EC-Council 412-79v10 Free Practice Questions

NEW QUESTION 1
In the TCP/IP model, the transport layer is responsible for reliability and flow control from source to the destination. TCP provides the mechanism for flow control by allowing the sending and receiving hosts to communicate.
A flow control mechanism avoids the problem with a transmitting host overflowing the buffers in the receiving host.

• A. Sliding Windows
• B. Windowing
• C. Positive Acknowledgment with Retransmission (PAR)
• D. Synchronization

Answer: C

NEW QUESTION 2
Harold is a web designer who has completed a website for ghttech.net. As part of the maintenance agreement he signed with the client, Harold is performing research online and seeing how much exposure the site has received so far. Harold navigates to google.com and types in the following search. link:www.ghttech.net
What will this search produce?

• A. All sites that link to ghttech.net
• B. Sites that contain the code: link:www.ghttech.net
• C. All sites that ghttech.net links to
• D. All search engines that link to .net domains

Answer: A

NEW QUESTION 3
What are placeholders (or markers) in an HTML document that the web server will dynamically replace with data just before sending the requested documents to a browser?

• A. Server Side Includes
• B. Sort Server Includes
• C. Server Sort Includes
• D. Slide Server Includes

Answer: A

NEW QUESTION 4
What will the following URL produce in an unpatched IIS Web Server?

• A. Execute a buffer flow in the C: drive of the web server
• B. Insert a Trojan horse into the C: drive of the web server
• C. Directory listing of the C:windowssystem32 folder on the web server
• D. Directory listing of C: drive on the web server

Answer: D

NEW QUESTION 5
A chipset is a group of integrated circuits that are designed to work together and are usually marketed as a single product.” It is generally the motherboard chips or the chips used on the expansion card.
Which one of the following is well supported in most wireless applications?

• A. Orinoco chipsets
• B. Prism II chipsets
• C. Atheros Chipset
• D. Cisco chipset

Answer: B

NEW QUESTION 6
Simon is a former employee of Trinitron XML Inc. He feels he was wrongly terminated and wants to hack into his former company's network. Since Simon remembers some of the server names, he attempts to run the AXFR and IXFR commands using DIG. What is Simon trying to accomplish here?

• A. Enumerate all the users in the domain
• B. Perform DNS poisoning
• C. Send DOS commands to crash the DNS servers
• D. Perform a zone transfer

Answer: D

NEW QUESTION 7
Vulnerability assessment is an examination of the ability of a system or application, including current security procedures and controls, to withstand assault. It recognizes, measures, and classifies security vulnerabilities in a computer system, network, and communication channels.
A vulnerability assessment is used to identify weaknesses that could be exploited and predict the effectiveness of additional security measures in protecting information resources from attack.

Which of the following vulnerability assessment technique is used to test the web server infrastructure for any misconfiguration and outdated content?

• A. Passive Assessment
• B. Host-based Assessment
• C. External Assessment
• D. Application Assessment

Answer: D

NEW QUESTION 8
A framework is a fundamental structure used to support and resolve complex issues. The framework that delivers an efficient set of technologies in order to develop applications which are more secure in using Internet and Intranet is:

• A. Microsoft Internet Security Framework
• B. Information System Security Assessment Framework (ISSAF)
• C. Bell Labs Network Security Framework
• D. The IBM Security Framework

Answer: A

NEW QUESTION 9
Besides the policy implications of chat rooms, Internet Relay Chat (IRC) is frequented by attackers and used as a command and control mechanism. IRC normally uses which one of the following TCP ports?

• A. 6566 TCP port
• B. 6771 TCP port
• C. 6667 TCP port
• D. 6257 TCP port

Answer: C

NEW QUESTION 10
Wireless communication allows networks to extend to places that might otherwise go untouched by the wired networks. When most people say ‘Wireless’ these days, they are referring to one of the 802.11 standards. There are three main 802.11 standards: B, A, and G.
Which one of the following 802.11 types uses DSSS Modulation, splitting the 2.4ghz band into channels?

• A. 802.11b
• B. 802.11g
• C. 802.11-Legacy
• D. 802.11n

Answer: A

NEW QUESTION 11
In Linux, /etc/shadow file stores the real password in encrypted format for user’s account with added properties associated with the user’s password.

In the example of a /etc/shadow file below, what does the bold letter string indicate?
Vivek: $1$fnffc$GteyHdicpGOfffXX40w#5:13064:0:99999:7

• A. Number of days the user is warned before the expiration date
• B. Minimum number of days required between password changes
• C. Maximum number of days the password is valid
• D. Last password changed

Answer: B

NEW QUESTION 12
Vulnerability assessment is an examination of the ability of a system or application, including the current security procedures and controls, to withstand assault.

What does a vulnerability assessment identify?

• A. Disgruntled employees
• B. Weaknesses that could be exploited
• C. Physical security breaches
• D. Organizational structure

Answer: B

NEW QUESTION 13
Which of the following will not handle routing protocols properly?

• A. “Internet-router-firewall-net architecture”
• B. “Internet-firewall-router-net architecture”
• C. “Internet-firewall -net architecture”
• D. “Internet-firewall/router(edge device)-net architecture”

Answer: B

NEW QUESTION 14
Hackers today have an ever-increasing list of weaknesses in the web application structure at their disposal, which they can exploit to accomplish a wide variety of malicious tasks.

New flaws in web application security measures are constantly being researched, both by hackers and by security professionals. Most of these flaws affect all dynamic web applications whilst others are dependent on specific application technologies.
In both cases, one may observe how the evolution and refinement of web technologies also brings about new exploits which compromise sensitive databases, provide access to theoretically secure networks, and pose a threat to the daily operation of online businesses.
What is the biggest threat to Web 2.0 technologies?

• A. SQL Injection Attacks
• B. Service Level Configuration Attacks
• C. Inside Attacks
• D. URL Tampering Attacks

Answer: A

NEW QUESTION 15
You are trying to locate Microsoft Outlook Web Access Default Portal using Google search on the Internet. What search string will you use to locate them?

• A. intitle:"exchange server"
• B. outlook:"search"
• C. locate:"logon page"
• D. allinurl:"exchange/logon.asp"

Answer: D

NEW QUESTION 16
Information gathering is performed to:
i) Collect basic information about the target company and its network
ii) Determine the operating system used, platforms running, web server versions, etc.
iii) Find vulnerabilities and exploits

Which of the following pen testing tests yields information about a company’s technology infrastructure?

• A. Searching for web page posting patterns
• B. Analyzing the link popularity of the company’s website
• C. Searching for trade association directories
• D. Searching for a company’s job postings

Answer: D