Last Updated on July 24, 2021 by Admin 2

ECSAv10 : EC-Council Certified Security Analyst : Part 05

  1. Adam found a pen drive in his company’s parking lot. He connected it to his system to check the content. On the next day, he found that someone has logged into his company email account and sent some emails. What type of social engineering attack has Adam encountered?

    • Media Dropping
    • Phishing
    • Eaves Dropping
    • Dumpster Diving
  2. Russel, a penetration tester after performing the penetration testing, wants to create a report so that he can provide details of the testing process and findings of the vulnerabilities to the management. Russel employs the commonly available vulnerability scoring framework called Common Vulnerability Scoring System (CVSS) v3.0 ratings for grading the severity and risk level of identified vulnerabilities in the report. For a specific SMB-based vulnerability, Russel assigned a score of 8.7.

    What is the level of risk or level of severity of the SMB vulnerability as per CVSS v3.0 for the assigned score?

    • Critical
    • Low
    • Medium
    • High
  3. Lee has established a new startup where they develop android applications. In order to meet memory requirements of the company, Lee has hired a Cloud Service Provider, who offered memory space along with virtual systems. Lee was dissatisfied with their service and wanted to move to another CSP, but was denied as a part of the contract, which reads that the user cannot switch to another CSP.

    What is this condition called?

    • Virtualization
    • Lock-in
    • Resource Isolation
    • Lock-up
  4. Jeffry, a penetration tester in Repotes Solutions Pvt. Ltd., is facing a problem in testing the firewall. By consulting other penetration testers and considering other penetration testing approaches, he was able to take critical decisions on how to test the firewall; he was finally successful in testing the firewall for vulnerabilities.

    In which of the following sections of penetration testing report will Jeffry mention the above situation?

    • Timeline
    • Evaluation purpose
    • Assumptions
    • System description
  5. WallSec Inc. has faced several network security issues in the past and hired Williamson, a professional pentester, to audit its information systems. Before starting his work, Williamson, with the help of his legal advisor, signed an agreement with his client. This agreement states that confidential information of the client should not be revealed outside of the engagement.

    What is the name of the agreement that Williamson and his client signed?

    • Non-disclosure agreement
    • TPOC agreement
    • Engagement letter
    • Authorization letter
  6. Tom is a networking manager in XYZ Inc. He and his team were assigned the task to store and update the confidential files present on a remote server using Network File System (NFS) client-server application protocol. Since the files are confidential, Tom was asked to perform this operation in a secured manner by limiting the access only to his team. As per the instructions provided to him, to use NFS securely, he employed the process of limiting the superuser access privileges only to his team by using authentication based on the team personnel identity.

    Identify the method employed by Tom for securing access controls in NFS?

    • Root Squashing
    • nosuid
    • noexec
    • Suid
  7. David is a penetration tester and he is attempting to extract password hashes from the Oracle database.

    Which of the following utilities should Dave employ in order to brute-force password hashes from Oracle databases?

    • TNS
    • Orabf
    • Opwg
    • OAT
  8. Which of the following tasks is done after submitting the final pen testing report?

    • Kick-off meeting
    • System patching and hardening
    • Exploiting vulnerabilities
    • Mission briefing
  9. Sam is auditing a web application for SQL injection vulnerabilities. During the testing, Sam discovered that the web application is vulnerable to SQL injection. He starts fuzzing the search field in the web application with UNION based SQL queries, however, he realized that the underlying WAF is blocking the requests. To avoid this, Sam is trying the following query:

    UNION/**/SELECT/**/’/**/OR/**/1/**/=/**/1

    Which of the following evasion techniques is Sam using?

    • Sam is using char encoding to bypass WAF
    • Sam is using obfuscated code to bypass WAF
    • Sam is using inline comments to bypass WAF
    • Sam is manipulating white spaces to bypass WAF
  10. Stanley, a pen tester needs to perform various tests to detect SQL injection vulnerabilities. He has to make a list of all input fields whose values could be used in crafting a SQL query. This includes the hidden fields of POST requests and then test them separately, attempting to interfere with the query and cause an error to generate as a result.

