لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Internet Control Message Protocol (ICMP) messages occur in many situations, such as whenever a datagram cannot reach the destination or the gateway does not have the buffering capacity to forward a datagram. Each ICMP message contains three fields: type, code, and checksum. Different types of Internet Control Message Protocols (ICMPs) are identified by a TYPE field. If the destination is not reachable, which one of the following are generated?
A. Type 3 ICMP codes
B. Type 8 ICMP codes
C. Type 7 ICMP codes
D. Type 12 ICMP codes
عرض الإجابة
اجابة صحيحة: A
السؤال #2
To locate the firewall, SYN packet is crafted using Hping or any other packet crafter and sent to the firewall. If ICMP unreachable type 13 message (which is an admin prohibited packet) with a source IP address of the access control device is received, then it means which of the following type of firewall is in place?
A. Stateful multilayer inspection firewall
B. Packet filter
C. Application level gateway
D. Circuit level gateway
عرض الإجابة
اجابة صحيحة: B
السؤال #3
What are the security risks of running a "repair" installation for Windows XP?
A. There are no security risks when running the "repair" installation for Windows XP
B. Pressing Ctrl+F10 gives the user administrative rights
C. Pressing Shift+F10 gives the user administrative rights
D. Pressing Shift+F1 gives the user administrative rights
عرض الإجابة
اجابة صحيحة: C
السؤال #4
Which of the following password cracking techniques is used when the attacker has some information about the password?
A. Hybrid Attack
B. Dictionary Attack
C. Syllable Attack
D. Rule-based Attack
عرض الإجابة
اجابة صحيحة: D
السؤال #5
A pen tester has extracted a database name by using a blind SQL injection. Now he begins to test the table inside the database using the below query and finds the table: http://juggyboy.com/page.aspx?id=1; IF (LEN(SELECT TOP 1 NAME from sysobjects where xtype='U')=3) WAITFOR DELAY '00:00:10'-- http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),1,1)))=101) WAITFOR DELAY '00:00:10'-- http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substri
A. CTS
B. QRT
C. EMP
D. ABC
عرض الإجابة
اجابة صحيحة: C
السؤال #6
Which of the following is NOT related to the Internal Security Assessment penetration testing strategy?
A. Testing to provide a more complete view of site security
B. Testing including tiers and DMZs within the environment, the corporate network, or partner company connections
C. Testing focused on the servers, infrastructure, and the underlying software, including the target
D. Testing performed from a number of network access points representing each logical and physical segment
عرض الإجابة
اجابة صحيحة: C
السؤال #7
John, the penetration tester in a pen test firm, was asked to find whether NTP services are opened on the target network (10.0.0.7) using Nmap tool. Which one of the following Nmap commands will he use to find it?
A. nmap -sU -p 389 10
B. nmap -sU -p 123 10
C. nmap -sU -p 135 10
D. nmap -sU -p 161 10
عرض الإجابة
اجابة صحيحة: B
السؤال #8
Which of the following attacks is an offline attack?
A. Pre-Computed Hashes
B. Hash Injection Attack
C. Password Guessing
D. Dumpster Diving
عرض الإجابة
اجابة صحيحة: A
السؤال #9
Why are Linux/Unix based computers better to use than Windows computers for idle scanning?
A. Windows computers are constantly talking
B. Linux/Unix computers are constantly talking
C. Linux/Unix computers are easier to compromise
D. Windows computers will not respond to idle scans
عرض الإجابة
اجابة صحيحة: A
السؤال #10
Simon is a former employee of Trinitron XML Inc. He feels he was wrongly terminated and wants to hack into his former company's network. Since Simon remembers some of the server names, he attempts to run the axfr and ixfr commands using DIG. What is Simon trying to accomplish here?
