Convertcsv

"SR.
No","Test Name","Subject Name","Section Name","Questions","Response-A","Response-B","Response-C","Response-D",

1,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Which type of security policy is described by the configuration below: <ul><li>Provides maximum security while allowing known, but necessary, dangers</
services are blocked; nothing is allowed</li><li>Safe and necessary services are enabled individually</li><li>Non-essential services and procedures that cannot be made safe are NOT allowed</li><li>Everything is logged</li></ul>
Policy,Permissive Policy,Paranoid Policy,Promiscuous Policy,
2,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Jacob, a compliance officer with a top MNC based out of Florida, has received reports that a competitor of the company has used and branded some of its co
software application codes. He wants to pursue a case against the competitor. Which of the following laws will Jacob specifically invoke in this case? ,The Digital Millennium Copyright Act (DMCA),Gramm-Leach-Bliley Ac
(GLBA),Sarbanes Oxley Act (SOX),Health Insurance Portability and Accountability Act (HIPAA),
3,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Which of the following statements highlights the difference between a vulnerability assessment and a penetration test? ,A vulnerability assessment identifies
vulnerabilities, and a penetration test exploits the identified vulnerabilities for validation and to determine impact.,A vulnerability assessment requires only automated tools to discover the vulnerabilities whereas pentesting also in
discovery of vulnerabilities.,A vulnerability assessment is performed only on software components of an information system, whereas pentesting is performed on all hardware and software components of the system.,A vulnerab
focuses on low severity vulnerabilities and pentesting focuses on high severity vulnerabilities,
4,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Sarah is a pen tester at JK Hopes & Sons based in Las Vegas. As a part of the penetration testing, she was asked to perform the test without exposing th
else in the organization. Only a few people in the organization know about the test. This test covers the organization's security monitoring, incident identification and its response procedures. What kind of pen testing is Sarah
performing? ,Announced Testing,Unannounced Testing,Blind Testing,Double-blind Testing,
5,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Martin is performing an internal pentest for one of his clients. The client has provided him with the necessary information. The scope of the test allows Marti
vulnerabilities discovered during the vulnerability scans. He is permitted to attempt attacks including Denial-of-Service (DoS) and Buffer Overflow. How can you categorize the scope of this pentest? ,Nondestructive black-
test,Destructive test,Destructive black-box test,Black-box test,
6,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,ABC Bank, a UK-based bank hired Anthony, to perform a penetration test for the bank. Anthony began performing lookups on the bank's DNS servers, reading
online about the bank, performing competitive intelligence gathering, watching what times the bank employees come and go, and searching the bank's job postings. What phase of the penetration testing is the Anthony c
attack phase,Attack phase,Remediation phase,Post-attack phase,
7,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,John, a penetration tester and security auditor, was hired by XSecurity Services. John was asked to perform a penetration test on the company�s network. J
that a user from the HR department had a dial-out modem installed. John wanted to check the organization�s security policies to see whether the dial-out modems are allowed or not. Which of the following security policies
check? ,Acceptable-use policy,Remote-access policy,User account policy,Firewall-management policy,
8,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Jack, a network engineer, is working on an IPv6 implementation for one of his clients. He deployed IPv6 on IPv4 networks using a mechanism where a node c
IPv6 or IPv4 based on the DNS value. This makes the network resources work simpler. What kind of a technique did Jack use? ,Tunneling,Translation,Filtering,Dual stacks,
9,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Sam is a penetration tester and network admin at McLaren & McLaren, based out of Washington. The company has recently deployed IPv6 in their netwo
problems with the protocol implementation and tried to redeploy IPv6 over IPv4. This time, he used the tunneling mechanism while deploying the IPv6 network. How does the tunneling mechanism works? ,It encapsulates
IPv4 packets,It replaces IPv4 with IPv6,It splits the IPv4 packets and provide a way to IPv6,It transfers IPv4 first and the IPv6,
10,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Nancy Jones is a network admin at Society Technology Ltd. When she is trying to send data packets from one network (Token-ring) to another network (Eth
receives an error message stating: �Destination unreachable� What is the reason behind this? ,Packet is lost,Packet contains image data,Packet fragmentation is required,Pac
transmission is not done properly,
11,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Which port does DHCP use for client connections? ,UDP port 66,UDP port 67,UDP port 68,UDP port 69,
12,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Alice is working a pentesting assignment. She succeeded in stealing a secure cookie via a XSS attack. She is able to replay the cookie even while the sessio
server. Why is possible? ,It works because encryption is performed at the application layer (single encryption key),She passes the cookie through an HTTPS session,Any cookie can be replayed irrespective of the session statu
is invalid as a secure cookie cannot be replayed,
13,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,During a DHCP handshake in an IPv4 network, which of the following messages contains the actual IP addressing information for the clients to
use? ,DHCPDISCOVER,SOLICIT,DHCPACK,REPLY,
14,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Analyze the packet capture from Wireshark below and mark the correct statement. <img alt="" src="/files/ECSAv9/Q15.jpg" align="" border="0px"> ,It
record ) DNS query message,It is a DNS response message,It is an answer to the iterative query from Microsoft.com DNS server,It is an invalid DNS query,
15,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,You have implemented DNSSEC on your primary internal DNS server to protect it from various DNS attacks. Network users complained they are not able to r
names to IP addresses at certain times. What could be the probable reason? ,DNSSEC does not guarantee authenticity of a DNS response during an attack,DNSSEC does not protect the integrity of a DNS response,DNSSE
guarantee the non-existence of a domain name or type,DNSSEC does not provide protection against Denial of Service (DoS) attacks,
16,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,George works at 3D-Networks Ltd as a Network Admin. He received an email from one of his clients stating that the client�s company website has some fl
are receiving continuous emails from customers about the inconveniences. While checking the web servers, he found loopholes with the DNS servers and he installed DNSSEC-Aware lookups. This made the site functional and th
happy with the outcome. What problem does a Non-DNSSEC-Aware site face? ,The site becomes slow and vulnerable,A mischievous Internet user can cut off the request and send back incorrect information by spoofing t
response.,The users will get more information than they desired.,The users commands will be delayed and the information they requested may be not delivered.,
17,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Analyze the ICMP packet below and mark the correct statement. <img alt="" src="/files/ECSAv9/Q18.jpg" align="" border="0px"> ,It is a ping request,
destination network is unreachable,It is a ping request, but the destination port is unreachable,It is a ping response, when the destination host is unknown,It is a ping packet that requires fragmentation, but the Don't Fragment flag
18,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Jason is working on a pentesting assignment. He is sending customized ICMP packets to a host in the target network. However, the ping requests to the tar
�ICMP Time Exceeded Type = 11� error messages. What can Jason do to overcome this error? ,Increase the TTL value in the packets,Increase the Window size in the packets,Set a Fragment Offset,Increase the ICMP h
19,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Analyze the ARP packet below and mark the correct statement. <img alt="" src="/files/ECSAv9/Q20.jpg" align="" border="0px"> ,It is an ARP request
requesting host to a broadcast address,It is an ARP request packet from a broadcast address to the requesting host,It is a multicast ARP packet from a broadcast address to the other hosts in the network,It is a unicast ARP pack
responding host to the broadcast address,
20,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,In a 3-way handshake process before TCP communication, host A sends a SYN packet to host B with a sequence number 4444. Host B replies to the SYN pa
+ACK packet. What will be the sequence number of the SYN+ACK packet? ,4443,4444,4445,The sequence number of the SYN+ACK packet is independent of the sequence number of the SYN packet, and cannot be &nbsp
the above information,
21,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Three transition mechanisms are available to deploy IPv6 on IPv4 networks. Which of the following is not an IPv6 transition mechanism? ,Dual Stacks,T
Acknowledgement and Retransmission (PAR),Translation,
22,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Analyze the two TCP/IP packets below for a three-way handshake and identify the acknowledgement number in the next packet of the sequence. <img a
ECSAv9/Q23.jpg" align="" border="0px"> ,12953,12954,2744081,2744082,
23,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Which of the following Wireshark options will allow you to view a HTTP packet in plain text as shown in the screenshot? <img alt="" src="/files/ECSAv9/Q
border="0px"> ,Follow UDP Stream,Follow SSL Stream,Follow TCP Stream,Follow HTTP Stream,
24,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Which of the following is true about Full-duplex TCP service? ,Full-duplex service allows sending information in both directions between two nodes, but only
