最新的EC-COUNCIL EC-Council Certified Security Analyst (ECSA) - 412-79v8免費考試真題
問題1
DMZ is a network designed to give the public access to the specific internal resources and you might want to do the same thing for guests visiting organizations without compromising the integrity of the internal resources. In general, attacks on the wireless networks fall into four basic categories. Identify the attacks that fall under Passive attacks category.(Select all that apply)
正確答案: D
問題2
Passwords protect computer resources and files from unauthorized access by malicious users. Using passwords is the most capable and effective way to protect information and to increase the security level of a company.
Password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system to gain unauthorized access to a system.
Which of the following password cracking attacks tries every combination of characters until the password is broken?
Password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system to gain unauthorized access to a system.
Which of the following password cracking attacks tries every combination of characters until the password is broken?
正確答案: A
說明:(僅 VCESoft 成員可見)
問題3
A penetration tester performs OS fingerprinting on the target server to identify the operating system used on the target server with the help of ICMP packets.
While performing ICMP scanning using Nmap tool, message received/type displays "3 - Destination Unreachable[5]" and code 3.
Which of the following is an appropriate description of this response?
While performing ICMP scanning using Nmap tool, message received/type displays "3 - Destination Unreachable[5]" and code 3.
Which of the following is an appropriate description of this response?
正確答案: A
問題4
Vulnerability assessment is an examination of the ability of a system or application, including the current security procedures and controls, to withstand assault.
What does a vulnerability assessment identify?
What does a vulnerability assessment identify?
正確答案: C
問題5
Variables are used to define parameters for detection, specifically those of your local network and/or specific servers or ports for inclusion or exclusion in rules. These are simple substitution variables set with the var keyword. Which one of the following operator is used to define metavariables?
正確答案: D
問題6
Windows stores user passwords in the Security Accounts Manager database (SAM), or in the Active Directory database in domains. Passwords are never stored in clear text; passwords are hashed and the results are stored in the SAM.
NTLM and LM authentication protocols are used to securely store a user's password in the SAM database using different hashing methods.
The SAM file in Windows Server 2008 is located in which of the following locations?
NTLM and LM authentication protocols are used to securely store a user's password in the SAM database using different hashing methods.
The SAM file in Windows Server 2008 is located in which of the following locations?
正確答案: C
問題7
Which of the following password cracking techniques is used when the attacker has some information about the password?
正確答案: C
說明:(僅 VCESoft 成員可見)
問題8
Which one of the following components of standard Solaris Syslog is a UNIX command that is used to add single-line entries to the system log?
正確答案: C
問題9
Which of the following documents helps in creating a confidential relationship between the pen tester and client to protect critical and confidential information or trade secrets?
正確答案: D
問題10
The first phase of the penetration testing plan is to develop the scope of the project in consultation with the client. Pen testing test components depend on the client's operating environment, threat perception, security and compliance requirements, ROE, and budget. Various components need to be considered for testing while developing the scope of the project.
Which of the following is NOT a pen testing component to be tested?
Which of the following is NOT a pen testing component to be tested?
正確答案: B
問題11
Which of the following is NOT generally included in a quote for penetration testing services?
正確答案: D
