最新的EC-COUNCIL EC-Council Certified Security Analyst (ECSA) - 412-79免費考試真題

問題1
Which one of the following log analysis tools is used for analyzing the server's log files?

正確答案: A
問題2
Which of the following policy forbids everything with strict restrictions on all usage of the company systems and network?

正確答案: C
問題3
Which of the following scan option is able to identify the SSL services?

正確答案: C
問題4
Before performing the penetration testing, there will be a pre-contract discussion with different pen-testers (the team of penetration testers) to gather a quotation to perform pen testing.

Which of the following factors is NOT considered while preparing a price quote to perform pen testing?

正確答案: C
問題5
The objective of social engineering pen testing is to test the strength of human factors in a security chain within the organization. It is often used to raise the level of security awareness among employees.

The tester should demonstrate extreme care and professionalism during a social engineering pen test as it might involve legal issues such as violation of privacy and may result in an embarrassing situation for the organization.
Which of the following methods of attempting social engineering is associated with bribing, handing out gifts, and becoming involved in a personal relationship to befriend someone inside the company?

正確答案: C
問題6
Wireless communication allows networks to extend to places that might otherwise go untouched by the wired networks.
When most people say 'Wireless' these days, they are referring to one of the 802.11 standards.
There are three main 802.11 standards: B, A, and G.
Which one of the following 802.11 types uses DSSS Modulation, splitting the 2.4ghz band into channels?

正確答案: B
問題7
What information can be collected by dumpster diving?

正確答案: C
問題8
The IP protocol was designed for use on a wide variety of transmission links. Although the maximum length of an IP datagram is 64K, most transmission links enforce a smaller maximum packet length limit, called a MTU.
The value of the MTU depends on the type of the transmission link. The design of IP accommodates MTU differences by allowing routers to fragment IP datagrams as necessary. The receiving station is responsible for reassembling the fragments back into the original full size IP datagram.
IP fragmentation involves breaking a datagram into a number of pieces that can be reassembled later. The IP source, destination, identification, total length, and fragment offset fields in the IP header, are used for IP fragmentation and reassembly.

The fragment offset is 13 bits and indicates where a fragment belongs in the original IP datagram. This value is a:

正確答案: B
問題9
The Internet is a giant database where people store some of their most private information on the cloud, trusting that the service provider can keep it all safe. Trojans, Viruses, DoS attacks, website defacement, lost computers, accidental publishing, and more have all been sources of major leaks over the last 15 years.

What is the biggest source of data leaks in organizations today?

正確答案: A
問題10
Vulnerability assessment is an examination of the ability of a system or application, including the current security procedures and controls, to withstand assault.

What does a vulnerability assessment identify?

正確答案: D
問題11
An external intrusion test and analysis identify security weaknesses and strengths of the client's systems and networks as they appear from outside the client's security perimeter, usually from the Internet. The goal of an external intrusion test and analysis is to demonstrate the existence of known vulnerabilities that could be exploited by an external attacker.

During external penetration testing, which of the following scanning techniques allow you to determine a port's state without making a full connection to the host?

正確答案: B
問題12
John, a penetration tester, was asked for a document that defines the project, specifies goals, objectives, deadlines, the resources required, and the approach of the project. Which of the following includes all of these requirements?

正確答案: B
說明:(僅 PDFExamDumps 成員可見)
問題13
Which of the following approaches to vulnerability assessment relies on the administrator providing baseline of system configuration and then scanning continuously without incorporating any information found at the time of scanning?

正確答案: C
問題14
Which of the following pen testing reports provides detailed information about all the tasks performed during penetration testing?

正確答案: D
說明:(僅 PDFExamDumps 成員可見)

專業認證

PDFExamDumps模擬測試題具有最高的專業技術含量,只供具有相關專業知識的專家和學者學習和研究之用。

品質保證

該測試已取得試題持有者和第三方的授權,我們深信IT業的專業人員和經理人有能力保證被授權産品的質量。

輕松通過

如果妳使用PDFExamDumps題庫,您參加考試我們保證96%以上的通過率,壹次不過,退還購買費用!

免費試用

PDFExamDumps提供每種産品免費測試。在您決定購買之前,請試用DEMO,檢測可能存在的問題及試題質量和適用性。