A. Enumerate all the users in the domain
B. Perform DNS poisoning
C. Send DOS commands to crash the DNS servers
D. Perform a zone transfer
عرض الإجابة
اجابة صحيحة: D
السؤال #11
A penetration test consists of three phases: pre-attack phase, attack phase, and post- attack phase. Active reconnaissance which includes activities such as network mapping, web profiling, and perimeter mapping is a part which phase(s)?
A. Post-attack phase
B. Pre-attack phase and attack phase
C. Attack phase
D. Pre-attack phase
عرض الإجابة
اجابة صحيحة: D
السؤال #12
Which of the following approaches to vulnerability assessment relies on the administrator providing baseline of system configuration and then scanning continuously without incorporating any information found at the time of scanning? [ECCouncil-412-79v8-10.3/ECCouncil-412-79v8-2_2.png]
A. Service-based Assessment Solutions
B. Product-based Assessment Solutions
C. Tree-based Assessment
D. Inference-based Assessment
عرض الإجابة
اجابة صحيحة: C
السؤال #13
Port numbers are used to keep track of different conversations crossing the network at the same time. Both TCP and UDP use port (socket) numbers to pass information to the upper layers. Port numbers have the assigned ranges. The port numbers above 1024 are considered as which one of the following? (Select all that apply)
A. Well-known port numbers
B. Dynamically assigned port numbers
C. Statically assigned port numbers
D. Unregistered port numbers
عرض الإجابة
اجابة صحيحة: B
السؤال #14
Internet Control Message Protocol (ICMP) messages occur in many situations, such as whenever a datagram cannot reach the destination or the gatewaydoes not have the buffering capacity to forward a datagram. Each ICMP message contains three fields: type, code, and checksum. Different types of Internet Control Message Protocols (ICMPs) are identified by a type and code field. [ECCouncil-412-79v8-10.3/ECCouncil-412-79v8-3_2.png] Which of the following ICMP messages will be generated if the destination port is
A. ICMP Type 11 code 1
B. ICMP Type 5 code 3
C. ICMP Type 3 code 2
D. ICMP Type 3 code 3
عرض الإجابة
اجابة صحيحة: D
السؤال #15
Attackers create secret accounts and gain illegal access to resources using backdoor while bypassing the authentication procedures. Creating a backdoor is a where an attacker obtains remote access to a computer on a network. [ECCouncil-412-79v8-10.3/ECCouncil-412-79v8-4_2.png] Which of the following techniques do attackers use to create backdoors to covertly gather critical information about a target machine?
A. Internal network mapping to map the internal network of the target machine
B. Port scanning to determine what ports are open or in use on the target machine
C. Sniffing to monitor all the incoming and outgoing network traffic
D. Social engineering and spear phishing attacks to install malicious programs on the target machine
عرض الإجابة
اجابة صحيحة: D
السؤال #16
Passwords protect computer resources and files from unauthorized access by malicious users. Using passwords is the most capable and effective way to protect information and to increase the security level of a company. Password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system to gain unauthorized access to a system. Which of the following password cracking attacks tries every combination of characters until the password is broken?
A. Brute-force attack
B. Rule-based attack
C. Hybrid attack
D. Dictionary attack
عرض الإجابة
اجابة صحيحة: A
السؤال #17
Your company's network just finished going through a SAS 70 audit. This audit reported that overall, your network is secure, but there are some areas that needs improvement. The major area was SNMP security. The audit company recommended turning off SNMP, but that is not an option since you have so many remote nodes to keep track of. What step could you take to help secure SNMP on your network?
A. Change the default community string names
B. Block all internal MAC address from using SNMP
C. Block access to UDP port 171
D. Block access to TCP port 171
عرض الإجابة
اجابة صحيحة: A
السؤال #18
The IP protocol was designed for use on a wide variety of transmission links. Although the maximum length of an IP datagram is 64K, most transmission links enforce a smaller maximum packet length limit, called a MTU. The value of the MTU depends on the type of the transmission link. The design of IP accommodates MTU differences by allowing routers to fragment IP datagrams as necessary. The receiving station is responsible for reassembling the fragments back into the original full size IP datagram. IP fragme
A. Multipleof four bytes
B. Multiple of two bytes
C. Multiple of eight bytes
D. Multiple of six bytes
عرض الإجابة
اجابة صحيحة: C
السؤال #19
Identify the type of testing that is carried out without giving any information to the employees or administrative head of the organization.
