| Exam Code/Number: | 412-79v9Join the discussion |
| Exam Name: | EC-Council Certified Security Analyst (ECSA) v9 |
| Certification: | EC-COUNCIL |
| Question Number: | 205 |
| Publish Date: | Dec 06, 2025 |
|
Rating
100%
|
|
A firewall's decision to forward or reject traffic in network filtering is dependent upon which of the following?
Which of the following acts related to information security in the US establish that the management of an organization is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting?
Black-box testing is a method of software testing that examines the functionality of an application (e.g. what the software does) without peering into its internal structures or workings. Black-box testing is used to detect issues in SQL statements and to detect SQL injection vulnerabilities.
Most commonly, SQL injection vulnerabilities are a result of coding vulnerabilities during the Implementation/Development phase and will likely require code changes.
Pen testers need to perform this testing during the development phase to find and fix the
SQL injection vulnerability.
What can a pen tester do to detect input sanitization issues?
Which of the following statements is true about the LM hash?
Windows stores user passwords in the Security Accounts Manager database (SAM), or in the Active Directory database in domains. Passwords are never stored in clear text; passwords are hashed and the results are stored in the SAM.
NTLM and LM authentication protocols are used to securely store a user's password in the
SAM database using different hashing methods.
The SAM file in Windows Server 2008 is located in which of the following locations?
