412-79 Dumps

412-79 Braindumps

412-79 Real Questions

412-79 Practice Test

412-79 Actual Questions


killexams.com EC-Council 412-79


EC-Council Certified Security Analyst (ECSA V9)


https://killexams.com/pass4sure/exam-detail/412-79

QUESTION: 187

Which of the following reports provides a summary of the complete pen testing process, its outcomes, and recommendations?


  1. Vulnerability Report

  2. Executive Report

  3. Client-side test Report

  4. Host Report Answer: B

QUESTION: 188

An automated electronic mail message from a mail system which indicates that the user does not exist on that server is called as?


  1. SMTP Queue Bouncing

  2. SMTP Message Bouncing

  3. SMTP Server Bouncing

  4. SMTP Mail Bouncing


Answer: D Reference:http://en.wikipedia.org/wiki/Bounce_message


QUESTION: 189

Which one of the following tools of trade is an automated, comprehensive penetration testing product for assessing the specific information security threats to an organization?


  1. Sunbelt Network Security Inspector (SNSI)

  2. CORE Impact

  3. Canvas

  4. Microsoft Baseline Security Analyzer (MBSA) Answer: C

QUESTION: 190

Output modules allow Snort to be much more flexible in the formatting and presentation of output to its users. Snort has 9 output plug-ins that push out data in different formats. Which one of the following output plug-ins allows alert data to be written in a format easily importable to a database?


  1. unified

  2. csv

  3. alert_unixsock

  4. alert_fast Answer: B

QUESTION: 191

Application security assessment is one of the activity that a pen tester performs in the attack phase. It is

designed to identify and assess threats to the organization through bespoke, proprietary applications or systems. It checks the application so that a malicious user cannot access, modify, or destroy data or services within the system.



Identify the type of application security assessment which analyzes the application-based code to confirm that it does not contain any sensitive information that an attacker might use to exploit an application.


  1. Web Penetration Testing

  2. Functionality Testing

  3. Authorization Testing

  4. Source Code Review Answer: D


QUESTION: 192

Which vulnerability assessment phase describes the scope of the assessment, identifies and ranks the critical assets, and creates proper information protection procedures such as effective planning, scheduling, coordination, and logistics?


  1. Threat-Assessment Phase

  2. Pre-Assessment Phase

  3. Assessment Phase

  4. Post-Assessment Phase Answer: B

QUESTION: 193

Which of the following defines the details of servicesto be provided for the client’s organization and the list of services required for performing the test in the organization?


  1. Draft

  2. Report

  3. Requirement list

  4. Quotation Answer: D

QUESTION: 194

Which of the following is not a condition specified by Hamel and Prahalad (1990)?


  1. Core competency should be aimed at protecting company interests

  2. Core competency is hard for competitors to imitate

  3. Core competency provides customer benefits

  4. Core competency can be leveraged widely to many products and markets


Answer: A

Reference:http://www.studymode.com/essays/Hamel-Prahalad-Core-Competency-1228370.html


QUESTION: 195

Transmission control protocol accepts data from a data stream, divides it into chunks, and adds a TCP header creating a TCP segment.

The TCP header is the first 24 bytes of a TCP segment that contains the parameters and state of an end-to-end TCP socket. It is used to track the state of communication between two TCP endpoints.

For a connection to be established or initialized, the two hosts must synchronize. The synchronization requires each side to send its own initial sequence number and to receive a confirmation of exchange in an acknowledgment (ACK) from the other side

The below diagram shows the TCP Header format:


How many bits is a acknowledgement number?


  1. 16 bits

  2. 32 bits

  3. 8 bits

  4. 24 bits


Answer: B Reference:http://en.wikipedia.org/wiki/Transmission_Control_Protocol(acknowledgement number)


QUESTION: 196

A pen tester has extracted a database name by using a blind SQL injection. Now he begins to test the tableinside the database using the below query and finds the table:

http://juggyboy.com/page.aspx?id=1; IF (LEN(SELECT TOP 1 NAME from sysobjects where xtype='U')=3) WAITFOR DELAY '00:00:10'--

http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),1,1)))=101) WAITFOR DELAY '00:00:10'--

http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),2,1)))=109) WAITFOR DELAY '00:00:10'--

http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),3,1)))=112) WAITFOR DELAY '00:00:10'—

What is the table name?


  1. CTS

  2. QRT

  3. EMP

  4. ABC


Answer: C