最新的EC-COUNCIL 412-79v10免費考試真題

問題1

A Demilitarized Zone (DMZ) is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network. Usage of a protocol within a DMZ environment is highly variable based on the specific needs of an organization.
Privilege escalation, system is compromised when the code runs under root credentials, and DoS attacks are the basic weakness of which one of the following Protocol?

A. Secure Shell (SSH)

B. Lightweight Directory Access Protocol (LDAP)

C. Telnet

D. Simple Network Management Protocol (SNMP)

正確答案: A

問題2

What will the following URL produce in an unpatched IIS Web Server?

A. Insert a Trojan horse into the C: drive of the web server

B. Execute a buffer flow in the C: drive of the web server

C. Directory listing of the C:\windows\system32 folder on the web server

D. Directory listing of C: drive on the web server

正確答案: D

問題3

Metasploit framework in an open source platform for vulnerability research, development, and penetration testing. Which one of the following metasploit options is used to exploit multiple systems at once?

A. NinjaDontKill

B. EnablePython

C. NinjaHost

D. RandomNops

正確答案: A

問題4

When setting up a wireless network with multiple access points, why is it important to set each access point on a different channel?

A. So that the access points will work on different frequencies

B. Avoid cross talk

C. Avoid over-saturation of wireless signals

D. Multiple access points can be set up on the same channel without any issues

正確答案: B

問題5

What is the maximum value of a "tinyint" field in most database systems?

A. 222

B. 240 or less

C. 224 or more

D. 225 or more

正確答案: D

問題6

Transmission control protocol accepts data from a data stream, divides it into chunks, and adds a TCP header creating a TCP segment. The TCP header is the first 24 bytes of a TCP segment that contains the parameters and state of an end-to-end TCP socket. It is used to track the state of communication between two TCP endpoints.
For a connection to be established or initialized, the two hosts must synchronize. The synchronization requires each side to send its own initial sequence number and to receive a confirmation of exchange in an acknowledgment (ACK) from the other side The below diagram shows the TCP Header format:

A. 24 bits

B. 16 bits

C. 32 bits

D. 8 bits

正確答案: C

問題7

Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM file on a computer. Where should Harold navigate on the computer to find the file?

A. %systemroot%\system32\LSA

B. %systemroot%\repair

C. %systemroot%\system32\drivers\etc

D. %systemroot%\LSA

正確答案: B

問題8

Which of the following are the default ports used by NetBIOS service?

A. 134, 135, 136, 137

B. 133, 134, 139, 142

C. 137, 138, 139, 140

D. 135, 136, 139, 445

正確答案: D

問題9

Frank is working on a vulnerability assessment for a company on the West coast. The company hired Frank to assess its network security through scanning, pen tests, and vulnerability assessments. After discovering numerous known vulnerabilities detected by a temporary IDS he set up, he notices a number of items that show up as unknown but questionable in the logs.
He looks up the behavior on the Internet, but cannot find anything related. What organization should Frank submit the log to find out if it is a new vulnerability or not?

A. RIPE

B. APIPA

C. CVE

D. IANA

正確答案: C

問題10

You work as a penetration tester for Hammond Security Consultants. You are currently working on a contract for the state government of California. Your next step is to initiate a DoS attack on their network.
Why would you want to initiate a DoS attack on a system you are testing?

A. Use attack as a launching point to penetrate deeper into the network

B. List weak points on their network

C. Demonstrate that no system can be protected against DoS attacks

D. Show outdated equipment so it can be replaced

正確答案: B

問題11

You work as an IT security auditor hired by a law firm in Boston. You have been assigned the responsibility to audit the client for security risks. When assessing the risk to the clients network, what step should you take first?

A. Checking for a written security policy

B. Evaluating the existing perimeter and internal security

C. Analyzing, categorizing and prioritizing resources

D. Analyzing the use of existing management and control architecture

正確答案: A

問題12

Which of the following will not handle routing protocols properly?

A. "Internet-firewall -net architecture"

B. "Internet-router-firewall-net architecture"

C. "Internet-firewall/router(edge device)-net architecture"

D. "Internet-firewall-router-net architecture"

正確答案: D

問題13

The objective of social engineering pen testing is to test the strength of human factors in a security chain within the organization. It is often used to raise the level of security awareness among employees.

The tester should demonstrate extreme care and professionalism during a social engineering pen test as it might involve legal issues such as violation of privacy and may result in an embarrassing situation for the organization.
Which of the following methods of attempting social engineering is associated with bribing, handing out gifts, and becoming involved in a personal relationship to befriend someone inside the company?

A. Accomplice social engineering technique

B. Identity theft

C. Dumpster diving

D. Phishing social engineering technique

正確答案: A

最新的EC-COUNCIL EC-Council Certified Security Analyst (ECSA) V10 - 412-79v10免費考試真題

聯系我們

站內鏈接

最新更新