the other can be utilized at a time,Full-duplex service allows data flow in each direction, independent of the other direction,Full-duplex is the only service that provides reliable data delivery,Full-duplex services are the only services
error free delivery,
25,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,What is the purpose of a Get-Out-of-Jail-Free card in a pen testing engagement? ,It is a formal approval to start pen test engagement,It gives an understandi
limitations, constraints, liabilities, and indemnification considerations,It indemnifies the tester against any loss or damage that may result from the testing,It details standards and penalties imposed by federal, state, or local gove
26,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Joe works as an engagement team lead with Xsecurity Inc. His pentesting team follows all the standard pentesting procedures, however, one of the team m
inadvertently deletes a document containing the client�s sensitive information. The client is suing Xsecurity for damages. Which part of the Penetration Testing Contract should Joe have written better to avoid this lawsu
the penetration test,Non-disclosure clause,Fees and project schedule,Indemnification clause,
27,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Which of the following pre-engagement documents identifies the systems to be tested, types of tests, and the depth of the testing? ,Letter of Intent,Rule of
Engagement,Authorization Letter,Draft Report,
28,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,WallSec Inc. has faced several network security issues in the past and hired Williamson, a professional pentester, to audit its information systems. Before st
Williamson, with the help of his legal advisor, signed an agreement with his client. This agreement states that confidential information of the client should not be revealed outside of the engagement. What is the name of t
that Williamson and his client signed? ,Engagement letter,TPOC agreement,Non-disclosure agreement,Authorization letter,
29,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,You are working on a pen testing assignment. Your client has asked for a document that shows them the detailed progress of the pen testing. Which
the client asking for? ,Rule of engagement with signatures of both the parties,Engagement log,Project plan with work breakdown structure,Scope of work (SOW) document,
30,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,You are working on a pentesting assignment for National Healthcare Inc. The client has specifically asked you for a Data Use Agreement (DUA). What do
indicate? ,You are working with a HIPPA compliant organization,You are working with a publicly traded organization,You are working on a target that is not connected to the Internet,The client organization does not want you to ex
vulnerabilities,
31,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Which type of penetration testing will require you to send the Internal Control Questionnaires (ICQ) to the client? ,Black-box testing,White-box testing,Blind
testing,Unannounced testing,
32,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Your firm has over 10 years of experience in pentesting and security auditing fields. The penetration testing team has a mix of qualified professionals from d
domains. Your firm follows all the standard engagement processes, but still there could be incidents that may jeopardize your firms interests in a pentesting engagement. Which of the following will be the best approach t
firm? ,You should get the engagement letter vetted by your lawyer,You should get the confidentiality and non-disclosure agreements (NDAs) signed by the client,You should have a detailed ROE and well documented formal permis
engagement,You should obtain Liability and Errors and Omissions insurance,
33,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Martin works as a professional Ethical Hacker and Penetration Tester. He is an ECSA certified professional and was following the LPT methodology to perfo
penetration testing. He is assigned a project for information gathering on a client�s network. He started penetration testing and was trying to find out the company�s internal URLs, (mostly by trial and error), looking for any info
the different departments and business units. Martin was unable find any information. What should Martin do to get the information he needs? ,Martin should use online services such as netcraft.com to find the company
URLs,Martin should use WayBackMachine in Archive.org to find the company�s internal URLs,Martin should use website mirroring tools such as HTTrack Web Site Copier to find the company�s internal URLs,Martin should use
tools such as eMailTrackerPro to find the company�s internal URLs,
34,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,ABC Technologies, a large financial company, hired a penetration tester to do physical penetration testing. On the first day of his assessment, the penetratio
the company posing as a repairman and starts checking trash bins to collect the sensitive information. What is the penetration tester trying to do? ,Trying to attempt social Engineering using phishing,Trying to attempt so
by eavesdropping,Trying to attempt social engineering by shoulder surfing,Trying to attempt social engineering by dumpster diving,
35,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,How does OS Fingerprinting help you as a pen tester? ,It doesn�t depend on the patches that have been applied to fix existing security holes,It opens a sec
window based on the port being scanned,It helps to research vulnerabilities that you can use to exploit on a target system,It defines exactly what software the target has installed,
36,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,A month ago, Jason, a software developer at a reputed IT firm was surfing through his company�s website. He was visiting random pages of the company'
came to find confidential information about the company was posted on one of the web pages. Jason forgot to report the issue. Jason contacted John another member of the Security Team and discussed the issue. John visited
found nothing wrong. What should John do to see past versions and pages of a website that Jason saw one month back? ,John can go to Archive.org to see past versions of the company website,John should run the We
tool to recover the old data,John should recover cached pages of the website from Google search engine cache,John should use SmartWhois to recover the old pages of the website,
37,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,HDC Networks Ltd. is a leading security services company. Matthew works as a penetrating tester with this firm. He was asked to gather information about
company. Matthew begins with social engineering by following the steps: I. Secretly observes the target to gain critical information II. Looks at employee�s password or PIN code with the help of binoculars or a low-powe
telescope Based on the above description, identify the information gathering technique. ,Shoulder surfing,Dumpster diving,Phishing,Tailgating,
38,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Alice is a senior security auditor and pentester, specializing in social engineering and external penetration tests. Alice has been hired by Xsecurity, a subcont
Department of Defense. Alice has been given authority to perform all tests necessary to audit the company�s network security. No employees for the company, other than the IT director, know about the work Alice is doing. Alice
to obtain a list of employees through the company website contact pages. She then befriends a female employee of the company through an online chat website. After meeting with the female employee numerous times, Alice is
trust and they become friends. One day, Alice steals the employee�s access badge and uses it to gain unauthorized access to the Xsecurity offices. Identify the type of social engineering attack? ,Insider
Accomplice,Vishing,Eavesdropping,Spear phishing,
39,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Peter is working on a pen testing assignment. During the reconnaissance phase, Peter discovered that the client�s SYSLOG systems are taken off for four h
second Saturday of every month for maintenance. He wants to analyze the client�s web pages for sensitive information without triggering their logging mechanism. There are hundreds of pages on the client�s website and it is
analyze all the information in just four hours. What will Peter do to analyze all the web pages in a stealthy manner? ,Use HTTTrack to mirror the complete website,Use WayBackMachine,Perform reverse DNS lookup,Search
newsgroups, bulletin boards, and negative websites for information about the client,
40,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Edward is a penetration tester hired by the OBC Group. He was asked to gather information on the client�s network. As part of the work assigned, Edward n
range of IP addresses and the subnet mask used by the target organization. What does Edward need to do to get the required information? ,Search for Trade Association Directories,Search for link popularity of the compa
website,Search for an appropriate Regional Internet Registry (RIR),Search for web pages posting patterns and revision numbers,
41,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Dale is a penetration tester and security expert. He works at Sam Morison Inc. based in Detroit. He was assigned to do an external penetration testing on on
Before digging into the work, we wanted to start with reconnaissance and grab some details about the organization. He used tools like Netcraft and SHODAN and grabbed the internal URLs of his client. What inform
internal URLs provide? ,Internal URLs provide an insight into various departments and business units in an organization,Internal URLs provide vulnerabilities of the organization,Internal URLs provide server related information,Inte
provide database related information,
42,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,James is a security consultant at Big Frog Software Pvt Ltd. He is an expert in Footprinting and Social engineering tasks. His team lead tasked him to find d
target through passive reconnaissance. James used websites to check the link popularity of the client�s domain name. What information does the link popularity provide? ,Information about the network resources,Inform
server and its infrastructure,Information about the partners of the organization,Information about visitors, their geolocations, etc.,
43,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Karen is a Network engineer at ITSec, a reputed MNC based in Philadelphia, USA. She wants to retrieve the DNS records from the publicly available servers.
using Google for the providers DNS Information and found the following sites: http://www.dnsstuff.com https://dnsquery.org Through these sites she got the DNS records inform
wished. What information is contained in DNS records? ,Information such as mail server extensions, IP addresses etc.,Information about the database servers and its services.,Information about local MAC addresses.,Inf
the DNS logs.,
44,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,What is the purpose of the Traceroute command? ,For extracting information about the network topology, trusted routers, and firewall locations,For extractin
about the server functioning,For extracting information about closed ports,For extracting information about opened ports,
45,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Michael, a Licensed Penetration Tester, wants to create an exact replica of an original website, so he can browse and spend more time analyzing it. Whi
following tools will Michael use to perform this task? ,BlackWidow,Zaproxy,NetInspector,VisualRoute,
46,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Jacob is performing a vulnerability assessment of the web resources in his organization. During the scanning phase, Jacob discovered a web server is runn
server. Jacob performed research on this FTP server and discovered it has a vulnerability enabling an attacker to perform directory traversal. The next step is using directory traversal attacks on the webserver. Which type
assessment is Jacob performing? ,Inference-based Assessment,Tree-based Assessment,Passive Assessment,Zero-day Assessment,
47,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,You are joining a new organization as a VAPT Manager. Your predecessor informs you that the organization�s complete information security infrastructure
of a regular vulnerability management life cycle. He prioritized the vulnerabilities in the system and you have to start with patching these vulnerabilities first. Which phase of vulnerability management is the information sy
now? ,Creating Baseline,Vulnerability Assessment,Risk Assessment,Remediation,
48,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Xsecurity Inc. is worried about the latest security incidents and data theft reports. The management wants a comprehensive vulnerability assessment of the
information system at the company. However, Xsecurity does not have the required resources or capabilities to perform a vulnerability assessment. They decide to hire services of a company that will perform a periodic vulnerabi
and present reports for management to implement remediation. What vulnerability assessment approach is Xsecurity following? ,Product-based Assessment,Service-based Assessment,Tree-based Assessment,Inference
Assessment,
49,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,William, a penetration tester in a pen test firm, was asked to get the information about the SMTP server on a target network. What does William need to
SMTP server information? ,Send an email message to a non-existing user of the target organization and check for bounced mail header,Look for information available in web page source code,Examine TCP sequence numbers,Ex
session variables,
50,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,During scanning of a test network, Paul sends TCP probe packets with the ACK flag set to a remote device and then analyzes the header information (TTL a
field) of the received RST packets to find whether the port is open or closed. Analyze the scanning result below and identify the open port. <img alt="" src="/files/ECSAv9/Q51.jpg" align="" border="0px"> ,Port 20,Po
22,Port 23,
51,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,The TCP SYN Flood attack uses the three-way handshake mechanism. I. An attacker at system A sends a SYN packet to a victim at system B As a normal three-way handshake mechanism system A sends an ACK packet to system B. However, system A does not send an ACK packet to system B. In this case, client B is waiti
packet from client A. What is the status of client B? ,�Half-open�,�Half-closed�,�Full-open�,�Filtered�,
52,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,What is the objective of the following bash script? <img alt="" src="/files/ECSAv9/Qno 53.jpg" align="" border="0px"> ,It gives a list of IP addresses th
port open,It checks if a target host has the FTP port open and quits,It checks if an FTP port on a target machine is vulnerable to attacks,It tries to connect to FTP port on a target machine,
53,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,National Insurance, a large insurance services provider based out of Atlanta, US, was worried about the security of their information assets due to an increas
of data breaches occurring around the world. The company requested Anthony, to perform a comprehensive security audit of the company�s information systems. Anthony, decided to collect some preliminary information abou
Insurance�s network. During this phase, Anthony used the 46Bouncer utility to understand the complexity of his new assignment. What is Anthony trying to ascertain by using the 46Bouncer utility? ,The use
in the company�s network,Deployment of a honeypot in the company�s network,The type of perimeter security solutions used in the company�s network,The use of IPv6 in the company�s network,
54,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,In an attempt to assess the security configuration of the firewall deployed on the client�s network, you test whether a particular
port on the firewall is open or closed. You use the hping utility with the following syntax: #hping �S �c 1 �p <port> <IP Address> -t <TTL
span> What response will indicate the particular port is allowed in the firewall? ,Host Unreachable,ICMP Port Unreachable,TTL�Exceeded,No Response,
55,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Analyze the hping3 output below and mark the correct statement. <img alt="" src="/files/ECSAv9/Q56.jpg" align="" border="0px"> ,The result shows t
beta.search.microsoft.com webserver is behind two firewalls,The result shows that beta.search.microsoft.com is intermittently unavailable,The result shows that beta.search.microsoft.com is handled by two machines behind a
balancer,The result shows that beta.search.microsoft.com is not available for public access,
56,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,As a part of the pentesting process, James performs a FIN scan as given below: Scan directed at open port: Client Server 192.5.2.92:4079 -----FIN----->192.5.2.110:23 192.5.2.92:4079 <----____________------192.5.2.110:23 Scan directed at closed port:Client Server 192.5.2.92:4079 -----FIN----->192.5.2.110:23 192.5.2.92:4079<-----RST/ACK----------192.5.2.110:23 What will be the response if the port is open? ,No response,FIN/A
RST,RST,
57,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Matthew is working on a pen test engagement. In the vulnerability scanning phase, he has identified a vulnerability giving him remote access to the target m
uses the Metasploit framework and gains a meterpreter session on the target machine. However, when Matthew tries to dump the password hashes from the remote machine, he receives an error that permission is denied. <b
following Metasploit exploits escalate his privileges on the target machine? ,exploit/multi/handler,exploit/windows/local/bypassuac,exploit/windows/smb/psexec,exploit/windows/dcerpc/ms03_026_dcom,
58,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,You are enumerating a target system. Which of the following PortQry commands will give a result similar to the screenshot below: <img alt="" src="/files
Q60.jpg" align="" border="0px"> ,portqry -n myserver -p TCP -e 389,portqry -n myserver -p udp -e 389,portqry -n myserver -p TCP -e 123,portqry -n myserver -p udp -e 123,
59,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Sam was asked to conduct penetration tests on one of the client�s internal networks. As part of the testing process, Sam performed enumeration to gain in
about computers belonging to a domain, list of shares on the individual hosts in the network, policies and passwords. Identify the enumeration technique. ,NetBIOS Enumeration,SMTP Enumeration,DNS Enumeration,NTP
60,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Joseph is performing an internal pen test for one of his clients. He wants to crack the password for of the system login. Joseph has got a meterpreter sessi
machine and was able to successfully dump the password hashes. Which of the following password attacks will Joseph perform so he discovers the clear text password without triggering the system lock out? ,Rainbow
force attack,Dictionary attack,Phishing attack,
61,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,The security team found the network switch has changed its behavior to learning mode and is functioning like a hub. The CAM table of the switch was filled
unnecessary traffic. Someone tried to penetrate into the network space by attacking the network switches. They wrote a report and submitted to higher authorities. What kind of an attack did the attackers perform agains
switch? ,MAC Flooding,DNS Poisoning,ARP Poisoning,MITM Attack,
62,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Joe, an ECSA certified professional, is working on a pen testing engagement for one of his SME clients. He discovered the host file in one of the Windows m
following entry: 213.65.172.55 microsoft.com After performing a Whois lookup, Joe discovered the IP does not refer to Microsoft.com. The network admin denied modifying the h
files. Which type of attack does this scenario present? ,MAC spoofing,DNS poisoning,DNS starvation,Phishing,
63,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Identify the attack from the description below: I. User A sends an ARP request to a switch II. The switch broadcasts the ARP request in the netw
attacker eavesdrops on the ARP request and responds by spoofing as a legitimate user IV. The attacker sends his MAC address to User A ,ARP poisoning,MAC spoofing,ARP injection,ARP flooding,
64,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,George, a freelance Security Auditor and Penetration Tester, was working on a pen testing assignment for Xsecurity. George is an ECSA certified professiona
following the LPT methodology in performing a comprehensive security assessment of the company. After the initial reconnaissance, scanning and enumeration phases, he successfully recovered a user password and was able t
Linux machine located on the network. He was also able to access the /etc/passwd file; however, the passwords were stored as a single "x" character. What will George do to recover the actual encrypted pas
,George will escalate his privilege to root level and look for /etc/shadow file,George will perform replay attack to collect the actual passwords,George will perform sniffing to capture the actual passwords,George will perfor
attack using the pre-computed hashes also known as a rainbow attack,
65,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,A company has recently witnessed a security breach and sensitive customer data was published online. Arnold has been specifically asked to check for the
insiders can pass data outside of the company. In order to avoid IDS and data leakage prevention systems, Arnold hid some data in image files. Which of following techniques is Arnold using to pass the data outside of th
company? ,Cryptography,Steganography,HTTP tunneling,Insertion attack,
66,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Peter works as a lead penetration tester in a security service firm named Xsecurity. Recently, Peter was assigned a white-box pen test assignment testing th
IDS system deployed by a client. During the preliminary information gathering, Peter discovered the TTL to reach the IDS system from his end is 30. Peter created a Trojan and fragmented it in to 1‐character packets
Colasoft packet builder tool. He then used a packet flooding utility to bombard the IDS with these fragmented packets with the destination address of a target host behind the IDS whose TTL is 35. What is Peter trying to a
trying to bypass the IDS system using the insertion attack,Peter is trying to bypass the IDS system using the broadcast address,Peter is trying to bypass the IDS system using a Trojan,Peter is trying to bypass the IDS system using
packets,
67,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,In Linux, the /etc/shadow file stores the real password in encrypted format for user accounts with added properties associated with the user�s password.
example of a /etc/shadow file entry below, what does the Bold Red string indicate? Vivek: $1$fnffc$GteyHdicpGOfffXX40w#5:13064:0:99999:7 ,Last time the p
changed,Minimum number of days required between password changes,The number of days after which password must be changed,Number of days the user is warned before the expiration date,
68,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Karen was running port scans on each machine of her network in order to identify suspicious ports on the target machines. She observed the following resu
port scan of a particular machine. I. Some of the ports were not being acknowledged, i.e. no acknowledgement from the target machine II. Some ports were responding with SYN + ACK packets III. S
responding with a RST packet What should she interpret for the ports that did not return the acknowledgment? ,She should treat those ports as Open ports,She should treat those ports as Closed ports,She should treat th
Stealth ports,She should treat those ports as Half Open ports,
69,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Edward, a network administrator, was worried about a report of one employee using an FTP site to send confidential data out of the office. Edward intends t
suspect employee with evidence he using FTP against the company�s security policies. Edward sniffs the network traffic using the Wireshark tool. Which Wireshark filter will display all the FTP packets originating from t
employee�s machine? ,ftp&&ip.src==192.168.0.4,tcp.port eq 23 || ip.src==192.168.0.4,proto==ftp&&ip.src==192.168.0.4,tcp contains ftp&&23,
70,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Dale is a network admin working in Zero Faults Inc. Recently the company�s network was compromised and is experiencing very unusual traffic. Dale chec
problem that compromised the network. He performed a penetration test on the network�s IDS and identified that an attacker sent spoofed packets to a broadcast address in the network. Which of the following attacks
the network? ,Amplification attack,Session hijacking,MAC Spoofing,ARP Spoofing,
71,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,JUA Networking Solutions is a group of certified ethical hacking professionals with a large client base. Stanley works as a penetrating tester at this firm. Fut
approached JUA for an internal pen test. Stanley performs various penetrating testing test sequences and gains information about the network resources and shares, routing tables, audit and service settings, SNMP and DNS det
names, users and groups, applications and banners. Identify the technique that gave Stanley this information. ,Enumeration,Sniffing,Ping sweeps,Port scanning,
72,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Alisa is a Network Security Manager at Adios Cyber Security. During a regular network audit, she sent specially crafted ICMP packet fragments with differen
into the network, causing a system crash. Which attack is Alisa trying to perform? ,Ping-of-death attack,Session hijacking,Smurf attack,Fraggle attack,
73,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Mike, was asked by his Information Security Office to recommend a firewall for the company�s internal network which works at the network level of the OS
firewall must filter the network traffic based on specified session rules, such as when a session is initiated by a recognized computer. Which of the following firewall types should Mike recommend to his Information Secu
Office? ,Stateful Multilayer Inspection Firewall,Circuit Level Gateway,Packet Filtering Firewall,Application Level Firewall,
74,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Michel works as a penetration tester in a firm named ITSecurity inc. Recently, Michel was given an assignment to test the security of the firewalls deployed b
conducting the test, Michel found the company uses the OSI model for network communications. He also determined the firewall is only monitoring TCP handshaking of packets at the session layer to determine whether a reques
legitimate. Identify the type of firewall used by the company? ,Packet filtering firewall,Circuit level gateway firewall,Stateful multilayer inspection firewall,Application level firewall,
75,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Arrange the steps in the correct order for creating a firewall policy: i. Prepare a cost-benefit analysis to secure the network application(s) ii. Cr
application traffic matrix to identify the protection method iii. Identify the network application(s) vulnerabilities iv. Identify the network applications that are of utmost importance v. Create a firewall ruleset which
application�s traffic matrix ,iv → ii → v → iii → i,iii → i → iv → ii → v,iv → iii → i → ii → v,iii →iv → ii → i → v,
76,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,The Rhythm Networks Pvt Ltd firm is a group of ethical hackers. Rhythm Networks was asked by their client Zombie to identify how the attacker penetrated
Rhythm discovered the attacker modified the addressing information of the IP packet header and the source address bits field to bypass the firewall. What type of firewall bypassing technique was used by the attacker? ,S
routing,Anonymous Website Surfing Sites,Proxy Server,HTTP Tunneling,
77,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Depp Networks is a leader in providing ethical hacking services. They were tasked to examine the strength of a client network. After using a wide range of te
zeroed in on ICMP tunneling to bypass the firewall. What factor makes ICMP tunneling appropriate to bypass the firewall? ,The payload portion is arbitrary and not examined by most firewalls,Firewalls can not inspect ICM
packet inspection,Firewalls can not handle the fragmented packets,
78,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Rebecca works as a Penetration Tester in a security service firm named Xsecurity. Rebecca placed a sniffer on a subnet residing deep inside the client�s n
used the Firewalk tool to test the security of the company�s network firewall. After the test, when Rebecca checked the sniffer logs, she was unable to see any traffic produced by the Firewalk tool. What is the reason of
this? ,Rebecca does not see any of the Firewalk traffic because it sets all packets with a TTL of one.,She cannot see the traffic because Firewalk sets all packets with a TTL of zero.,Network sniffers cannot detect firewalk so that
the traffic appears.,Firewalk cannot pass through firewalls.,
79,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Our local bank uses a firewall which monitors the internal network and filters the traffic The network team was hardening firewall rules over the weekend, the
basic rule of making backups of the firewall configuration before beginning the work. The next day, users complained about a technical issue and unable to connect to some web sites. The network team troubleshooted the issue
the SSL-based web sites. When a web page is opened on any of the SSL-based sites, there is a message �your session cannot be established�. The network engineer identified the issue was with the firewall. Wh
done to remediate the issue without losing any of the work? ,Restoring the most recent backup of the firewall,Resetting the Firewall,Restoring the default policy rule set,Changing the firewall rule at the session layer,
80,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,During the reconnaissance phase of a penetration test, you discovered that the client has deployed a firewall that only checks the TCP header information.<b
following techniques would you use to bypass the firewall? ,Bypassing the firewall using tiny fragments,Bypassing the firewall by manipulating the IPID sequence number,Bypassing the firewall using the IP address in place of an U
the firewall source routing,
81,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Recently, Jakob was assigned a project to test the perimeter security of one of a client. As part of the project, Jakob wants to test whether or not a particula
firewall is open or closed. He used the hping utility with the following syntax: #hping �S �c 1 �p <port> <IP Address> -t <TTL> What response will in
particular port is allowed in the firewall? ,Host Unreachable,ICMP Port Unreachable,TTL�Exceeded,No Response,
82,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,A company asked Smith to perform a penetration on its subsidiary network to find vulnerabilities. Smith focused the penetration test on any vulnerabilities to
company�s IDS. He used the following command to trick the IDS and successfully bypassed the IDS to the network: HEAD /cgi-bin/some.cgi Which one of the following techniques did Smith use to identify the vulnerabil
Matching,Pattern Matching,Signature Matching,Reverse Traversal,
83,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Which of the following snort rules alert all ICMP packets from the Internet to a local network? ,alert icmp $INTERNET any -> $HOME_NET 10.10.40.2 (msg:"I
PING"; icode:0; itype:8; reference:arachnids,135; reference:cve,1999-0265; classtype:bad-unknown; sid:472; rev:7;),alert icmp $EXTERNAL_NET any -> $HOME_NET 10.10.40.2 (msg:"ICMP-INFO PING"; icode:0; itype:8; reference:ara
reference:cve,1999-0265; classtype:bad-unknown; sid:472; rev:7;),alert icmp $EXTERNAL any -> $INTERNAL any 10.10.40.2 (msg:"ICMP-INFO PING"; icode:0; itype:8; reference:arachnids,135; reference:cve,1999-0265; classtype:ba
sid:472; rev:7;),alert PORT1 $EXTERNAL_NET any -> $HOME_NET 10.10.40.2 (msg:"ICMP-INFO PING"; icode:0; itype:8; reference:arachnids,135; reference:cve,1999-0265; classtype:bad-unknown; sid:472; rev:7;),
84,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Jack, a network administrator is using snort as an additional layer of intrusion detection. He is running the following command: snort �dev �i 1 What is Jack trying to achieve? ,Jack is running snort in sniffer mode,Jack is running snort in IDS mode,Jack is working with snort in developer mode,Jack is checking the logging mechani
85,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,A company has asked a security professional, William to analyze one of its client�s networks, which was apparently compromised recently. William perform
penetration test to identify the vulnerability which allowed the attack. He used a buffer overflow exploit to carry some hidden malicious code in encrypted format bypassing the IDS and compromised the network. Which o
techniques did William use to bypass the IDS and penetrate through the network? ,Unicode Evasion,Polymorphic Shellcode,Signature Encoding,Ping Flooding,
86,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Paul is security analyst at Rex Security Consultation. The company asked him to investigate malicious activity in one of its client�s network. Paul is trying t
client�s IDS. He sent some packets with an encoded attack payload in unicode to bypass IDS filters. He manipulated the path referenced in the signature to trick the IDS. Which of the following techniques did Paul imple
penetrate through the client�s IDS? ,Unicode Evasion,Obfuscation,Packet Overlapping,False-Positive Generation,
87,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,You work as a penetration tester for XSecCorp, a large security assessment firm based out of Atlanta. You have been assigned a project to test the strength
system deployed at a client�s internal network. You run the Wireshark tool and observe a large number of SYN/ACK packets originating from an internal host and hitting a web server, but, surprisingly, you could not find any SYN
the web server to the host. What will be the most likely reason for this? ,The web server is experiencing a backscatter attack,The NIC card at the web server is running in promiscuous mode,The TCP implementation is vul
resource‐exhaustion attack,The SYN/ACK traffic is false positive alerts generated by the IDS,
88,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Mike, a security auditor, was asked to assess the network perimeter security deployed in the company�s network. As a part of his assignment, he created a
of 300 KB and used the Colasoft Packet Builder tool to manipulate its header information to show the size of the packet data as 50 kB. He then sent the crafted packet to a target host inside the network. What is Mike tryi
achieve? ,Bypass the sanity check at the IDS using packet fragmentation technique,Bypass the sanity check at the IDS using insertion technique,Bypass the sanity check at the IDS by endi
packets,Bypass the sanity check at the IDS using resource exhaustion technique,
89,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Richard, a penetration tester was asked to assess a web application. During the assessment, he discovered a file upload field where users can upload their p
While scanning the page for vulnerabilities, Richard found a file upload exploit on the web site. Richard wants to test the web application by uploading a malicious PHP shell, but the web page denied the file upload. Trying to get a
security, Richard added the �jpg� extension to the end of the file. The new file name ended with �.php.jpg�. He then used the Burp suite tool and removed the �jpg� extension from the request while uploading the file. This e
successfully upload the PHP shell. Which of the following techniques has Richard implemented to upload the PHP shell? ,Cookie tampering,Session stealing,Parameter tampering,Cross site scripting,
90,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,While auditing a web application for vulnerabilities, Donald uses Burp proxy and modifies the get request as below: http://www.juggyboy.com/GET/
process.php./../../../../../../../../etc/passwd What Donald is trying to achieve? ,Donald is trying directory traversal to extract /etc/password file,Donald is trying SQL injection to extract the contents of /etc/password
modifying process.php file to extract /etc/password file,Donald is trying to upload /etc/password file to the web server root folder,
91,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,An attacker has inserted �Integrated Security = true;� to the end of the string in the hopes of connecting to the database using the OS account the web ap
running to avoid normal authentication: Data source = mySource; Initial Catalog = db1; Integrated Security = no; user id = myName; ; Password = 123; Integrated Security = true; What is attacker trying to do? ,The attack
Connection String Parameter Pollution (CSPP) attack,The attacker is performing Connection String Injection attack,The attacker is performing Connection Pool DoS attack,The attacker is checking the web application for XSRF at
92,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,An attacker injects malicious query strings in user input fields to bypass the web service authentication mechanisms and to access back-end databases.<br
following attacks is this? ,LDAP Injection Attack,SOAP Injection Attack,XPath Injection Attack,Frame Injection Attack,
93,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Analyze the screenshot below: <img alt="" src="/files/ECSAv9/Q104.jpg" align="" border="0px"> What the attacker is trying to achieve? ,Stealing c
XSS attack,Manipulating cookies using XSS attack,Manipulating cookies using the CSRF attack,Stealing cookies using parameter tampering,
94,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Arnold, is trying to gain access to a database by inserting exploited query statements with a WHERE clause. He wants to retrieve all the entries from a partic
StudName) using the WHERE clause. What query does Arnold need to write to retrieve the information? ,SELECT * FROM StudName WHERE roll_number = '' or '1' = '1�,RETRIVE * FROM StudName WHERE roll_number = 1'#,D
StudName WHERE roll_number = 1 AND 1=1�,EXTRACT* FROM StudName WHERE roll_number = 1 order by 1000,
95,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Veronica, a penetration tester at a top MNC company, is trying to breach the company�s database as a part of SLQi penetration testing. She began to use t
techniques to test the database security level. She inserted new database commands into the SQL statement and appended a SQL Server EXECUTE command to the vulnerable SQL statements. Which of the following SQ
was used to attack the database? ,Buffer Overflow,Code injection,Function call injection,File inclusion,
96,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Christen is a renowned SQL penetration testing specialist in the US. A multinational ecommerce company hired him to check for vulnerabilities in the SQL da
Christen wanted to perform SQL penetration testing on the database by entering a massive amount of data to crash the web application of the company and discover coding errors that may lead to a SQL injection attack. 
following testing techniques is Christen using? ,Fuzz Testing,Union Exploitation,Stored Procedure Injection,Automated Exploitation,
97,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Stanley, a pen tester needs to perform various tests to detect SQL injection vulnerabilities. He has to make a list of all input fields whose values could be use
SQL query. This includes the hidden fields of POST requests and then test them separately, attempting to interfere with the query and cause an error to generate as a result. In which of the following tests is the source cod
application tested in a non-runtime environment to detect the SQL injection vulnerabilities? ,Static Testing,Dynamic Testing,Function Testing,Source Code Testing,
98,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Richard is working on a web app pen testing assignment for one of his clients. After preliminary information, gathering and vulnerability scanning Richard ru
tool to extract the database information. Which of the following commands will give Richard an output as shown in the screenshot? <img alt="" src="/files/ECSAv9/Q112.jpg" align="" border="0px"> ,sqlmap �u h
queenhotel.com/about.aspx?name=1 �D queenhotel --tables,sqlmap �u http://queenhotel.com/about.aspx?name=1 �D queenhotel �T --columns,sqlmap �u http://queenhotel.com/about.aspx?name=1 �dbs,s
http://queenhotel.com/about.aspx?name=1 �database queenhotel �tables,
99,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Sam is auditing a web application for SQL injection vulnerabilities. During the testing, Sam discovered that the web application is vulnerable to SQL injection
fuzzing the search field in the web application with UNION based SQL queries, however, he realized that the underlying WAF is blocking the requests. To avoid this, Sam is trying the following query: UNION/**/SELECT/**/
=/**/1 Which of the following evasion technique is Sam using? ,Sam is using inline comments to bypass WAF,Sam is manipulating white spaces to bypass WAF,Sam is using obfuscated code to bypass WAF,Sam is using
bypass WAF,
100,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,WinSoftech hired Steven a penetration tester to check if the company�s SQL database is vulnerable to attacks or not. He performed a penetration test on
database by appending an additional SQL query after escaping the original query and found the database is vulnerable to SQL injection. Which of the following SQL injection techniques is performed by Steven? ,Tautologic
injection,Batch Query injection,Command Injection,Union Query Injection,
101,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Stuart is a database penetration tester working with Regional Server Technologies. He was asked by the company to identify vulnerabilities in its SQL datab
wanted to perform a SQL penetration by passing some SQL commands through a web application for execution and succeeded with a command using a wildcard attribute indicator. Which of the following strings is a wild
indicator? ,%,@variable,@@variable,?Param1=foo&Param2=bar,
102,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Frank is a senior security analyst at Roger Data Systems Inc. The company asked him to perform a database penetration test on its client network to deter
the database is vulnerable to attacks or not. The client did not reveal any information about the database they are using. As a pen tester Frank knows that each database runs on its own default port. So he started data
scanning using the Nmap tool and tried different commands using default port numbers and succeeded with the following command. nmap -sU �p 1521 <client ip-address><
the database used by the company? ,Microsoft SQL Server,Oracle,MySQL,SQLite,
103,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Todd is working on an assignment involving auditing of a web service. The scanning phase reveals the web service is using an Oracle database server at th
wants to check the TNS Listener configuration file for configuration errors. Which of following directory contains the TNS Listener configuration file, by default: ,$ORACLE_HOME/network /admin,$ORACLE_HOME/bin,$OR
network /bin,$ORACLE_HOME/network,
104,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Adam is working as a senior penetration tester at Eon Tech Services Ltd. The company asked him to perform penetration testing on their database. The co
Adam they use Microsoft SQL Server. As a part of the penetration testing, Adam wants to know the complete information about the company�s database. He uses the Nmap tool to get the information. Which of the follo
commands will Adam use to get the information? ,nmap -p1443 --script ms-sql-info <target ip-address>,nmap -p1521 --script ms-sql-info <target ip-address>,nmap -p1801 --script ms-sql-info <target ip-address>,nmap -p2051 --scr
<target ip-address>,
105,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Which Oracle database listener mode provides network access to an Oracle database instance? ,PLSExtProc,Database,Executable,Tnslnsr,
106,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,GenSec Inc, a UK-based Company, uses Oracle database to store all its data. The company also uses Oracle DataBase Vault to restrict user access to spec
their database. GenSec hired a senior penetration tester and security auditor named Victor to check the vulnerabilities of the company�s Oracle DataBase Vault. He was asked to find all the possible vulnerabilities that can bypas
company�s Oracle DB Vault. Victor tried different kinds of attacks to penetrate into the company�s Oracle DB Vault and succeeded. Which of the following attacks can help Victor to bypass GenSec�s Oracle DB Vault?
Middle Attack,SQL Injection,Replay Attack,Denial-of-Service Attack,
107,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,You have just completed a database security audit and writing the draft pen testing report. Which of the following will you include in the recommendati
enhance the security of the database server? ,Allow direct catalog updates,Install SQL Server on a domain controller,Grant permissions to the public database role,Install a certificate to enable SSL connections,
108,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Watson works as a Penetrating test engineer at Neo security services. The company found its wireless networks operating in an unusual manner, with sign
cyber attack might have happened. Watson was asked to resolve this problem. Watson starts a wireless penetrating test, with the first step of discovering wireless networks by war-driving. After several thorough checks, he identi
some problem with rogue access points and resolves it. Identifying rogue access points involves a series of steps. Which of the following arguments is NOT valid when identifying the rogue access points? ,If any new AP
present in the authorized list of APs is detected, it would be considered as a rogue AP,If the MAC of any discovered AP is present in the authorized list of MAC addresses, it would be considered as a rogue AP,If a radio media type
discovered AP is not present in the authorized list of media types, it is considered as a rogue AP,If the radio channel used by any discovered AP is not present in the authorized list of channels, it is considered as a rogue AP ,
109,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Steven is performing a wireless network audit. As part of the engagement, he is trying to crack a WPA-PSK key. Steven has captured enough packets to run
discover the key, but aircrack-ng did not yield any result, as there were no authentication packets in the capture. Which of the following commands should Steven use to generate authentication packets? ,aireplay-ng --deauth 1
AA:BB:CC:DD:EE:FF,airmon-ng start eth0,airodump-ng --write capture eth0,aircrack-ng.exe -a 2 -w capture.cap,
110,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Stuart has successfully cracked the WPA-PSK password during his wireless pen testing assignment. However, he is unable to connect to the access point
password. What could be the probable reason? ,The access point implements MAC filtering,The access point implements another layer of WEP encryption,It is a rogue access point,The access point implement a signal jamme
from attackers,
111,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Arrange the WEP cracking process in the correct order: I. aireplay-ng -1 0 -e SECRET_SSID -a 1e:64:51:3b:ff:3e -h a7:71:fe:8e:d8
eth1 II. aircrack-ng -s capture.ivs III. airmon-ng start eth1 IV. airodump-ng --ivs --write capture eth1 V. aireplay-ng -3 -b 1e:64:51:3b:ff:3e -h a7:71:fe:8e:d8
→ IV → I → V → II,III → IV → V → II → I,IV → I → V → III → II,IV → I → V → III → II,
112,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Sandra, a wireless network auditor, discovered her client is using WEP. To prove the point that the WEP encryption is very weak, she wants to decryp
packets. She successfully captured the WEP data packets, but could not read the content as the data is encrypted. Which of the following will help Sandra decrypt the data packets without knowing the key? ,Fragmentatio
Attack,Chopchop Attack,ARP Poisoning Attack,Packet injection attack,
113,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Frank is performing a wireless pen testing for an organization. Using different wireless attack techniques, he successfully cracked the WPA-PSK key. He is
connect to the wireless network using the WPA-PSK key. However, he is unable to connect to the WLAN as the target is using MAC filtering. What would be the easiest way for Frank to circumvent this and connect to the W
the Wi-Fi router login credentials and disable the ACL,Use deauth command from aircrack-ng to deauthenticate a connected user and hijack the session,Attempt to crack the WEP key,Sniff traffic off the WLAN and spoof his MAC
one that he has captured,
114,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Identify the PRGA from the following screenshot: <img alt="" src="/files/ECSAv9/Q130.jpg" align="" border="0px"> ,0842 0201 000f b5ab cb9d 0014
4080,0505 933f af2f 740e,replay_src-0124-161120.cap,fragment-0124-161129.xor,
115,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Adam is a senior penetration tester at XYZsecurity Inc. He is auditing a wireless network for vulnerabilities. Before starting the audit, he wants to ensure th
card in his machine supports injection. He decided to use the latest version of aircrack-ng tool. Which of the following commands will help Adam check his wireless card for injection? ,aireplay-ng -9 wlan0,aireplay-ng -5 �
wlan0,airdecap-ng -3 wlan0,airodump-ng wlan0,
116,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Victor is performing a wireless network pen test. During a WEP test, he runs the following aircrack-ng command: <img alt="" src="/files/ECSAv9/Q132.j
border="0px"> What Victor is trying to achieve by this command? ,Victor is trying to generate traffic so that he can generate enough packets to crack the WEP key,Victor is trying to associate his wireless card with the targ
point,Victor is trying to dump all the Wi-Fi traffic from a client to the access point in order to capture weak IVs,Victor is trying to perform a DoS attack by disassociating a client from the access point,
117,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,A firm named SYS networks suffers from a wireless attack. They hired Mr. Shaw, a wireless penetration test engineer to rectify the problem. Mr. Shaw proc
standard steps of wireless penetrating testing. He was trying to crack static WEP keys, where he first monitors the wireless traffic with airmon-ng tool and then tries to collect the wireless traffic data using airodump-ng. W
following airodump-ng commands will help him to do this? ,C:\>airodump-ng --ivs --write capture eth1,C:\>aircrack-ng -s capture.ivs,C:\>airodump-ng -c 11 wlan0,C:\>airodump-ng -d 11 wlan0,
118,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Gary has built an application that can help users transfer files between any two applications present on the mobile device or to another mobile device. This
uses the principle of application to application communication for information exchange. Which of the following processes is the application dependent on? ,Debug bridges,Fuzzers,Intents,Binaries,
119,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Watson is a security analyst specialized in mobile penetration testing who works at Regional Secure Inc. The company�s senior management asked him t
company�s mobile communication network for vulnerabilities. He performed a penetration test and determined that the network is vulnerable to MITM attacks. Which of the following mobile penetration tests did Watso
determine the attack? ,Communication Channel Penetration Testing,Server-side Infrastructure Pen Testing,Application Penetration Testing,Android debug bridge Testing,
120,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,During penetration testing on some mobile devices, Steve discovered a suspicious application (apk) installed on a device that had permissions to access t
camera, phonebook, storage, etc. He, then used code analysis tools to gather valauble information regarding the application's source code, proprietary IP, etc in an attempt to obtain the origin of the application. Whic
following techniques did Steve implement, in order to obtain the latter information? ,Code signing,Code encryption,Reverse engineering,Reverse coding,
