New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

ECCouncil ECSAv10 EC-Council Certified Security Analyst (ECSA) v10 : Penetration Testing Exam Practice Test

Page: 1 / 20
Total 201 questions

EC-Council Certified Security Analyst (ECSA) v10 : Penetration Testing Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

Logs are the record of the system and network activities. Syslog protocol is used for delivering log information across an IP network. Syslog messages can be sent via which one of the following?

Options:

A.

UDP and TCP

B.

TCP and SMTP

C.

SMTP

D.

UDP and SMTP

Question 2

SQL injection attacks are becoming significantly more popular amongst hackers and there has been an estimated 69 percent increase of this attack type.

This exploit is used to great effect by the hacking community since it is the primary way to steal sensitive data from web applications. It takes advantage of non-validated input vulnerabilities to pass SQL commands through a web application for execution by a back-end database.

The below diagram shows how attackers launched SQL injection attacks on web applications.

Which of the following can the attacker use to launch an SQL injection attack?

Options:

A.

Blah' “2=2 –“

B.

Blah' and 2=2 --

C.

Blah' and 1=1 --

D.

Blah' or 1=1 --

Question 3

Which of the following attacks does a hacker perform in order to obtain UDDI information such as businessEntity, businesService, bindingTemplate, and tModel?

Options:

A.

Web Services Footprinting Attack

B.

Service Level Configuration Attacks

C.

URL Tampering Attacks

D.

Inside Attacks

Question 4

The SnortMain () function begins by associating a set of handlers for the signals, Snort receives. It does this using the signal () function. Which one of the following functions is used as a programspecific signal and the handler for this calls the DropStats() function to output the current Snort statistics?

Options:

A.

SIGUSR1

B.

SIGTERM

C.

SIGINT

D.

SIGHUP

Question 5

To locate the firewall, SYN packet is crafted using Hping or any other packet crafter and sent to the firewall. If ICMP unreachable type 13 message (which is an admin prohibited packet) with a source IP address of the access control device is received, then it means which of the following type of firewall is in place?

Options:

A.

Circuit level gateway

B.

Stateful multilayer inspection firewall

C.

Packet filter

D.

Application level gateway

Question 6

Which of the following is not the SQL injection attack character?

Options:

A.

$

B.

PRINT

C.

#

D.

@@variable

Question 7

You work as an IT security auditor hired by a law firm in Boston. You have been assigned the responsibility to audit the client for security risks. When assessing the risk to the clients network, what step should you take first?

Options:

A.

Analyzing, categorizing and prioritizing resources

B.

Evaluating the existing perimeter and internal security

C.

Checking for a written security policy

D.

Analyzing the use of existing management and control architecture

Question 8

Which one of the following Snort logger mode commands is associated to run a binary log file through Snort in sniffer mode to dump the packets to the screen?

Options:

A.

./snort -dvr packet.log icmp

B.

./snort -dev -l ./log

C.

./snort -dv -r packet.log

D.

./snort -l ./log –b

Question 9

Why is a legal agreement important to have before launching a penetration test?

Options:

A.

Guarantees your consultant fees

B.

Allows you to perform a penetration test without the knowledge and consent of the organization's upper management

C.

It establishes the legality of the penetration test by documenting the scope of the project and the consent of the company.

D.

It is important to ensure that the target organization has implemented mandatory security policies

Question 10

After passively scanning the network of Department of Defense (DoD), you switch over to active scanning to identify live hosts on their network. DoD is a large organization and should respond to any number of scans. You start an ICMP ping sweep by sending an IP packet to the broadcast address.

Only five hosts responds to your ICMP pings; definitely not the number of hosts you were expecting. Why did this ping sweep only produce a few responses?

Options:

A.

A switched network will not respond to packets sent to the broadcast address

B.

Only IBM AS/400 will reply to this scan

C.

Only Unix and Unix-like systems will reply to this scan

D.

Only Windows systems will reply to this scan

Question 11

Which of the following approaches to vulnerability assessment relies on the administrator providing baseline of system configuration and then scanning continuously without incorporating any information found at the time of scanning?

Options:

A.

Service-based Assessment Solutions

B.

Product-based Assessment Solutions

C.

Tree-based Assessment

D.

