Exam Code : 3X0-204
Exam Name : Sendmail Mail Systems
Vendor Name :
"Sair"
412-79 Dumps
412-79 Braindumps
412-79 Real Questions
412-79 Practice Test
412-79 Actual Questions
killexams.com EC-Council 412-79
EC-Council Certified Security Analyst (ECSA V9)
https://killexams.com/pass4sure/exam-detail/412-79
Which of the following reports provides a summary of the complete pen testing process, its outcomes, and recommendations?
Vulnerability Report
Executive Report
Client-side test Report
Host Report
Answer: B
An automated electronic mail message from a mail system which indicates that the user does not exist on that server is called as?
SMTP Queue Bouncing
SMTP Message Bouncing
SMTP Server Bouncing
SMTP Mail Bouncing
Answer: D Reference:http://en.wikipedia.org/wiki/Bounce_message
Which one of the following tools of trade is an automated, comprehensive penetration testing product for assessing the specific information security threats to an organization?
Sunbelt Network Security Inspector (SNSI)
CORE Impact
Canvas
Microsoft Baseline Security Analyzer (MBSA)
Answer: C
Output modules allow Snort to be much more flexible in the formatting and presentation of output to its users. Snort has 9 output plug-ins that push out data in different formats. Which one of the following output plug-ins allows alert data to be written in a format easily importable to a database?
unified
csv
alert_unixsock
alert_fast
Answer: B
Application security assessment is one of the activity that a pen tester performs in the attack phase. It is
designed to identify and assess threats to the organization through bespoke, proprietary applications or systems. It checks the application so that a malicious user cannot access, modify, or destroy data or services within the system.
Identify the type of application security assessment which analyzes the application-based code to confirm that it does not contain any sensitive information that an attacker might use to exploit an application.
Web Penetration Testing
Functionality Testing
Authorization Testing
Source Code Review
Answer: D
Which vulnerability assessment phase describes the scope of the assessment, identifies and ranks the critical assets, and creates proper information protection procedures such as effective planning, scheduling, coordination, and logistics?
Threat-Assessment Phase
Pre-Assessment Phase
Assessment Phase
Post-Assessment Phase
Answer: B
Which of the following defines the details of servicesto be provided for the client’s organization and the list of services required for performing the test in the organization?
Draft
Report
Requirement list
Quotation
Answer: D
Which of the following is not a condition specified by Hamel and Prahalad (1990)?
Core competency should be aimed at protecting company interests
Core competency is hard for competitors to imitate
Core competency provides customer benefits
Core competency can be leveraged widely to many products and markets
Answer: A
Reference:http://www.studymode.com/essays/Hamel-Prahalad-Core-Competency-1228370.html
Transmission control protocol accepts data from a data stream, divides it into chunks, and adds a TCP header creating a TCP segment.
The TCP header is the first 24 bytes of a TCP segment that contains the parameters and state of an end-to-end TCP socket. It is used to track the state of communication between two TCP endpoints.
For a connection to be established or initialized, the two hosts must synchronize. The synchronization requires each side to send its own initial sequence number and to receive a confirmation of exchange in an acknowledgment (ACK) from the other side
The below diagram shows the TCP Header format:
How many bits is a acknowledgement number?
16 bits
32 bits
8 bits
24 bits
Answer: B Reference:http://en.wikipedia.org/wiki/Transmission_Control_Protocol(acknowledgement number)
A pen tester has extracted a database name by using a blind SQL injection. Now he begins to test the tableinside the database using the below query and finds the table:
http://juggyboy.com/page.aspx?id=1; IF (LEN(SELECT TOP 1 NAME from sysobjects where xtype='U')=3) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),1,1)))=101) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),2,1)))=109) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),3,1)))=112) WAITFOR DELAY '00:00:10'—
What is the table name?
CTS
QRT
EMP
ABC
Answer: C