4. Session Hijacking
Correct answer: D
Explanation:
Reference: http://en.wikipedia.org/wiki/ARP_spoofing
Reference: http://en.wikipedia.org/wiki/ARP_spoofing
Question 9
Amazon Consulting Corporation provides penetration testing and managed security services to companies. Legality and regulatory compliance is one of the important components in conducting a successful security audit.  
Before starting a test, one of the agreements both the parties need to sign relates to limitations, constraints, liabilities, code of conduct, and indemnification considerations between the parties.  
  
Which agreement requires a signature from both the parties (the penetration tester and the company)?
  1. Non-disclosure agreement
  2. Client fees agreement
  3. Rules of engagement agreement
  4. Confidentiality agreement
Correct answer: C
Question 10
John, the penetration testing manager in a pen testing firm, needs to prepare a pen testing pricing report for a client.  
Which of the following factors does he need to consider while preparing the pen testing pricing report? 
  
  1. Number of employees in the client organization
  2. Complete structure of the organization
  3. Number of client computers to be tested and resources required to perform a pen test
  4. Number of servers available in the client organization
Correct answer: C
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!