123ArticleOnline Logo
Welcome to 123ArticleOnline.com!

ALL >> Education >> View Article

412-79v9 Exam

By Author: Jimmy Jacobson
Total Articles: 19

Question: 1

What are the 6 core concepts in IT security?

A. Server management, website domains, firewalls, IDS, IPS, and auditing
B. Authentication, authorization, confidentiality, integrity, availability, and non-repudiation
C. Passwords, logins, access controls, restricted domains, configurations, and tunnels
D. Biometrics, cloud security, social engineering, DoS attack, viruses, and Trojans

Answer: B

Question: 2

In Linux, /etc/shadow file stores the real password in encrypted format for user’s account with added properties associated with the user’s password.

In the example of a /etc/shadow file below, what does the bold letter string indicate?
Vivek: $1$fnffc$GteyHdicpGOfffXX40w#5:13064:0:99999:7

A. Number of days the user is warned before the expiration date
B. Minimum number of days required between password changes
C. Maximum number of days the password is valid
D. Last password changed

Answer: B

Explanation:
Reference:
http://www.cyberciti.biz/faq/understanding-etcshadow-file/ (bullet # 4)

Question: 3

What is a difference between host-based intrusion detection systems (HIDS) and network-based intrusion detection systems (NIDS)?


A. NIDS are usually a more expensive solution to implement compared to HIDS.
B. Attempts to install Trojans or backdoors cannot be monitored by a HIDS whereas NIDS can monitor and stop such intrusion events.
C. NIDS are standalone hardware appliances that include network intrusion detection capabilities whereas HIDS consist of software agents installed on individual computers within the system.
D. HIDS requires less administration and training compared to NIDS.

Answer: C

Question: 4

Which vulnerability assessment phase describes the scope of the assessment, identifies and ranks the critical assets, and creates proper information protection procedures such as effective planning, scheduling, coordination, and logistics?

A. Threat-Assessment Phase
B. Pre-Assessment Phase
C. Assessment Phase
D. Post-Assessment Phase

Answer: B

Question: 5

Which of the following is not the SQL injection attack character?

A. $
B. PRINT
C. #
D. @@variable

Answer: A

Question: 6

Which of the following is the objective of Gramm-Leach-Bliley Act?

A. To ease the transfer of financial information between institutions and banks
B. To protect the confidentiality, integrity, and availability of data
C. To set a new or enhanced standards for all U.S. public company boards, management and public accounting firms
D. To certify the accuracy of the reported financial statement

Answer: A

Explanation:
Reference:
http://www.itap.purdue.edu/security/policies/glb_safeguards_rule_training_general.pdf

Question: 7

Which of the following contents of a pen testing project plan addresses the strengths, weaknesses, opportunities, and threats involved in the project?

A. Project Goal
B. Success Factors
C. Objectives
D. Assumptions

Answer: D

Question: 8

In a TCP packet filtering firewall, traffic is filtered based on specified session rules, such as when a session is initiated by a recognized computer.

Identify the level up to which the unknown traffic is allowed into the network stack.

A. Level 5 – Application
B. Level 2 – Data Link
C. Level 4 – TCP
D. Level 3 – Internet Protocol (IP)

Answer: D

Explanation:
Reference:
http://books.google.com.pk/books?id=KPjLAyA7HgoC&pg=PA208&lpg=PA208&dq=TCP+packet+filtering+firewall+level+up+to+which+the+unknown+traffic+is+allowed+into+the+network+stack&source=bl&ots=zRrbchVYng&sig=q5G3T8lggTfAMNRkL7Kp0SRslHU&hl=en&sa=X&ei=5PUeVLSbC8TmaMzrgZgC&ved=0CBsQ6AEwAA#v=onepage&q=TCP%20packet%20filtering%20firewall%20level%20up%20to%20which%20the%20unknown%20traffic%20is%20allowed%20into%20the%20network%20stack&f=false

Question: 9

Phishing is typically carried out by email spoofing or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

What characteristics do phishing messages often have that may make them identifiable?

A. Invalid email signatures or contact information
B. Suspiciously good grammar and capitalization
C. They trigger warning pop-ups
D. Suspicious attachments

Answer: C

Question: 10

Which of the following are the default ports used by NetBIOS service?

