412-79V10

Besides the policy implications of chat rooms, Internet Relay Chat (IRC) is frequented by attackers and used as a command and control mechanism. IRC normally uses which one of the following TCP ports?A . 6566 TCP portB . 6771 TCP portC . 6667 TCP portD . 6257 TCP portView AnswerAnswer:...

ARP spoofing is a technique whereby an attacker sends fake ("spoofed") Address Resolution Protocol (ARP) messages onto a Local Area Network. Generally, the aim is to associate the attacker's MAC address with the IP address of another host (such as the default gateway), causing any traffic meant for that IP...

By default, the TFTP server listens on UDP port 69. Which of the following utility reports the port status of target TCP and UDP ports on a local or a remote computer and is used to troubleshoot TCP/IP connectivity issues?A . PortQryB . NetstatC . TelnetD . TracertView AnswerAnswer: A

In the process of hacking a web application, attackers manipulate the HTTP requests to subvert the application authorization schemes by modifying input fields that relate to the user ID, username, access group, cost, file names, file identifiers, etc. They first access the web application using a low privileged account and...

When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?A . Passive IDSB . Active IDSC . Progressive IDSD . NIPSView AnswerAnswer: B

What are the 6 core concepts in IT security? A . Server management, website domains, firewalls, IDS, IPS, and auditingB . Authentication, authorization, confidentiality, integrity, availability, and non-repudiationC . Passwords, logins, access controls, restricted domains, configurations, and tunnelsD . Biometrics, cloud security, social engineering, DoS attack, viruses, and TrojansView AnswerAnswer:...

Which of the following is NOT related to the Internal Security Assessment penetration testing strategy?A . Testing to provide a more complete view of site securityB . Testing focused on the servers, infrastructure, and the underlying software, including the targetC . Testing including tiers and DMZs within the environment, the...

You are assisting a Department of Defense contract company to become compliant with the stringent security policies set by the DoD. One such strict rule is that firewalls must only allow incoming connections that were first initiated by internal computers. What type of firewall must you implement to abide by this policy?A...

After passing her CEH exam, Carol wants to ensure that her network is completely secure. She implements a DMZ, statefull firewall, NAT, IPSEC, and a packet filtering firewall. Since all security measures were taken, none of the hosts on her network can reach the Internet. Why is that?A . IPSEC does not...

Which one of the following log analysis tools is a Cisco Router Log Format log analyzer and it parses logs, imports them into a SQL database (or its own built-in database), aggregates them, and generates the dynamically filtered reports, all through a web interface?A . Event Log TrackerB . SawmillC...