A. Double Blind Testing
B. Unannounced Testing
C. Announced Testing
D. Blind Testing
عرض الإجابة
اجابة صحيحة: A
السؤال #20
A man enters a PIN number at an ATM machine, being unaware that the person next to him was watching. Which of the following social engineering techniques refers to this type of information theft?
A. Shoulder surfing
B. Phishing
C. Insider Accomplice
D. Vishing
عرض الإجابة
اجابة صحيحة: A
السؤال #21
You are carrying out the last round of testing for your new website before it goes live. The website has many dynamic pages and connects to a SQL backend that accesses your product inventory in a database. You come across a web security site that recommends inputting the following code into a search field on web pages to check for vulnerabilities: When you type this and click on search, you receive a pop-up window that says: "This is a test." What is the result of t
A. Your website is vulnerable to web bugs
B. Your website is vulnerable to CSS
C. Your website is not vulnerable
D. Your website is vulnerable to SQL injection
عرض الإجابة
اجابة صحيحة: B
السؤال #22
Wireless communication allows networks to extend to places that might otherwise go untouched by the wired networks. When most people say 'Wireless' these days, they are referring to one of the 802.11 standards. There are three main 802.11 standards: B, A, and G. Which one of the following 802.11 types uses DSSS Modulation, splitting the 2.4ghz band into channels?
A. 802
B. 802
C. 802
D. 802
عرض الإجابة
اجابة صحيحة: C
السؤال #23
External penetration testing is a traditional approach to penetration testing and is more focused on the servers, infrastructure and the underlying software comprising the target. It involves a comprehensive analysis of publicly available information about the target, such as Web servers, Mail servers, Firewalls, and Routers. Which of the following types of penetration testing is performed with no prior knowledge of the site?
A. Blue box testing
B. White box testing
C. Grey box testing
D. Black box testing
عرض الإجابة
اجابة صحيحة: D
السؤال #24
What operating system would respond to the following command?
A. Mac OS X
B. Windows XP
C. Windows 95
D. FreeBSD
عرض الإجابة
اجابة صحيحة: D
السؤال #25
Which of the following is an ARP cache poisoning technique aimed at network switches?
A. Man-in-the Middle Attack
B. Replay Attack
C. DNS Poisoning
D. Mac Flooding
عرض الإجابة
اجابة صحيحة: D
السؤال #26
Which of the following are the default ports used by NetBIOS service?
A. 133, 134, 139, 142
B. 135, 136, 139, 445
C. 134, 135, 136, 137
D. 137, 138, 139, 140
عرض الإجابة
اجابة صحيحة: B
السؤال #27
Which type of vulnerability assessment tool provides security to the IT system by testing for vulnerabilities in the applications and operation system?
A. Location/Data Examined Tools
B. Active/Passive Tools
C. Scope Assessment Tools
D. Application-layer Vulnerability Assessment Tools
عرض الإجابة
اجابة صحيحة: C
السؤال #28
Which of the following policy forbids everything with strict restrictions on all usage of the company systems and network?
A. Paranoid Policy
B. Information-Protection Policy
C. Promiscuous Policy
D. Prudent Policy
عرض الإجابة
اجابة صحيحة: A
السؤال #29
Which of the following is an application alert returned by a web application that helps an attacker guess a valid username?
A. Invalid username or password
B. Account username was not found
C. Incorrect password
D. Username or password incorrect
عرض الإجابة
اجابة صحيحة: C
السؤال #30
At what layer of the OSI model do routers function on?
A. 3
B. 4
C. 5
D. 1
عرض الإجابة
اجابة صحيحة: A

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.