    In which of the following tests is the source code of the application tested in a non-runtime environment to detect the SQL injection vulnerabilities?

    • Dynamic Testing
    • Static Testing
    • Function Testing
    • Source Code Testing
  11. During the reconnaissance phase of a penetration test, you discovered that the client has deployed a firewall that only checks the TCP header information.

    Which of the following techniques would you use to bypass the firewall?

    • Bypassing the firewall using tiny fragments
    • Bypassing the firewall by manipulating the IPID sequence number
    • Bypassing the firewall source routing
    • Bypassing the firewall using the IP address in place of an URL
  12. A month ago, Jason, a software developer at a reputed IT firm was surfing through his company’s website. He was visiting random pages of the company’s website and came to find confidential information about the company was posted on one of the web pages. Jason forgot to report the issue. Jason contacted John, another member of the Security Team, and discussed the issue. John visited the page but found nothing wrong.

    What should John do to see past versions and pages of a website that Jason saw one month back?

    • John should use SmartWhois to recover the old pages of the website
    • John should recover cashed pages of the website from Google search engine cache
    • John should run the Web Data Extractor tool to recover the old data
    • John can go to Archive.org to see past versions of the company website
  13. HDC Networks Ltd. is a leading security services company. Matthew works as a penetrating tester with this firm. He was asked to gather information about the target company. Matthew begins with social engineering by following the steps:

    I. Secretly observes the target to gain critical information

    II. Looks at employee’s password or PIN code with the help of binoculars or a low-power telescope

    Based on the above description, identify the information gathering technique.

    • Phishing
    • Shoulder surfing
    • Tailgating
    • Dumpster diving
  14. Analyze the packet capture from Wireshark below and mark the correct statement.

    ECSAv10 Part 05 Q14 007
    ECSAv10 Part 05 Q14 007
    • It is an invalid DNS query
    • It is a DNS response message
    • It is an answer to the iterative query from Microsoft.com DNS server
    • It is Host (A record) DNS query message
  15. Sarah is a pen tester at JK Hopes & Sons based in Las Vegas. As a part of the penetration testing, she was asked to perform the test without exposing the test to anyone else in the organization. Only a few people in the organization know about the test. This test covers the organization’s security monitoring, incident identification and its response procedures.

    What kind of pen testing is Sarah performing?

    • Double-blind Testing
    • Announced Testing
    • Unannounced Testing
    • Blind Testing
  16. Henderson has completed the pen testing tasks. He is now compiling the final report for the client. Henderson needs to include the result of scanning that revealed a SQL injection vulnerability and different SQL queries that he used to bypass web application authentication.

    In which section of the pen testing report, should Henderson include this information?

    • General opinion section
    • Methodology section
    • Comprehensive technical report section
    • Executive summary section
  17. Which of the following SQLMAP commands will allow you to test if a parameter in a target URL is vulnerable to SQL injection (injectable)?

    • sqlmap -g “inurl:\”.php?id=1\””
    • sqlmap.py -l burp.log –scope=“(www)?\.[target]\.(com | net | org)”
    • sqlmap –url [ Target URL ]
    • sqlmap –host [ Target URL ]
  18. John, a security analyst working for LeoTech organization, was asked to perform penetration testing on the client organizational network. In this process, he used a method that involves threatening or convincing a person from the client organization to obtain sensitive information.

    Identify the type of penetration testing performed by John on the client organization?

    • Wireless network penetration testing
    • Social engineering penetration testing
    • Mobile device penetration testing
    • Web application penetration testing
  19. Which of the following acts provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information?

    • PCI-DSS
    • SOX
    • HIPAA
    • GLBA
  20. What is the purpose of a Get-Out-of-Jail-Free card in a pen testing engagement?

    • It indemnifies the tester against any loss or damage that may result from the testing
    • It details standards and penalties imposed by federal, state, or local governments
    • It is a formal approval to start pen test engagement
    • It gives an understanding of the limitations, constraints, liabilities, and indemnification considerations