Improve EC-Council Certified Security Analyst (ECSA) V9 412-79v9 Braindump

NEW QUESTION 1
Which one of the following Snort logger mode commands is associated to run a binary log file through Snort in sniffer mode to dump the packets to the screen?

• A. ./snort -dvr packet.log icmp
• B. ./snort -dev -l ./log
• C. ./snort -dv -r packet.log
• D. ./snort -l ./log –b

Answer: C

NEW QUESTION 2
The SnortMain () function begins by associating a set of handlers for the signals, Snort receives. It does this using the signal () function. Which one of the following functions is used as a programspecific signal and the handler for this calls the DropStats() function to output the current Snort statistics?

• A. SIGUSR1
• B. SIGTERM
• C. SIGINT
• D. SIGHUP

Answer: A

NEW QUESTION 3
Mason is footprinting an organization to gather competitive intelligence. He visits the company's website for contact information and telephone numbers but does not find any. He knows the entire staff directory was listed on their website 12 months. How can he find the directory?

• A. Visit Google’s search engine and view the cached copy
• B. Crawl and download the entire website using the Surfoffline tool and save them to his computer
• C. Visit the company's partners’ and customers' website for this information
• D. Use WayBackMachine in Archive.org web site to retrieve the Internet archive

Answer: D

NEW QUESTION 4
In which of the following IDS evasion techniques does IDS reject the packets that an end system accepts?

• A. IPS evasion technique
• B. IDS evasion technique
• C. UDP evasion technique
• D. TTL evasion technique

Answer: D

Explanation:
Reference: http://is.muni.cz/th/172999/fi_m/MT_Bukac.pdf (page 24)

NEW QUESTION 5
A firewall’s decision to forward or reject traffic in network filtering is dependent upon which of the following?

• A. Destination address
• B. Port numbers
• C. Source address
• D. Protocol used

Answer: D

Explanation:
Reference: http://www.vicomsoft.com/learning-center/firewalls/ (what does a firewall do)

NEW QUESTION 6
Identify the injection attack represented in the diagram below:

• A. XPath Injection Attack
• B. XML Request Attack
• C. XML Injection Attack
• D. Frame Injection Attack

Answer: C

Explanation:
Reference: http://projects.webappsec.org/w/page/13247004/XML%20Injection

NEW QUESTION 7
Which of the following is not a condition specified by Hamel and Prahalad (1990)?

• A. Core competency should be aimed at protecting company interests
• B. Core competency is hard for competitors to imitate
• C. Core competency provides customer benefits
• D. Core competency can be leveraged widely to many products and markets

Answer: A

Explanation:
Reference: http://www.studymode.com/essays/Hamel-Prahalad-Core-Competency- 1228370.html

NEW QUESTION 8
Amazon Consulting Corporation provides penetration testing and managed security services to companies. Legality and regulatory compliance is one of the important components in conducting a successful security audit.
Before starting a test, one of the agreements both the parties need to sign relates to limitations, constraints, liabilities, code of conduct, and indemnification considerations between the parties.

Which agreement requires a signature from both the parties (the penetration tester and the company)?

• A. Non-disclosure agreement
• B. Client fees agreement
• C. Rules of engagement agreement
• D. Confidentiality agreement

Answer: C

NEW QUESTION 9
Which of the following methods is used to perform server discovery?

• A. Banner Grabbing
• B. Whois Lookup
• C. SQL Injection
• D. Session Hijacking

Answer: B

Explanation:
Reference: http://luizfirmino.blogspot.com/2011/09/server-discovery.html

NEW QUESTION 10
Rules of Engagement (ROE) document provides certain rights and restriction to the test team for performing the test and helps testers to overcome legal, federal, and policy-related restrictions to use different penetration testing tools and techniques.

What is the last step in preparing a Rules of Engagement (ROE) document?

• A. Conduct a brainstorming session with top management and technical teams
• B. Decide the desired depth for penetration testing
• C. Conduct a brainstorming session with top management and technical teams
• D. Have pre-contract discussions with different pen-testers

Answer: C

NEW QUESTION 11
Wireshark is a network analyzer. It reads packets from the network, decodes them, and presents them in an easy-to-understand format. Which one of the following is the command-line version of Wireshark, which can be used to capture the live packets from the wire or to read the saved capture files?

• A. Tcpdump
• B. Capinfos
• C. Tshark
• D. Idl2wrs

Answer: B

NEW QUESTION 12
You have compromised a lower-level administrator account on an Active Directory network of a small company in Dallas, Texas. You discover Domain Controllers through enumeration. You connect to one of the Domain Controllers on port 389 using Idp.exe. What are you trying to accomplish here?

• A. Poison the DNS records with false records
• B. Enumerate MX and A records from DNS
• C. Establish a remote connection to the Domain Controller
• D. Enumerate domain user accounts and built-in groups

Answer: D

NEW QUESTION 13
John, the penetration testing manager in a pen testing firm, needs to prepare a pen testing pricing report for a client.
Which of the following factors does he need to consider while preparing the pen testing pricing report?

• A. Number of employees in the client organization
• B. Complete structure of the organization
• C. Number of client computers to be tested and resources required to perform a pen test
• D. Number of servers available in the client organization

Answer: C

NEW QUESTION 14
To locate the firewall, SYN packet is crafted using Hping or any other packet crafter and sent to the firewall. If ICMP unreachable type 13 message (which is an admin prohibited packet) with a source IP address of the access control device is received, then it means which of the following type of firewall is in place?

