11.11 Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

ECCouncil ECSAv10 EC-Council Certified Security Analyst (ECSA) v10 : Penetration Testing Exam Practice Test

Page: 1 / 20
Total 201 questions

EC-Council Certified Security Analyst (ECSA) v10 : Penetration Testing Questions and Answers

Question 1

Kyle is performing the final testing of an application he developed for the accounting department. His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following command. What is he testing at this point?

include

#include

int main(int argc, char *argv[])

{

char buffer[10];

if (argc < 2)

{

fprintf(stderr, "USAGE: %s string\n", argv[0]);

return 1;

}

strcpy(buffer, argv[1]);

return 0;

}

Options:

A.

Buffer overflow

B.

Format string bug

C.

Kernal injection

D.

SQL injection

Question 2

Harold wants to set up a firewall on his network but is not sure which one would be the most appropriate. He knows he needs to allow FTP traffic to one of the servers on his network, but he wants to only allow FTP-PUT.

Which firewall would be most appropriate for Harold?

Options:

A.

Application-level proxy firewall

B.

Data link layer firewall

C.

Packet filtering firewall

D.

Circuit-level proxy firewall

Question 3

Identify the policy that defines the standards for the organizational network connectivity and security standards for computers that are connected in the organizational network.

Options:

A.

Information-Protection Policy

B.

Special-Access Policy

C.

Remote-Access Policy

D.

Acceptable-Use Policy

Question 4

NTP protocol is used to synchronize the system clocks of computers with a remote time server or time source over a network. Which one of the following ports is used by NTP as its transport layer?

Options:

A.

TCP port 152

B.

UDP port 177

C.

UDP port 123

D.

TCP port 113

Question 5

What are the 6 core concepts in IT security?

Question # 5

Options:

A.

Server management, website domains, firewalls, IDS, IPS, and auditing

B.

Authentication, authorization, confidentiality, integrity, availability, and non-repudiation

C.

Passwords, logins, access controls, restricted domains, configurations, and tunnels

D.

Biometrics, cloud security, social engineering, DoS attack, viruses, and Trojans

Question 6

In the TCP/IP model, the transport layer is responsible for reliability and flow control from source to the destination. TCP provides the mechanism for flow control by allowing the sending and receiving hosts to communicate.

A flow control mechanism avoids the problem with a transmitting host overflowing the buffers in the receiving host.

Question # 6

Options:

A.

Sliding Windows

B.

Windowing

C.

Positive Acknowledgment with Retransmission (PAR)

D.

Synchronization

Question 7

Which one of the following tools of trade is an automated, comprehensive penetration testing product for assessing the specific information security threats to an organization?

Options:

A.

Sunbelt Network Security Inspector (SNSI)

B.

CORE Impact

C.

Canvas

D.

Microsoft Baseline Security Analyzer (MBSA)

Question 8

Which one of the following scans starts, but does not complete the TCP handshake sequence for each port selected, and it works well for direct scanning and often works well through firewalls?

Options:

A.

SYN Scan

B.

Connect() scan

C.

XMAS Scan

D.

Null Scan

Question 9

Which of the following statements is true about the LM hash?

Options:

A.

Disabled in Windows Vista and 7 OSs

B.

Separated into two 8-character strings

C.

Letters are converted to the lowercase

D.

Padded with NULL to 16 characters

Question 10

Which vulnerability assessment phase describes the scope of the assessment, identifies and ranks the critical assets, and creates proper information protection procedures such as effective planning, scheduling, coordination, and logistics?

Options:

A.

Threat-Assessment Phase

B.

Pre-Assessment Phase

C.

Assessment Phase

D.

Post-Assessment Phase

Question 11

A Demilitarized Zone (DMZ) is a computer host or small network inserted as a “neutral zone” between a company’s private network and the outside public network. Usage of a protocol within a DMZ environment is highly variable based on the specific needs of an organization.

Privilege escalation, system is compromised when the code runs under root credentials, and DoS attacks are the basic weakness of which one of the following Protocol?