A. 135, 136, 139, 445
B. 134, 135, 136, 137
C. 137, 138, 139, 140
D. 133, 134, 139, 142

Answer: A


Question: 11

What is the maximum value of a “tinyint” field in most database systems?

A. 222
B. 224 or more
C. 240 or less
D. 225 or more

Answer: D

Explanation:
Reference:
http://books.google.com.pk/books?id=JUcIAAAAQBAJ&pg=SA3-PA3&lpg=SA3-PA3&dq=maximum+value+of+a+%E2%80%9Ctinyint%E2%80%9D+field+in+most+database+systems&source=bl&ots=NscGk--R5r&sig=1hMOYByxt7ebRJ4UEjbpxMijTQs&hl=en&sa=X&ei=pvgeVJnTCNDkaI_fgugO&ved=0CDYQ6AEwAw#v=onepage&q=maximum%20value%20of%20a%20%E2%80%9Ctinyint%E2%80%9D%20field%20in%20most%20database%20systems&f=false

Question: 12

Which of the following policies states that the relevant application owner must authorize requests for additional access to specific business applications in writing to the IT Department/resource?

A. Special-Access Policy
B. User Identification and Password Policy
C. Personal Computer Acceptable Use Policy
D. User-Account Policy

Answer: B

Question: 13

Identify the person who will lead the penetration-testing project and be the client point of contact.

A. Database Penetration Tester
B. Policy Penetration Tester
C. Chief Penetration Tester
D. Application Penetration Tester

Answer: C

Explanation:
Reference:
http://www.scribd.com/doc/133635286/LPTv4-Module-15-Pre-Penetration-Testing-Checklist-NoRestriction (page 15)

Question: 14

A man enters a PIN number at an ATM machine, being unaware that the person next to him was watching. Which of the following social engineering techniques refers to this type of information theft?

A. Shoulder surfing
B. Phishing
C. Insider Accomplice
D. Vishing

Answer: A

Question: 15

The Internet is a giant database where people store some of their most private information on the cloud, trusting that the service provider can keep it all safe. Trojans, Viruses, DoS attacks, website defacement, lost computers, accidental publishing, and more have all been sources of major leaks over the last 15 years.

What is the biggest source of data leaks in organizations today?

A. Weak passwords and lack of identity management
B. Insufficient IT security budget
C. Rogue employees and insider attacks
D. Vulnerabilities, risks, and threats facing Web sites

Answer: C

Question: 16

Why is a legal agreement important to have before launching a penetration test?


A. Guarantees your consultant fees
B. Allows you to perform a penetration test without the knowledge and consent of the organization's upper management
C. It establishes the legality of the penetration test by documenting the scope of the project and the consent of the company.
D. It is important to ensure that the target organization has implemented mandatory security policies

Answer: C

Total Views: 211Word Count: 943See All articles From Author

Education Articles

1. How Belief In The Day Of Judgement Is Critical For Real Success
Author: Ali Merali

2. Know The Difference Between Vfx And Animation
Author: Ritwik Kapoor

3. The Growing Popularity Of Vfx Course
Author: Ritwik Kapoor

4. Graphic Design Course – All You Need To Know
Author: Ritwik Kapoor

5. Want To Be A Graphic Designer – Consider These Tips!
Author: Ritwik Kapoor

6. Top 5 Career Options For Design Thinking Students
Author: Ritwik Kapoor

7. 4 Tips To Choose The Right Interior Design Course
Author: Ritwik Kapoor

8. Career Prospects After Interior Design Course
Author: Ritwik Kapoor

9. Why You Heed To Hold A Diploma In Fashion Designing
Author: Ritwik Kapoor

10. 6 Important Facts You Need To Know For Being A Fashion Designer
Author: Ritwik Kapoor

11. Importance Of Industrial Design Courses
Author: Ritwik Kapoor

12. Product Design Course – Here Is What You Need To Know
Author: Ritwik Kapoor

13. Top 7 Design Schools In India
Author: Ritwik Kapoor

14. Why Is It Beneficial To Send Kids At Early Learning Western Sydney
Author: Colleen Grenville

15. Best Scholarships For Classes 8th To 10th
Author: Modi Foundation

Login To Account
Login Email:
Password:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: