Last Updated on July 24, 2021 by Admin 2

ECSAv10 : EC-Council Certified Security Analyst : Part 07

  1. Martin works as a professional Ethical Hacker and Penetration Tester. He is an ESCA certified professional and was following the LPT methodology to perform the penetration testing. He is assigned a project for information gathering on a client’s network. He started penetration testing and was trying to find out the company’s internal URLs, (mostly by trial and error), looking for any information about the different departments and business units. Martin was unable to find any information.

    What should Martin do to get the information he needs?

    • Martin should use email tracking tools such as eMailTrackerPro to find the company’s internal URLs
    • Martin should use online services such as netcraft.com to find the company’s internal URLs
    • Martin should use WayBackMachine in Archive.org to find the company’s internal URLs
    • Martin should use website mirroring tools such as HTTrack Web Site Copier to find the company’s internal URLs
  2. John is a network administrator and he is configuring the Active Directory roles in the primary domain controller (DC) server. Whilst configuring the Flexible Single Master Operation (FSMO) roles in the primary DC, he configured one of the roles to synchronize the time among all the DCs in an enterprise. The role that he configured also records the password changes performed by other DCs in the domain, authentication failures due to entering an incorrect password, and processes account lockout activities.

    Which of the following FSMO roles has John configured?

    • RID master
    • PDC emulator
    • Domain naming master
    • Schema master
  3. Dale is a penetration tester and security expert. He works at Sam Morrison Inc. based in Detroit. He was assigned to do an external penetration testing on one of its clients. Before digging into the work, he wanted to start with reconnaissance and grab some details about the organization. He used tools like Netcraft and SHODAN and grabbed the internal URLs of his client.

    What information do the internal URLs provide?

    • Internal URLs provide an insight into various departments and business units in an organization
    • Internal URLs provide database related information
    • Internal URLs provide server related information
    • Internal URLs provide vulnerabilities of the organization
  4. David is working on a pen testing assignment as a junior consultant. His supervisor told him to test a web application for SQL injection. The supervisor also informed David the web application is known to be vulnerable to the “admin’ OR ‘” injection. When David tried this string, he received a WAF error message the input is not allowed.

    Which of the following strings could David use instead of the above string to bypass the WAF filtering?

    • exec sp_addsrvrolemember ‘name ‘ , ‘sysadmin ‘
    • ‘ union select
    • admin’) or ‘1’=’1′–
    • ‘or username like char(37);
  5. Adam is working as a senior penetration tester at Eon Tech Services Ltd. The company asked him to perform penetration testing on their database. The company informs Adam they use Microsoft SQL Server. As a part of the penetration testing, Adam wants to know the complete information about the company’s database. He uses the Nmap tool to get the information.

    Which of the following Nmap commands will Adam use to get the information?

    • nmap -p2051 –script ms-sql-info
    • nmap -p1801 –script ms-sql-info
    • nmap -p1443 –script ms-sql-info
    • nmap -p1521 –script ms-sql-info
  6. Analyze the ICMP packet below and mark the correct statement.

    ECSAv10 Part 07 Q06 008
    ECSAv10 Part 07 Q06 008
    • It is a ping packet that requires fragmentation, but the Don’t Fragment flag is set
    • It is a ping request, but the destination port is unreachable
    • It is a ping response, when the destination host is unknown
    • It is a ping request, but the destination network is unreachable
  7. Smith, a pen tester, has been hired to analyze the security posture of an organization and is trying to find the operating systems used in the network using Wireshark. What can be inferred about selected packet in the Wireshark screenshot below?

    ECSAv10 Part 07 Q07 009
    ECSAv10 Part 07 Q07 009
    • The machine with IP 10.0.0.10 is running on Linux
    • The machine with IP 10.0.0.12 is running on Linux
    • The machine with IP 10.0.0.12 is running on Windows
    • The machine with IP10.0.0.10 is running on Windows
  8. Harry, a penetration tester in SqSac Solutions Ltd., is trying to check if his company’s SQL server database is vulnerable. He also wants to check if there are any loopholes present that can enable the perpetrators to exploit and gain access to the user account login details from the database. After performing various test attempts, finally Harry executes an SQL query that enabled him to extract all the available Windows Login Account details.

    Which of the following SQL queries did Harry execute to obtain the information?

    • SELECT name FROM sys.server_principals WHERE TYPE = ‘R’
    • SELECT name FROM sys.server_principals WHERE TYPE = ‘U’
    • SELECT name FROM sys.server_principals WHERE TYPE = ‘G’
    • SELECT name FROM sys.server_principals WHERE TYPE = ‘S’
  9. An organization recently faced a cyberattack where an attacker captured legitimate user credentials and gained access to the critical information systems. He also led other malicious hackers in gaining access to the information systems. To defend and prevent such attacks in future, the organization has decided to route all the incoming and outgoing network traffic through a centralized access proxy apart from validating user credentials.