Options:

A.

Lightweight Directory Access Protocol (LDAP)

B.

Simple Network Management Protocol (SNMP)

C.

Telnet

D.

Secure Shell (SSH)

Question 12

You are trying to locate Microsoft Outlook Web Access Default Portal using Google search on the Internet. What search string will you use to locate them?

Options:

A.

intitle:"exchange server"

B.

outlook:"search"

C.

locate:"logon page"

D.

allinurl:"exchange/logon.asp"

Question 13

SQL injection attack consists of insertion or "injection" of either a partial or complete SQL query via the data input or transmitted from the client (browser) to the web application. A successful SQL injection attack can:

i) Read sensitive data from the database

iii) Modify database data (insert/update/delete)

iii) Execute administration operations on the database (such as shutdown the DBMS)

iV) Recover the content of a given file existing on the DBMS file system or write files into the file system

v) Issue commands to the operating system

Question # 13

Pen tester needs to perform various tests to detect SQL injection vulnerability. He has to make a list of all input fields whose values could be used in crafting a SQL query, including the hidden fields of POST requests and then test them separately, trying to interfere with the query and to generate an error.

In which of the following tests is the source code of the application tested in a non-runtime environment to detect the SQL injection vulnerabilities?

Options:

A.

Automated Testing

B.

Function Testing

C.

Dynamic Testing

D.

Static Testing

Question 14

Firewall and DMZ architectures are characterized according to its design. Which one of the following architectures is used when routers have better high-bandwidth data stream handling capacity?

Options:

A.

Weak Screened Subnet Architecture

B.

"Inside Versus Outside" Architecture

C.

"Three-Homed Firewall" DMZ Architecture

D.

Strong Screened-Subnet Architecture

Question 15

Transmission control protocol accepts data from a data stream, divides it into chunks, and adds a TCP header creating a TCP segment. The TCP header is the first 24 bytes of a TCP segment that contains the parameters and state of an end-to-end TCP socket. It is used to track the state of communication between two TCP endpoints.

For a connection to be established or initialized, the two hosts must synchronize. The synchronization requires each side to send its own initial sequence number and to receive a confirmation of exchange in an acknowledgment (ACK) from the other side

The below diagram shows the TCP Header format:

Question # 15

Options:

A.

16 bits

B.

32 bits

C.

8 bits

D.

24 bits

Question 16

Rules of Engagement (ROE) document provides certain rights and restriction to the test team for performing the test and helps testers to overcome legal, federal, and policy-related restrictions to use different penetration testing tools and techniques.

Question # 16

What is the last step in preparing a Rules of Engagement (ROE) document?

Options:

A.

Conduct a brainstorming session with top management and technical teams

B.

Decide the desired depth for penetration testing

C.

Conduct a brainstorming session with top management and technical teams

D.

Have pre-contract discussions with different pen-testers

Question 17

Which of the following acts related to information security in the US establish that the management of an organization is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting?

Options:

A.

USA Patriot Act 2001

B.

Sarbanes-Oxley 2002

C.

Gramm-Leach-Bliley Act (GLBA)

D.

California SB 1386

Question 18

External penetration testing is a traditional approach to penetration testing and is more focused on the servers, infrastructure and the underlying software comprising the target. It involves a comprehensive analysis of publicly available information about the target, such as Web servers, Mail servers, Firewalls, and Routers.

Question # 18

Which of the following types of penetration testing is performed with no prior knowledge of the site?

Options:

A.

Blue box testing

B.

White box testing

C.

Grey box testing

D.

Black box testing

Question 19

The objective of this act was to protect consumers personal financial information held by financial institutions and their service providers.

Options:

A.

HIPAA

B.

Sarbanes-Oxley 2002

C.

Gramm-Leach-Bliley Act

D.

California SB 1386a

Question 20

How many bits is Source Port Number in TCP Header packet?

Options:

A.

48

B.

32

C.

64

D.

16

Question 21

In the context of penetration testing, what does blue teaming mean?

Question # 21

Options:

A.