Inference-based Assessment

Question 12

Snort, an open source network-based intrusion detection sensor, is the most widely installed NIDS in the world. It can be configured to run in the four modes. Which one of the following modes reads the packets off the network and displays them in a continuous stream on the console (screen)?

Options:

A.

Packet Sniffer Mode

B.

Packet Logger Mode

C.

Network Intrusion Detection System Mode

D.

Inline Mode

Question 13

Which one of the following 802.11 types uses either FHSS or DSSS for modulation?

Options:

A.

802.11b

B.

802.11a

C.

802.11n

D.

802.11-Legacy

Question 14

Internet Control Message Protocol (ICMP) messages occur in many situations, such as whenever a datagram cannot reach the destination or the gateway does not have the buffering capacity to forward a datagram. Each ICMP message contains three fields: type, code, and checksum.

Different types of Internet Control Message Protocols (ICMPs) are identified by a type and code field.

Which of the following ICMP messages will be generated if the destination port is not reachable?

Options:

A.

ICMP Type 11 code 1

B.

ICMP Type 5 code 3

C.

ICMP Type 3 code 2

D.

ICMP Type 3 code 3

Question 15

War Driving is the act of moving around a specific area, mapping the population of wireless access points for statistical purposes. These statistics are then used to raise awareness of the security problems associated with these types of networks.

Which one of the following is a Linux based program that exploits the weak IV (Initialization Vector) problem documented with static WEP?

Options:

A.

Airsnort

B.

Aircrack

C.

WEPCrack

D.

Airpwn

Question 16

Julia is a senior security analyst for Berber Consulting group. She is currently working on a contract for a small accounting firm in Florida. They have given her permission to perform social engineering attacks on the company to see if their in-house training did any good. Julia calls the main number for the accounting firm and talks to the receptionist. Julia says that she is an IT technician from the company's main office in Iowa.

She states that she needs the receptionist's network username and password to troubleshoot a problem they are having. Julia says that Bill Hammond, the CEO of the company, requested this information. After hearing the name of the CEO, the receptionist gave Julia all the information she asked for.

What principal of social engineering did Julia use?

Options:

A.

Reciprocation

B.

Friendship/Liking

C.

Social Validation

D.

Scarcity

Question 17

You work as a penetration tester for Hammond Security Consultants. You are currently working on a contract for the state government of California. Your next step is to initiate a DoS attack on their network. Why would you want to initiate a DoS attack on a system you are testing?

Options:

A.

Use attack as a launching point to penetrate deeper into the network

B.

Demonstrate that no system can be protected against DoS attacks

C.

List weak points on their network

D.

Show outdated equipment so it can be replaced

Question 18

The Internet is a giant database where people store some of their most private information on the cloud, trusting that the service provider can keep it all safe. Trojans, Viruses, DoS attacks, website defacement, lost computers, accidental publishing, and more have all been sources of major leaks over the last 15 years.

What is the biggest source of data leaks in organizations today?

Options:

A.

Weak passwords and lack of identity management

B.

Insufficient IT security budget

C.

Rogue employees and insider attacks

D.

Vulnerabilities, risks, and threats facing Web sites

Question 19

Black-box testing is a method of software testing that examines the functionality of an application (e.g. what the software does) without peering into its internal structures or workings. Black-box testing is used to detect issues in SQL statements and to detect SQL injection vulnerabilities.

Most commonly, SQL injection vulnerabilities are a result of coding vulnerabilities during the Implementation/Development phase and will likely require code changes. Pen testers need to perform this testing during the development phase to find and fix the SQL injection vulnerability.

What can a pen tester do to detect input sanitization issues?

Options:

A.

Send single quotes as the input data to catch instances where the user input is not sanitized

B.

Send double quotes as the input data to catch instances where the user input is not sanitized

C.

Send long strings of junk data, just as you would send strings to detect buffer overruns

D.

Use a right square bracket (the “]” character) as the input data to catch instances where the user input is used as part of a SQL identifier without any input sanitization

Question 20

Which of the following protocols cannot be used to filter VoIP traffic?

Options:

A.

Media Gateway Control Protocol (MGCP)

B.

Real-time Transport Control Protocol (RTCP)

C.

