EC-COUNCIL 412-79V8 Online Practice Questions and Exam Preparation

EC-COUNCIL 412-79V8 Online Questions & Answers

• Question 111:

  Which of the following password cracking techniques is used when the attacker has some information about the password?

  A. Hybrid Attack
  B. Dictionary Attack
  C. Syllable Attack
  D. Rule-based Attack
  D. Rule-based Attack

• Question 112:

  Which one of the following commands is used to search one of more files for a specific pattern and it helps in organizing the firewall log files?

  A. grpck
  B. grep
  C. gpgv
  D. gprn
  B. grep

• Question 113:

  Mason is footprinting an organization to gather competitive intelligence. He visits the company's website for contact information and telephone numbers but does not find any. He knows the entire staff directory was listed on their website 12 months. How can he find the directory?

  A. Visit Google's search engine and view the cached copy
  B. Crawl and download the entire website using the Surfoffline tool and save them to his computer
  C. Visit the company's partners' and customers' website for this information
  D. Use WayBackMachine in Archive.org web site to retrieve the Internet archive
  D. Use WayBackMachine in Archive.org web site to retrieve the Internet archive

• Question 114:

  Which of the following approaches to vulnerability assessment relies on the administrator providing baseline of system configuration and then scanning continuously without incorporating any information found at the time of scanning?

  

  A. Service-based Assessment Solutions
  B. Product-based Assessment Solutions
  C. Tree-based Assessment
  D. Inference-based Assessment
  C. Tree-based Assessment

• Question 115:

  War Driving is the act of moving around a specific area, mapping the population of wireless access points for statistical purposes. These statistics are then used to raise awareness of the security problems associated with these types of networks. Which one of the following is a Linux based program that exploits the weak IV (Initialization Vector) problem documented with static WEP?

  A. Airsnort
  B. Aircrack
  C. WEPCrack
  D. Airpwn
  A. Airsnort

• Question 116:

  Windows stores user passwords in the Security Accounts Manager database (SAM), or in the Active Directory database in domains. Passwords are never stored in clear text; passwords are hashed and the results are stored in the SAM. NTLM and LM authentication protocols are used to securely store a user's password in the SAM database using different hashing methods.

  

  The SAM file in Windows Server 2008 is located in which of the following locations?

  A. c:\windows\system32\config\SAM
  B. c:\windows\system32\drivers\SAM
  C. c:\windows\system32\Setup\SAM
  D. c:\windows\system32\Boot\SAM
  A. c:\windows\system32\config\SAM

• Question 117:

  Snort, an open source network-based intrusion detection sensor, is the most widely installed NIDS in the world. It can be configured to run in the four modes. Which one of the following modes reads the packets off the network and displays them in a continuous stream on the console (screen)?

  A. Packet Sniffer Mode
  B. Packet Logger Mode
  C. Network Intrusion Detection System Mode
  D. Inline Mode
  A. Packet Sniffer Mode

• Question 118:

  Attackers create secret accounts and gain illegal access to resources using backdoor while bypassing the authentication procedures. Creating a backdoor is a where an attacker obtains remote access to a computer on a network.

  

  Which of the following techniques do attackers use to create backdoors to covertly gather critical information about a target machine?

  A. Internal network mapping to map the internal network of the target machine
  B. Port scanning to determine what ports are open or in use on the target machine
  C. Sniffing to monitor all the incoming and outgoing network traffic
  D. Social engineering and spear phishing attacks to install malicious programs on the target machine
  D. Social engineering and spear phishing attacks to install malicious programs on the target machine

• Question 119:

  Which of the following is the objective of Gramm-Leach-Bliley Act?

  A. To ease the transfer of financial information between institutions and banks
  B. To protect the confidentiality, integrity, and availability of data
  C. To set a new or enhanced standards for all U.S. public company boards, management and public accounting firms
  D. To certify the accuracy of the reported financial statement
  B. To protect the confidentiality, integrity, and availability of data

• Question 120:

  The amount of data stored in organizational databases has increased rapidly in recent years due to the rapid advancement of information technologies. A high percentage of these data is sensitive, private and critical to the organizations, their clients and partners.

  Therefore, databases are usually installed behind internal firewalls, protected with intrusion detection mechanisms and accessed only by applications. To access a database, users have to connect to one of these applications and submit queries through them to the database. The threat to databases arises when these applications do not behave properly and construct these queries without sanitizing user inputs first. Identify the injection attack represented in the diagram below:

  

  A. Frame Injection Attack
  B. LDAP Injection Attack
  C. XPath Injection Attack
  D. SOAP Injection Attack
  B. LDAP Injection Attack