A penetration test performed with the knowledge and consent of the organization's IT staff

B.

It is the most expensive and most widely used

C.

It may be conducted with or without warning

D.

A penetration test performed without the knowledge of the organization's IT staff but with permission from upper management

Question 22

DMZ is a network designed to give the public access to the specific internal resources and you might want to do the same thing for guests visiting organizations without compromising the integrity of the internal resources. In general, attacks on the wireless networks fall into four basic categories.

Identify the attacks that fall under Passive attacks category.

Options:

A.

Wardriving

B.

Spoofing

C.

Sniffing

D.

Network Hijacking

Question 23

War Driving is the act of moving around a specific area, mapping the population of wireless access points for statistical purposes. These statistics are then used to raise awareness of the security problems associated with these types of networks.

Which one of the following is a Linux based program that exploits the weak IV (Initialization Vector) problem documented with static WEP?

Options:

A.

Airsnort

B.

Aircrack

C.

WEPCrack

D.

Airpwn

Question 24

Meyer Electronics Systems just recently had a number of laptops stolen out of their office. On these laptops contained sensitive corporate information regarding patents and company strategies.

A month after the laptops were stolen, a competing company was found to have just developed products that almost exactly duplicated products that Meyer produces.

What could have prevented this information from being stolen from the laptops?

Options:

A.

SDW Encryption

B.

EFS Encryption

C.

DFS Encryption

D.

IPS Encryption

Question 25

SQL injection attacks are becoming significantly more popular amongst hackers and there has been an estimated 69 percent increase of this attack type.

This exploit is used to great effect by the hacking community since it is the primary way to steal sensitive data from web applications. It takes advantage of non-validated input vulnerabilities to pass SQL commands through a web application for execution by a back-end database.

The below diagram shows how attackers launched SQL injection attacks on web applications.

Question # 25

Which of the following can the attacker use to launch an SQL injection attack?

Options:

A.

Blah' “2=2 –“

B.

Blah' and 2=2 --

C.

Blah' and 1=1 --

D.

Blah' or 1=1 --

Question 26

Which one of the following is a useful formatting token that takes an int * as an argument, and writes the number of bytes already written, to that location?

Options:

A.

“%n”

B.

“%s”

C.

“%p”

D.

“%w”

Question 27

What will the following URL produce in an unpatched IIS Web Server?

Question # 27

Options:

A.

Execute a buffer flow in the C: drive of the web server

B.

Insert a Trojan horse into the C: drive of the web server

C.

Directory listing of the C:\windows\system32 folder on the web server

D.

Directory listing of C: drive on the web server

Question 28

Which of the following defines the details of services to be provided for the client’s organization and the list of services required for performing the test in the organization?

Options:

A.

Draft

B.

Report

C.

Requirement list

D.

Quotation

Question 29

Black-box testing is a method of software testing that examines the functionality of an application (e.g. what the software does) without peering into its internal structures or workings. Black-box testing is used to detect issues in SQL statements and to detect SQL injection vulnerabilities.

Question # 29

Most commonly, SQL injection vulnerabilities are a result of coding vulnerabilities during the Implementation/Development phase and will likely require code changes. Pen testers need to perform this testing during the development phase to find and fix the SQL injection vulnerability.

What can a pen tester do to detect input sanitization issues?

Options:

A.

Send single quotes as the input data to catch instances where the user input is not sanitized

B.

Send double quotes as the input data to catch instances where the user input is not sanitized

C.

Send long strings of junk data, just as you would send strings to detect buffer overruns

D.

Use a right square bracket (the “]” character) as the input data to catch instances where the user input is used as part of a SQL identifier without any input sanitization

Question 30

Which of the following approaches to vulnerability assessment relies on the administrator providing baseline of system configuration and then scanning continuously without incorporating any information found at the time of scanning?

Question # 30

Options:

A.

Service-based Assessment Solutions

B.

Product-based Assessment Solutions

C.

Tree-based Assessment

D.

Inference-based Assessment

Page: 1 / 20
Total 201 questions