    Which of the following defensive mechanisms the organization is trying to strengthen?

    • Authentication
    • Serialization
    • Encryption
    • Hashing
  10. Charles, a network penetration tester, is part of a team assessing the security of perimeter devices of an organization. He is using the following Nmap command to bypass the firewall:

    nmap -D 10.10.8.5, 192.168.168.9, 10.10.10.12

    What Charles is trying to do?

    • Packet Fragmentation
    • Cloaking a scan with decoys
    • Spoofing source address
    • Spoofing source port number
  11. You are working on a pen testing assignment. Your client has asked for a document that shows them the detailed progress of the pen testing.

    Which document is the client asking for?

    • Scope of work (SOW) document
    • Rule of engagement with signatures of both the parties
    • Project plan with work breakdown structure
    • Engagement log
  12. Adam is a senior penetration tester at XYZsecurity Inc. He is auditing a wireless network for vulnerabilities. Before starting the audit, he wants to ensure that the wireless card in his machine supports injection. He decided to use the latest version of aircrack-ng tool.

    Which of the following commands will help Adam check his wireless card for injection?

    • aireplay-ng -9 wlan0
    • airodump-ng wlan0
    • airdecap-ng -3 wlan0
    • aireplay-ng -5 –b wlan0
  13. Rock is a disgruntled employee of XYZ Inc. He wanted to take revenge. For that purpose, he created a malicious software that automatically visits every page on the company’s website, checks pages for important links to other content recursively, and indexes them in a logical flow. By using this malicious software, he gathered a lot of crucial information that is required to exploit the organization.

    What is the type of software that Rock developed?

    • Web spider
    • Web fuzzer
    • Web scanner
    • Web proxy
  14. While auditing a web application for vulnerabilities, Donald uses Burp proxy and modifies the get requests as below:

    http://www.example.com/GET/process.php./../../../../../../../../etc/password

    What is Donald trying to achieve?

    • Donald is modifying process.php file to extract /etc/password file
    • Donald is trying directory traversal to extract /etc/password file
    • Donald is trying SQL injection to extract the contents of /etc/password file
    • Donald is trying to upload /etc/password file to the web server root folder
  15. As a normal three-way handshake mechanism system A sends an ACK packet to system B. However, system A does not send an ACK packet to system B. In this case, client B is waiting for an ACK packet from client A.

    What is the status of client B?

    • “Half-open”
    • “Filtered”
    • “Half-closed”
    • “Full-open”
  16. GenSec Inc, a UK-based company, uses Oracle database to store all its data. The company also uses Oracle DataBase Vault to restrict users access to specific areas of their database. GenSec hired a senior penetration tester and security auditor named Victor to check the vulnerabilities of the company’s Oracle DataBase Vault. He was asked to find all the possible vulnerabilities that can bypass the company’s Oracle DB Vault. Victor tried different kinds of attacks to penetrate into the company’s Oracle DB Vault and succeeded.

    Which of the following attacks can help Victor to bypass GenSec’s Oracle DB Vault?

    • Man-in-the-Middle Attack
    • Denial-of-Service Attack
    • Replay Attack
    • SQL Injection
  17. Michael, a penetration tester of Rolatac Pvt. Ltd., has completed his initial penetration testing and now he needs to create a penetration testing report for company’s client, management, and top officials for their reference. For this, he created a report providing a detailed summary of the complete penetration testing process of the project that he has undergone, its outcomes, and recommendations for future testing and exploitation.

    In the above scenario, which type of penetration testing report has Michael prepared?

    • Host report
    • Activity report
    • User report
    • Executive report
  18. John is working as a cloud security analyst in an organization. The management instructed him to implement a technology in the cloud infrastructure which allows the organization to share the underlying cloud resources such as server, storage devices, and network.

    Which of the following technologies John must employ?

    • VoIP technology
    • Virtualization technology
    • RFID technology
    • Site technology
  19. The security team found the network switch has changed its behavior to learning mode and is functioning like a hub. The CAM table of the switch was filled with unnecessary traffic. Someone tried to penetrate into the network space by attacking the network switches. They wrote a report and submitted to higher authorities.

    What kind of an attack did the attackers perform against the network switch?

    • DNS Poisoning
    • MITM Attack
    • MAC Flooding
    • ARP Poisoning
  20. Which of the following pre-engagement documents identifies the systems to be tested, types of tests, and the depth of the testing?

    • Draft Report
    • Letter of Intent
    • Rule of Engagement
    • Authorization Letter