EC-Council 412-79v10 Free Practice Questions

NEW QUESTION 1
Transmission control protocol accepts data from a data stream, divides it into chunks, and adds a TCP header creating a TCP segment. The TCP header is the first 24 bytes of a TCP segment that contains the parameters and state of an end-to-end TCP socket. It is used to track the state of communication between two TCP endpoints.
For a connection to be established or initialized, the two hosts must synchronize. The synchronization requires each side to send its own initial sequence number and to receive a confirmation of exchange in an acknowledgment (ACK) from the other side
The below diagram shows the TCP Header format:

• A. 16 bits
• B. 32 bits
• C. 8 bits
• D. 24 bits

Answer: B

NEW QUESTION 2
Which one of the following is a useful formatting token that takes an int * as an argument, and writes the number of bytes already written, to that location?

• A. “%n”
• B. “%s”
• C. “%p”
• D. “%w”

Answer: A

NEW QUESTION 3
The term social engineering is used to describe the various tricks used to fool people (employees, business partners, or customers) into voluntarily giving away information that would not normally be known to the general public.

What is the criminal practice of social engineering where an attacker uses the telephone system in an attempt to scam the user into surrendering private information?

• A. Phishing
• B. Spoofing
• C. Tapping
• D. Vishing

Answer: D

NEW QUESTION 4
You are the security analyst working for a private company out of France. Your current assignment is to obtain credit card information from a Swiss bank owned by that company. After initial reconnaissance, you discover that the bank security defenses are very strong and would take too long to penetrate. You decide to get the information by monitoring the traffic between the bank and one of its subsidiaries in London.
After monitoring some of the traffic, you see a lot of FTP packets traveling back and forth. You want to sniff the traffic and extract usernames and passwords. What tool could you use to get this information?

• A. RaidSniff
• B. Snort
• C. Ettercap
• D. Airsnort

Answer: C

NEW QUESTION 5
Metasploit framework in an open source platform for vulnerability research, development, and penetration testing. Which one of the following metasploit options is used to exploit multiple systems at once?

• A. NinjaDontKill
• B. NinjaHost
• C. RandomNops
• D. EnablePython

Answer: A

NEW QUESTION 6
Which of the following statements is true about Multi-Layer Intrusion Detection Systems (mIDSs)?

• A. Decreases consumed employee time and increases system uptime
• B. Increases detection and reaction time
• C. Increases response time
• D. Both Decreases consumed employee time and increases system uptime and Increases response time

Answer: A

NEW QUESTION 7
Variables are used to define parameters for detection, specifically those of your local network and/or specific servers or ports for inclusion or exclusion in rules. These are simple substitution variables set with the var keyword.
Which one of the following operator is used to define meta-variables?

• A. “$”
• B. “#”
• C. “*”
• D. “?”

Answer: A

NEW QUESTION 8
Which of the following statement holds true for TCP Operation?

• A. Port numbers are used to know which application the receiving host should pass the data to
• B. Sequence numbers are used to track the number of packets lost in transmission
• C. Flow control shows the trend of a transmitting host overflowing the buffers in the receiving host
• D. Data transfer begins even before the connection is established

Answer: D

NEW QUESTION 9
SQL injection attacks are becoming significantly more popular amongst hackers and there has been an estimated 69 percent increase of this attack type.
This exploit is used to great effect by the hacking community since it is the primary way to steal sensitive data from web applications. It takes advantage of non-validated input vulnerabilities to pass SQL commands through a web application for execution by a back-end database.
The below diagram shows how attackers launched SQL injection attacks on web applications.

Which of the following can the attacker use to launch an SQL injection attack?

• A. Blah' “2=2 –“
• B. Blah' and 2=2 --
• C. Blah' and 1=1 --
• D. Blah' or 1=1 --

Answer: D

NEW QUESTION 10
In the process of hacking a web application, attackers manipulate the HTTP requests to subvert the application authorization schemes by modifying input fields that relate to the user ID, username, access group, cost, file names, file identifiers, etc.
They first access the web application using a low privileged account and then escalate privileges to access protected resources. What attack has been carried out?

• A. XPath Injection Attack
• B. Authorization Attack
• C. Authentication Attack
• D. Frame Injection Attack

Answer: B

NEW QUESTION 11
Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM file on a computer. Where should Harold navigate on the computer to find the file?

• A. %systemroot%LSA
• B. %systemroot%repair
• C. %systemroot%system32driversetc
• D. %systemroot%system32LSA

Answer: B

NEW QUESTION 12
Snort, an open source network-based intrusion detection sensor, is the most widely installed NIDS in the world. It can be configured to run in the four modes. Which one of the following modes reads the packets off the network and displays them in a continuous stream on the console (screen)?

• A. Packet Sniffer Mode
• B. Packet Logger Mode
• C. Network Intrusion Detection System Mode
• D. Inline Mode

Answer: A

NEW QUESTION 13
Paulette works for an IT security consulting company that is currently performing an audit for the firm
ACE Unlimited. Paulette's duties include logging on to all the company's network equipment to ensure IOS versions are up-to-date and all the other security settings are as stringent as possible.
Paulette presents the following screenshot to her boss so he can inform the clients about necessary changes need to be made. From the screenshot, what changes should the client company make?
Exhibit:

• A. The banner should not state "only authorized IT personnel may proceed"
• B. Remove any identifying numbers, names, or version information
• C. The banner should include the Cisco tech support contact information as well
• D. The banner should have more detail on the version numbers for the network equipment

Answer: B

NEW QUESTION 14
You are running known exploits against your network to test for possible vulnerabilities. To test the strength of your virus software, you load a test network to mimic your production network. Your software successfully blocks some simple macro and encrypted viruses.
You decide to really test the software by using virus code where the code rewrites itself entirely and the signatures change from child to child, but the functionality stays the same. What type of virus is this that you are testing?

• A. Metamorphic
• B. Oligomorhic
• C. Polymorphic
• D. Transmorphic

Answer: A

NEW QUESTION 15
Which type of vulnerability assessment tool provides security to the IT system by testing for vulnerabilities in the applications and operation system?

• A. Active/Passive Tools
• B. Application-layer Vulnerability Assessment Tools
• C. Location/Data Examined Tools
• D. Scope Assessment Tools

Answer: D

NEW QUESTION 16
Which of the following attributes has a LM and NTLMv1 value as 64bit + 64bit + 64bit and NTLMv2 value as 128 bits?

• A. Hash Key Length
• B. C/R Value Length
• C. C/R Key Length
• D. Hash Value Length

Answer: B