Session Description Protocol (SDP)

D.

Real-Time Publish Subscribe (RTPS)

Question 21

Choose the correct option to define the Prefix Length.

Options:

A.

Prefix Length = Subnet + Host portions

B.

Prefix Length = Network + Host portions

C.

Prefix Length = Network + Subnet portions

D.

Prefix Length = Network + Subnet + Host portions

Question 22

What are the 6 core concepts in IT security?

Options:

A.

Server management, website domains, firewalls, IDS, IPS, and auditing

B.

Authentication, authorization, confidentiality, integrity, availability, and non-repudiation

C.

Passwords, logins, access controls, restricted domains, configurations, and tunnels

D.

Biometrics, cloud security, social engineering, DoS attack, viruses, and Trojans

Question 23

Which of the following is NOT related to the Internal Security Assessment penetration testing strategy?

Options:

A.

Testing to provide a more complete view of site security

B.

Testing focused on the servers, infrastructure, and the underlying software, including the target

C.

Testing including tiers and DMZs within the environment, the corporate network, or partner company connections

D.

Testing performed from a number of network access points representing each logical and physical segment

Question 24

The IP protocol was designed for use on a wide variety of transmission links. Although the maximum length of an IP datagram is 64K, most transmission links enforce a smaller maximum packet length limit, called a MTU.

The value of the MTU depends on the type of the transmission link. The design of IP accommodates MTU differences by allowing routers to fragment IP datagrams as necessary. The receiving station is responsible for reassembling the fragments back into the original full size IP datagram.

IP fragmentation involves breaking a datagram into a number of pieces that can be reassembled later. The IP source, destination, identification, total length, and fragment offset fields in the IP header, are used for IP fragmentation and reassembly.

The fragment offset is 13 bits and indicates where a fragment belongs in the original IP datagram. This value is a:

Options:

A.

Multiple of four bytes

B.

Multiple of two bytes

C.

Multiple of eight bytes

D.

Multiple of six bytes

Question 25

SQL injection attack consists of insertion or "injection" of either a partial or complete SQL query via the data input or transmitted from the client (browser) to the web application. A successful SQL injection attack can:

i) Read sensitive data from the database

iii) Modify database data (insert/update/delete)

iii) Execute administration operations on the database (such as shutdown the DBMS)

iV) Recover the content of a given file existing on the DBMS file system or write files into the file system

v) Issue commands to the operating system

Pen tester needs to perform various tests to detect SQL injection vulnerability. He has to make a list of all input fields whose values could be used in crafting a SQL query, including the hidden fields of POST requests and then test them separately, trying to interfere with the query and to generate an error.

In which of the following tests is the source code of the application tested in a non-runtime environment to detect the SQL injection vulnerabilities?

Options:

A.

Automated Testing

B.

Function Testing

C.

Dynamic Testing

D.

Static Testing

Question 26

Which of the following statement holds true for TCP Operation?

Options:

A.

Port numbers are used to know which application the receiving host should pass the data to

B.

Sequence numbers are used to track the number of packets lost in transmission

C.

Flow control shows the trend of a transmitting host overflowing the buffers in the receiving host

D.

Data transfer begins even before the connection is established

Question 27

NO: 35

In which of the following IDS evasion techniques does IDS reject the packets that an end system accepts?

Options:

A.

IPS evasion technique

B.

IDS evasion technique

C.

UDP evasion technique

D.

TTL evasion technique

Question 28

What are placeholders (or markers) in an HTML document that the web server will dynamically replace with data just before sending the requested documents to a browser?

Options:

A.

Server Side Includes

B.

Sort Server Includes

C.

Server Sort Includes

D.

Slide Server Includes

Question 29

You are trying to locate Microsoft Outlook Web Access Default Portal using Google search on the Internet. What search string will you use to locate them?

Options:

A.

intitle:"exchange server"

B.

outlook:"search"

C.

locate:"logon page"

D.

allinurl:"exchange/logon.asp"

Question 30

Which of the following is the range for assigned ports managed by the Internet Assigned Numbers Authority (IANA)?

Options:

A.

3001-3100

B.

5000-5099

C.

6666-6674

D.

0 – 1023

Page: 1 / 20
Total 201 questions