EC-Council 412-79V10 시험

Question No : 1

Which one of the following acts makes reputational risk of poor security a reality because it requires public disclosure of any security breach that involves personal information if it is unencrypted or if it is reasonably believed that the information has been acquired by an unauthorized person?

• A.California SB 1386
• B.Sarbanes-Oxley 2002
• C.Gramm-Leach-Bliley Act (GLBA)
• D.USA Patriot Act 2001

답을 확인하기

정답:

Question No : 2

When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?

• A.Passive IDS
• B.Active IDS
• C.Progressive IDS
• D.NIPS

답을 확인하기

정답:

Question No : 3

Which of the following attributes has a LM and NTLMv1 value as 64bit + 64bit + 64bit and NTLMv2 value as 128 bits?

• A.Hash Key Length
• B.C/R Value Length
• C.C/R Key Length
• D.Hash Value Length

답을 확인하기

정답:

Question No : 4

You are the security analyst working for a private company out of France. Your current assignment is to obtain credit card information from a Swiss bank owned by that company. After initial reconnaissance, you discover that the bank security defenses are very strong and would take too long to penetrate. You decide to get the information by monitoring the traffic between the bank and one of its subsidiaries in London.
After monitoring some of the traffic, you see a lot of FTP packets traveling back and forth. You want to sniff the traffic and extract usernames and passwords.
What tool could you use to get this information?

• A.RaidSniff
• B.Snort
• C.Ettercap
• D.Airsnort

답을 확인하기

정답:

Question No : 5

Which of the following defines the details of services to be provided for the client’s organization and the list of services required for performing the test in the organization?

• A.Draft
• B.Report
• C.Requirement list
• D.Quotation

답을 확인하기

정답:

Question No : 6

What is the difference between penetration testing and vulnerability testing?

• A.Penetration testing goes one step further than vulnerability testing; while vulnerability tests check for known vulnerabilities, penetration testing adopts the concept of ‘in-depth ethical hacking’
• B.Penetration testing is based on purely online vulnerability analysis while vulnerability testing engages ethical hackers to find vulnerabilities
• C.Vulnerability testing is more expensive than penetration testing
• D.Penetration testing is conducted purely for meeting compliance standards while vulnerability testing is focused on online scans

답을 확인하기

정답:

Question No : 7

What are the scanning techniques that are used to bypass firewall rules and logging mechanisms and disguise themselves as usual network traffic?

• A.Connect Scanning Techniques
• B.SYN Scanning Techniques
• C.Stealth Scanning Techniques
• D.Port Scanning Techniques

답을 확인하기

정답:

Question No : 8

What are the 6 core concepts in IT security?

• A.Server management, website domains, firewalls, IDS, IPS, and auditing
• B.Authentication, authorization, confidentiality, integrity, availability, and non-repudiation
• C.Passwords, logins, access controls, restricted domains, configurations, and tunnels
• D.Biometrics, cloud security, social engineering, DoS attack, viruses, and Trojans

답을 확인하기

정답:

Question No : 9

After passing her CEH exam, Carol wants to ensure that her network is completely secure. She implements a DMZ, statefull firewall, NAT, IPSEC, and a packet filtering firewall. Since all security measures were taken, none of the hosts on her network can reach the Internet.
Why is that?

• A.IPSEC does not work with packet filtering firewalls
• B.NAT does not work with IPSEC
• C.NAT does not work with statefull firewalls
• D.Statefull firewalls do not work with packet filtering firewalls

답을 확인하기

정답:

Question No : 10

What is the maximum value of a “tinyint” field in most database systems?

• A.222
• B.224 or more
• C.240 or less
• D.225 or more

답을 확인하기

정답:

Question No : 11

The term social engineering is used to describe the various tricks used to fool people (employees, business partners, or customers) into voluntarily giving away information that would not normally be known to the general public.



What is the criminal practice of social engineering where an attacker uses the telephone system in an attempt to scam the user into surrendering private information?

• A.Phishing
• B.Spoofing
• C.Tapping
• D.Vishing

답을 확인하기

정답:

Question No : 12

TCP/IP provides a broad range of communication protocols for the various applications on the network. The TCP/IP model has four layers with major protocols included within each layer.
Which one of the following protocols is used to collect information from all the network devices?

• A.Simple Network Management Protocol (SNMP)
• B.Network File system (NFS)
• C.Internet Control Message Protocol (ICMP)
• D.Transmission Control Protocol (TCP)

답을 확인하기

정답:

Question No : 13

Which of the following will not handle routing protocols properly?

• A.“Internet-router-firewall-net architecture”
• B.“Internet-firewall-router-net architecture”
• C.“Internet-firewall -net architecture”
• D.“Internet-firewall/router(edge device)-net architecture”

답을 확인하기

정답:

Question No : 14

Which of the following password hashing algorithms is used in the NTLMv2 authentication mechanism?

• A.AES
• B.DES (ECB mode)
• C.MD5
• D.RC5

답을 확인하기

정답:

Question No : 15

ARP spoofing is a technique whereby an attacker sends fake ("spoofed") Address Resolution Protocol (ARP) messages onto a Local Area Network. Generally, the aim is to associate the attacker's MAC address with the IP address of another host (such as the default gateway), causing any traffic meant for that IP address to be sent to the attacker instead.
ARP spoofing attack is used as an opening for other attacks.



What type of attack would you launch after successfully deploying ARP spoofing?

• A.Parameter Filtering
• B.Social Engineering
• C.Input Validation
• D.Session Hijacking

답을 확인하기

정답: