Online Access Free 412-79v10 Practice Test

Black-box testing is a method of software testing that examines the functionality of an application (e.g. what the software does) without peering into its internal structures or workings. Black-box testing is used to detect issues in SQL statements and to detect SQL injection vulnerabilities.

Most commonly, SQL injection vulnerabilities are a result of coding vulnerabilities during the Implementation/Development phase and will likely require code changes. Pen testers need to perform this testing during the development phase to find and fix the SQL injection vulnerability.
What can a pen tester do to detect input sanitization issues?

• A.Send single quotes as the input data to catch instances where the user input is not sanitized
• B.Send double quotes as the input data to catch instances where the user input is not sanitized
• C.Send long strings of junk data, just as you would send strings to detect buffer overruns
• D.Use a right square bracket (the "]" character) as the input data to catch instances where the user input is used as part of a SQL identifier without any input sanitization

Meyer Electronics Systems just recently had a number of laptops stolen out of their office. On these laptops contained sensitive corporate information regarding patents and company strategies.
A month after the laptops were stolen, a competing company was found to have just developed products that almost exactly duplicated products that Meyer produces.
What could have prevented this information from being stolen from the laptops?

• A.IPS Encryption
• B.DFS Encryption
• C.EFS Encryption
• D.SDW Encryption

Timing is an element of port-scanning that can catch one unaware. If scans are taking too long to complete or obvious ports are missing from the scan, various time parameters may need to be adjusted.
Which one of the following scanned timing options in NMAP's scan is useful across slow WAN links or to hide the scan?

• A.Paranoid
• B.Polite
• C.Normal
• D.Sneaky

Windows stores user passwords in the Security Accounts Manager database (SAM), or in the Active Directory database in domains. Passwords are never stored in clear text; passwords are hashed and the results are stored in the SAM.
NTLM and LM authentication protocols are used to securely store a user's password in the SAM database using different hashing methods.

The SAM file in Windows Server 2008 is located in which of the following locations?

• A.c:\windows\system32\Boot\SAM
• B.c:\windows\system32\drivers\SAM
• C.c:\windows\system32\config\SAM
• D.c:\windows\system32\Setup\SAM

Firewall is an IP packet filter that enforces the filtering and security policies to the flowing network traffic.
Using firewalls in IPv6 is still the best way of protection from low level attacks at the network and transport layers.
Which one of the following cannot handle routing protocols properly?

• A."Internet-router-firewall-net architecture"
• B."Internet-firewall/router(edge device)-net architecture"
• C."Internet-firewall -net architecture"
• D."Internet-firewall-router-net architecture"