Download EC-Council Certified Security Analyst.412-79v8.RealExams.2019-02-20.200q.vcex

Vendor: ECCouncil
Exam Code: 412-79v8
Exam Name: EC-Council Certified Security Analyst
Date: Feb 20, 2019
File Size: 10 MB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
Which of the following password cracking techniques is used when the attacker has some information about the password?
  1. Hybrid Attack
  2. Dictionary Attack
  3. Syllable Attack
  4. Rule-based Attack
Correct answer: D
Explanation:
Reference: http://202.154.59.182/mfile/files/Information%20System/Computer%20Forensics%3B%20Hard%20Disk%20and%20Operating%20Systems/CHAPTER%207%20Application%20Password%20Crackers.pdf (page 4, rule-based attack)
Reference: http://202.154.59.182/mfile/files/Information%20System/Computer%20Forensics%3B%20Hard%20Disk%20and%20Operating%20Systems/CHAPTER%207%20Application%20Password%20Crackers.pdf (page 4, rule-based attack)
Question 2
Which of the following is an application alert returned by a web application that helps an attacker guess a valid username?
  1. Invalid username or password
  2. Account username was not found
  3. Incorrect password
  4. Username or password incorrect
Correct answer: C
Question 3
A pen tester has extracted a database name by using a blind SQL injection. Now he begins to test the table inside the database using the below query and finds the table: 
http://juggyboy.com/page.aspx?id=1; IF (LEN(SELECT TOP 1 NAME from sysobjects where xtype='U')=3) WAITFOR DELAY '00:00:10'-- 
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),1,1)))=101) WAITFOR DELAY '00:00:10'-- 
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),2,1)))=109) WAITFOR DELAY '00:00:10'-- 
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),3,1)))=112) WAITFOR DELAY '00:00:10'— 
What is the table name?
  1. CTS
  2. QRT
  3. EMP
  4. ABC
Correct answer: C
Question 4
When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?
  1. Passive IDS
  2. Active IDS
  3. Progressive IDS
  4. NIPS
Correct answer: B
Question 5
HTTP protocol specifies that arbitrary binary characters can be passed within the URL by using %xx notation, where 'xx' is the
  1. ASCII value of the character
  2. Binary value of the character
  3. Decimal value of the character
  4. Hex value of the character
Correct answer: D
Explanation:
https://books.google.nl/books?id=0RfANAwOUdIC&pg=PA720&lpg=PA720&dq=%22xx+notation%22+binary&source=bl&ots=pGMqass7ti&sig=rnIg1xZ78ScUvuIlTmDY3r7REuc&hl=nl&sa=X&ei=8C4dVYe1NorgasrzgoAL&ved=0CEQQ6AEwBQ#v=onepage&q=%22xx%20notation%22%20binary&f=false
https://books.google.nl/books?id=0RfANAwOUdIC&pg=PA720&lpg=PA720&dq=%22xx+notation%22+binary&source=bl&ots=pGMqass7ti&sig=rnIg1xZ78ScUvuIlTmDY3r7REuc&hl=nl&sa=X&ei=8C4dVYe1NorgasrzgoAL&ved=0CEQQ6AEwBQ#v=onepage&q=%22xx%20notation%22%20binary&f=false
Question 6
Which of the following appendices gives detailed lists of all the technical terms used in the report?
  1. Required Work Efforts
  2. References
  3. Research
  4. Glossary
Correct answer: D
Explanation:
Refere’ http://en.wikipedia.org/wiki/Glossary
Refere’ http://en.wikipedia.org/wiki/Glossary
Question 7
An external intrusion test and analysis identify security weaknesses and strengths of the client's systems and networks as they appear from outside the client's security perimeter, usually from the Internet. The goal of an external intrusion test and analysis is to demonstrate the existence of known vulnerabilities that could be exploited by an external attacker.  
  
During external penetration testing, which of the following scanning techniques allow you to determine a port’s state without making a full connection to the host?
  1. XMAS Scan
  2. SYN scan
  3. FIN Scan
  4. NULL Scan
Correct answer: B
Question 8
Passwords protect computer resources and files from unauthorized access by malicious users. Using passwords is the most capable and effective way to protect information and to increase the security level of a company.  
Password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system to gain unauthorized access to a system.  
  
Which of the following password cracking attacks tries every combination of characters until the password is broken?
  1. Brute-force attack
  2. Rule-based attack
  3. Hybrid attack
  4. Dictionary attack
Correct answer: A
Explanation:
Reference: http://books.google.com.pk/books?id=m2qZNW4dcyIC&pg=PA237&lpg=PA237&dq=password+cracking+attacks+tries+every+combination+of+characters+until+the+password+is+broken&source=bl&ots=RKEUUo6LYj&sig=MPEfFBEpoO0yvOwMxYCoPQuqM5g&hl=en&sa=X&ei=ZdwdVJm3CoXSaPXsgPgM&ved=0CCEQ6AEwAQ#v=onepage&q=password%20cracking%20attacks%20tries%20every%20combination%20of%20characters%20until%20the%20password%20is%20broken&f=false
Reference: http://books.google.com.pk/books?id=m2qZNW4dcyIC&pg=PA237&lpg=PA237&dq=password+cracking+attacks+tries+every+combination+of+characters+until+the+password+is+broken&source=bl&ots=RKEUUo6LYj&sig=MPEfFBEpoO0yvOwMxYCoPQuqM5g&hl=en&sa=X&ei=ZdwdVJm3CoXSaPXsgPgM&ved=0CCEQ6AEwAQ#v=onepage&q=password%20cracking%20attacks%20tries%20every%20combination%20of%20characters%20until%20the%20password%20is%20broken&f=false
Question 9
Rules of Engagement (ROE) document provides certain rights and restriction to the test team for performing the test and helps testers to overcome legal, federal, and policy-related restrictions to use different penetration testing tools and techniques.  
  
What is the last step in preparing a Rules of Engagement (ROE) document?
  1. Conduct a brainstorming session with top management and technical teams
  2. Decide the desired depth for penetration testing
  3. Conduct a brainstorming session with top management and technical teams
  4. Have pre-contract discussions with different pen-testers
Correct answer: C
Question 10
Which of the following is a framework of open standards developed by the Internet Engineering Task Force (IETF) that provides secure transmission of the sensitive data over an unprotected medium, such as the Internet?
  1. DNSSEC
  2. Netsec
  3. IKE
  4. IPsec
Correct answer: D
Explanation:
Reference: http://www.cisco.com/c/en/us/td/docs/net_mgmt/vpn_solutions_center/2-0/ip_security/provisioning/guide/IPsecPG1.html
Reference: http://www.cisco.com/c/en/us/td/docs/net_mgmt/vpn_solutions_center/2-0/ip_security/provisioning/guide/IPsecPG1.html
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!