• A. Circuit level gateway
• B. Stateful multilayer inspection firewall
• C. Packet filter
• D. Application level gateway

Answer: C

NEW QUESTION 15
The first phase of the penetration testing plan is to develop the scope of the project in consultation with the client. Pen testing test components depend on the client’s operating environment, threat perception, security and compliance requirements, ROE, and budget. Various components need to be considered for testing while developing the scope of the project.

Which of the following is NOT a pen testing component to be tested?

• A. System Software Security
• B. Intrusion Detection
• C. Outside Accomplices
• D. Inside Accomplices

Answer: C

NEW QUESTION 16
Fuzz testing or fuzzing is a software/application testing technique used to discover coding errors and security loopholes in software, operating systems, or networks by inputting massive amounts of random data, called fuzz, to the system in an attempt to make it crash.
Fuzzers work best for problems that can cause a program to crash, such as buffer overflow, cross-site scripting, denial of service attacks, format bugs, and SQL injection.
Fuzzer helps to generate and submit a large number of inputs supplied to the application for testing it against the inputs. This will help us to identify the SQL inputs that generate malicious output.
Suppose a pen tester knows the underlying structure of the database used by the application (i.e., name, number of columns, etc.) that she is testing.
Which of the following fuzz testing she will perform where she can supply specific data to the application to discover vulnerabilities?

• A. Clever Fuzz Testing
• B. Dumb Fuzz Testing
• C. Complete Fuzz Testing
• D. Smart Fuzz Testing

Answer: D

NEW QUESTION 17
Which of the following acts related to information security in the US establish that the management of an organization is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting?

• A. USA Patriot Act 2001
• B. Sarbanes-Oxley 2002
• C. Gramm-Leach-Bliley Act (GLBA)
• D. California SB 1386

Answer: A

Explanation:
Reference: http://www.sec.gov/rules/final/33-8238.htm (see background)

NEW QUESTION 18
John, a penetration tester from a pen test firm, was asked to collect information about the host file in a Windows system directory. Which of the following is the location of the host file in Window system directory?

• A. C:WindowsSystem32Boot
• B. C:WINNTsystem32driversetc
• C. C:WINDOWSsystem32cmd.exe
• D. C:WindowsSystem32restore

Answer: B

Explanation:
Reference: http://en.wikipedia.org/wiki/Hosts_(file) (location in the file system, see the table)

NEW QUESTION 19
You are conducting a penetration test against a company and you would like to know a personal email address of John, a crucial employee. What is the fastest, cheapest way to find out John’s email address.

• A. Call his wife and ask for his personal email account
• B. Call a receptionist and ask for John Stevens’ personal email account
• C. Search in Google for his personal email ID
• D. Send an email to John stating that you cannot send him an important spreadsheet attachment file to his business email account and ask him if he has any other email accounts

Answer: D

NEW QUESTION 20
Application security assessment is one of the activity that a pen tester performs in the attack phase. It is designed to identify and assess threats to the organization through bespoke, proprietary applications or systems. It checks the application so that a malicious user cannot access, modify, or destroy data or services within the system.

Identify the type of application security assessment which analyzes the application-based code to confirm that it does not contain any sensitive information that an attacker might use to exploit an application.

• A. Web Penetration Testing
• B. Functionality Testing
• C. Authorization Testing
• D. Source Code Review

Answer: D

NEW QUESTION 21
What is the maximum value of a “tinyint” field in most database systems?

• A. 222
• B. 224 or more
• C. 240 or less
• D. 225 or more

Answer: D

Explanation:
Reference: http://books.google.com.pk/books?id=JUcIAAAAQBAJ&pg=SA3-PA3&lpg=SA3-PA3&dq=maximum+value+of+a+%E2%80%9Ctinyint%E2%80%9D+field+in+most+database+systems&source=bl&ots=NscGk-- R5r&sig=1hMOYByxt7ebRJ4UEjbpxMijTQs&hl=en&sa=X&ei=pvgeVJnTCNDkaI_fgugO&ved=0CDYQ6AEwAw#v=onepage&q=maximum%20value%20of%20a%20%E2%80%9Ctinyint%E2%80%9D%20field%20in%20most%20database%20systems&f=false

NEW QUESTION 22
Which one of the following is a useful formatting token that takes an int * as an argument, and writes the number of bytes already written, to that location?

• A. “%n”
• B. “%s”
• C. “%p”
• D. “%w”

Answer: A

NEW QUESTION 23
Identify the policy that defines the standards for the organizational network connectivity and security standards for computers that are connected in the organizational network.

• A. Information-Protection Policy
• B. Special-Access Policy
• C. Remote-Access Policy
• D. Acceptable-Use Policy

Answer: C

NEW QUESTION 24
Which of the following defines the details of services to be provided for the client’s organization and the list of services required for performing the test in the organization?

• A. Draft
• B. Report
• C. Requirement list
• D. Quotation

Answer: D

NEW QUESTION 25
James is testing the ability of his routers to withstand DoS attacks. James sends ICMP ECHO requests to the broadcast address of his network. What type of DoS attack is James
testing against his network?

• A. Smurf
• B. Trinoo
• C. Fraggle
• D. SYN flood

Answer: A

NEW QUESTION 26
What is a difference between host-based intrusion detection systems (HIDS) and network- based intrusion detection systems (NIDS)?

• A. NIDS are usually a more expensive solution to implement compared to HIDS.
• B. Attempts to install Trojans or backdoors cannot be monitored by a HIDS whereas NIDS can monitor and stop such intrusion events.
• C. NIDS are standalone hardware appliances that include network intrusion detection capabilities whereas HIDS consist of software agents installed on individual computers within the system.
• D. HIDS requires less administration and training compared to NIDS.

Answer: C

NEW QUESTION 27
......