Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
MuleSoft
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 412-79

Free EC-Council 412-79 Exam Braindumps (page: 9)

94.4% Passing Rate DOWNLOAD PDF EXAM
204 Questions & Answers
Page 5 of 52

The Web parameter tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc.

Usually, this information is stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control. This attack takes advantage of the fact that many programmers rely on hidden or fixed fields (such as a hidden tag in a form or a parameter in a URL) as the only security measure for certain operations.
Attackers can easily modify these parameters to bypass the security mechanisms that rely on them.



What is the best way to protect web applications from parameter tampering attacks?

  1. Validating some parameters of the web application
  2. Minimizing the allowable length of parameters
  3. Using an easily guessable hashing algorithm
  4. Applying effective input field filtering parameters

Answer(s): D



Which one of the following scans starts, but does not complete the TCP handshake sequence for each port selected, and it works well for direct scanning and often works well through firewalls?

  1. SYN Scan
  2. Connect() scan
  3. XMAS Scan
  4. Null Scan

Answer(s): A



The first and foremost step for a penetration test is information gathering. The main objective of this test is to gather information about the target system which can be used in a malicious manner to gain access to the target systems.



Which of the following information gathering terminologies refers to gathering information through social engineering on-site visits, face-to-face interviews, and direct questionnaires?

  1. Active Information Gathering
  2. Pseudonymous Information Gathering
  3. Anonymous Information Gathering
  4. Open Source or Passive Information Gathering

Answer(s): A



You are running known exploits against your network to test for possible vulnerabilities. To test the strength of your virus software, you load a test network to mimic your production network. Your software successfully blocks some simple macro and encrypted viruses. You decide to really test the software by using virus code where the code rewrites itself entirely and the signatures change from child to child, but the functionality stays the same.
What type of virus is this that you are testing?

  1. Metamorphic
  2. Oligomorhic
  3. Polymorphic
  4. Transmorphic

Answer(s): A






Post your Comments and Discuss EC-Council 412-79 exam prep with other Community members: