[Free] 2018(Jan) EnsurePass Dumpsleader ECCouncil 412-79v8 Dumps with VCE and PDF 71-80

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released 412-79v8
100% Free Download! 100% Pass Guaranteed!

EC-Council Certified Security Analyst (ECSA)

Question No: 71

Black-box testing is a method of software testing that examines the functionality of an application (e.g. what the software does) without peering into its internal structures or workings. Black-box testing is used to detect issues in SQL statements and to detect SQL injection vulnerabilities.

Ensurepass 2018 PDF and VCE

Most commonly, SQL injection vulnerabilities are a result of coding vulnerabilities during the Implementation/Development phaseand will likely require code changes.

Pen testers need to perform this testing during the development phase to find and fix the

SQL injection vulnerability.

What can a pen tester do to detect input sanitization issues?

  1. Send single quotes as the input data to catch instances where the user input is not sanitized

  2. Send double quotes as the input data to catch instances where the user input is not sanitized

  3. Send long strings of junk data, just as you would send strings to detect buffer overruns

  4. Use a right square bracket (the “]” character) as the input data to catch instances where the user input is used as part of a SQL identifier without any input sanitization

Answer: D

Question No: 72

Which one of the following Snort logger mode commands is associated to run a binary log file through Snort in sniffer mode to dump the packets to the screen?

  1. ./snort -dvr packet.log icmp

  2. ./snort -dev -l ./log

  3. ./snort -dv -r packet.log

  4. ./snort -l ./log -b

Answer: C

Question No: 73

Which of the following is developed to address security concerns on time and reduce the misuse or threat of attacks in an organization?

  1. Vulnerabilities checklists

  2. Configuration checklists

  3. Action Plan

  4. Testing Plan

Answer: A

Question No: 74

Which of the following protocols cannot be used to filter VoIP traffic?

  1. Media Gateway Control Protocol (MGCP)

  2. Real-time Transport Control Protocol (RTCP)

  3. Session Description Protocol (SDP)

  4. Real-TimePublish Subscribe (RTPS)

Answer: D

Question No: 75

From where can clues about the underlying application environment can be collected?

  1. From the extension of the file

  2. From executable file

  3. From file types and directories

  4. From source code

Answer: A Explanation:


Which of the following information gathering techniques collects information from an organization’s web-based calendar and email services?

  1. Anonymous Information Gathering

  2. Private Information Gathering

  3. Passive Information Gathering

  4. Active Information Gathering



Question No: 76

Hackers today have an ever-increasing list of weaknesses in the web application structure at their disposal, which they can exploit to accomplish a wide variety of malicious tasks.

Ensurepass 2018 PDF and VCE

New flaws in web application security measures are constantly being researched, both by hackers and by security professionals. Most of these flaws affectall dynamic web applications whilst others are dependent on specific application technologies. In both cases, one may observe how the evolution and refinement of web technologies also brings about new exploits which compromise sensitive databases, provideaccess to theoretically secure networks, and pose a threat to the daily operation of online businesses.

What is the biggest threat to Web 2.0 technologies?

  1. SQL Injection Attacks

  2. Service Level Configuration Attacks

  3. Inside Attacks

  4. URL Tampering Attacks

Answer: A

Question No: 77

Which of the following defines the details of servicesto be provided for the client’s organization and the list of services required for performing the test in the organization?

  1. Draft

  2. Report

  3. Requirement list

  4. Quotation

Answer: D

Question No: 78

Phishing is typically carried out by email spoofing or instant messaging and it often directs users to enter details at a fake websitewhose look and feel are almost identical to the legitimate one.

Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing numberof reported phishing incidents include legislation, user training, public awareness, and technical security measures.

Ensurepass 2018 PDF and VCE

What characteristics do phishing messages often have that may make them identifiable?

  1. Invalid email signatures or contact information

  2. Suspiciously good grammar and capitalization

  3. They trigger warning pop-ups

  4. Suspicious attachments

Answer: C

Question No: 79

Which one of the following log analysis tools is a Cisco Router Log Format log analyzer and it parses logs, imports them into a SQL database (or its own built-in database), aggregates them, and generates the dynamically filtered reports, all through a web interface?

  1. Event Log Tracker

  2. Sawmill

  3. Syslog Manager

  4. Event Log Explorer

Answer: B

Question No: 80

Which of the following password hashing algorithms is used in the NTLMv2 authentication mechanism?

  1. AES

  2. DES (ECB mode)

  3. MD5

  4. RC5

Answer: C

100% Ensurepass Free Download!
Download Free Demo:412-79v8 Demo PDF
100% Ensurepass Free Guaranteed!
412-79v8 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No