412-79V8 Online Practice Questions and Answers

Which of the following appendices gives detailed lists of all the technical terms used in the report?

A. Required Work Efforts

B. References

C. Research

D. Glossary

A wireless intrusion detection system (WIDS) monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools. The system monitors the radio spectrum used by wireless LANs, and immediately alerts a systems administrator whenever a rogue access point is detected. Conventionally it is achieved by comparing the MAC address of the participating wireless devices.

Which of the following attacks can be detected with the help of wireless intrusion detection system (WIDS)?

A. Social engineering

B. SQL injection

C. Parameter tampering

D. Man-in-the-middle attack

Which of the following is NOT related to the Internal Security Assessment penetration testing strategy?

A. Testing to provide a more complete view of site security

B. Testing focused on the servers, infrastructure, and the underlying software, including the target

C. Testing including tiers and DMZs within the environment, the corporate network, or partner company connections

D. Testing performed from a number of network access points representing each logical and physical segment

External penetration testing is a traditional approach to penetration testing and is more focused on the servers, infrastructure and the underlying software comprising the target. It involves a comprehensive analysis of publicly available information about the target, such as Web servers, Mail servers, Firewalls, and Routers.

Which of the following types of penetration testing is performed with no prior knowledge of the site?

A. Blue box testing

B. White box testing C. Grey box testing

D. Black box testing

Identify the person who will lead the penetration-testing project and be the client point of contact.

A. Database Penetration Tester

B. Policy Penetration Tester

C. Chief Penetration Tester

D. Application Penetration Tester

In the process of hacking a web application, attackers manipulate the HTTP requests to subvert the application authorization schemes by modifying input fields that relate to the user ID, username, access group, cost, file names, file identifiers, etc. They first access the web application using a low privileged account and then escalate privileges to access protected resources. What attack has been carried out?

A. XPath Injection Attack

B. Authorization Attack

C. Authentication Attack

D. Frame Injection Attack

The term social engineering is used to describe the various tricks used to fool people (employees, business partners, or customers) into voluntarily giving away information that would not normally be known to the general public.

What is the criminal practice of social engineering where an attacker uses the telephone system in an attempt to scam the user into surrendering private information?

A. Phishing

B. Spoofing

C. Tapping

D. Vishing

Port numbers are used to keep track of different conversations crossing the network at the same time. Both TCP and UDP use port (socket) numbers to pass information to the upper layers. Port numbers have the assigned ranges. The port numbers above 1024 are considered as which one of the following? (Select all that apply)

A. Well-known port numbers

B. Dynamically assigned port numbers

C. Unregistered port numbers

D. Statically assigned port numbers

Firewall is an IP packet filter that enforces the filtering and security policies to the flowing network traffic. Using firewalls in IPv6 is still the best way of protection from low level attacks at the network and transport layers. Which one of the following cannot handle routing protocols properly?

A. "Internet-router-firewall-net architecture"

B. "Internet-firewall-router-net architecture"

C. "Internet-firewall/router(edge device)-net architecture"

D. "Internet-firewall -net architecture"

Which one of the following architectures has the drawback of internally considering the hosted services individually?

A. Weak Screened Subnet Architecture

B. "Inside Versus Outside" Architecture

C. "Three-Homed Firewall" DMZ Architecture

D. Strong Screened-Subnet Architecture