121,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Mobile Silicon Securities Ltd specializes in providing security services for mobile platforms. A client named Riya raised an issue, stating that her iPhone ha
This issue was handed over to the company�s mobile penetrating test engineer, Jackson. He conducted a reverse engineering test on iOS application and determined that Objective-C runtime information stored in Mach-O files w
corrupted. Which of the following command line utility did Jackson use to identify the issue? ,class dump utility,Keychain,IDA disassembler,ipash ME,
122,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Mr. Smith works as a penetrating test engineer at Lucid Security Services. Mr. Shan, a frustrated customer, contacts the company and informs them that he
unusual behavior with his iPhone. After performing several tests, he concludes that the iPhone is Jail broken. Which permission status of the device root confirms that the device is jail broken? ,Only Read permission,Only writ
permission,Neither Read nor write permission,Read/ Write permission,
123,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Smart Networks Ltd is an internet service provider based in the UK. The company hired Thomson as a penetration tester and asked him to check for vulner
of their clients Wi-Fi networks. He performed Android Penetration Testing on the Wi-Fi network using the penetration testing tool. He found that the network is vulnerable and an attacker is able to gain access to some of the emp
mobiles devices that are connected to the network. Which of the following penetration testing tools did Thomson use to do this? ,zANTI,Burp suite,Pangu,evasion,
124,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Ashton is a mobile penetration tester and runs a mobile investigation firm. A company hired him to check the security of the various mobile devices used in
part of the contract, Ashton needs to perform penetration testing on the communication channel of the devices. Which of the following steps does Ashton need to perform to complete the task? ,Intercepting HTTP reques
stored data,Performing Penetration test of Web server/application,Reverse engineering the applications,
125,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,A large IT based company hired Gary, a penetration tester, to perform mobile penetration testing in the organization. Gary knows that mobile penetration te
rooting/jailbreaking of mobile devices. Gary observed that most of the employees in the organization are using iPhones. Which of the following tools should Gary use to jailbreak the mobile devices? ,SuperOneClick,Super
Root,Pangu,
126,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,As part of his job role as a Network administrator of a multi-national company, Steve needs to perform penetration tests of mobile devices used under the
BYOD policy. He chooses the proxy tools Fiddler and Paros to perform penetration testing. Which part of the mobile penetration testing methodology has he taken up? ,Application penetration testing,Android debug bridge
testing,Communication channel penetration testing,Server-side infrastructure pen testing,
127,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Daniel is an ECSA certified penetration tester who is an expert at performing penetration tests for mobile devices. He is working on a project where he need
iPhone devices for a company. As part of the job, Daniel wants to intercept the traffic of the iPhone mobile devices using the Charles proxy tool. He installs the Charles proxy tool on a workstation and tries to configure the HT
settings on a WiFi network in the iPhone's settings. During the configuration, he needs to enter a port number on which Charles is running. Which of the following port number values does he need to enter to continue the
configuration? ,8008,8088,8080,8888,
128,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Lee has established a new startup where they develop android applications. In order to meet memory requirements of the company, Lee has hired a Cloud
who offered memory space along with virtual systems. Lee was dissatisfied with their service and wanted to move to another CSP, but was denied as a part of the contract, which reads that the user cannot switch to anoth
CSP. What is this condition called? ,Lock-in,Virtualization,Lock-up,Resource Isolation,
129,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,A hacker initiates so many invalid requests to a cloud network host that the host uses all its resources responding to the invalid requests and ignores the le
requests. Identify the type of attack ,Side Channel attacks.,Authentication attacks.,Denial of Service (DoS) attacks,Man-in-the-middle cryptographic attacks,
130,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Kevin is auditing a cloud infrastructure for vulnerabilities. During the reconnaissance phase, he runs a Nmap scan that gives him the following information:
src="/files/ECSAv9/Q147.jpg" align="" border="0px"> Which of the following Metasploit commands will allow Kevin to decrypt the SSL traffic to the cloud? ,use auxiliary/scanner/ssl/openssl_heartbleed → exploit,us
scanner/ssl/openssl_heartbleed → exploit,set payload/scanner/ssl/openssl_heartbleed → exploit,use exploit/ssl/openssl_heartbleed → exploit,
131,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,AB Cloud services provide virtual platform services for the users in addition to storage. The company offers users with APIs, core connectivity and delivery
hardware as part of the service. What is the name of the service AB Cloud services offer? ,Infrastructure as a service�(IaaS),Platform as a service (PaaS),Software as a Service (SaaS),Web Application Services,
132,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Henderson has completed the pen testing tasks. He is now compiling the final report for the client. Henderson needs to include the result of scanning that
injection vulnerability and different SQL queries that he used to bypass web application authentication. In which section of the pen testing report, should Henderson include this information in? ,Executive summary section,Me
section,General opinion section,Comprehensive technical report section,
133,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Which of the following tasks is done after submitting the final pen testing report? ,Kick-off meeting,System patching and hardening,Exploiting vulnerabilitie
briefing,
134,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Smith is performing a black-box test for one of his clients. He successfully gained a SSH shell and write access to the /tmp directory on a Unix web server.
did not have any sensitive information stored in it and was therefore not locked down. Smith, however, was able upload a .shtml web page containing the following include statement: <!-
bin/cat /etc/passwd" ---> What Smith is trying to do? ,Smith is using Server Side Includes (SSI) to execute a malicious command on the server,Smith is trying to bruteforce password hashes stored in the machin
performing directory traversal to steal the /etc/passwd file from the webserver,Smith is trying to escalate his privileges on the webserver machine,
135,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Why is an appliance-based firewall more secure than those implemented on top of a commercial operating system (Software based)? ,Hardware appliance
from security vulnerabilities associated with the underlying operating system,Firewalls implemented on a hardware firewall are highly scalable,Appliance based firewalls cannot be upgraded,Operating system firewalls are highly c
136,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Jakob is working on a web application pen testing assignment. He uses Burp proxy to create a directory map of the target web app. During the audit he inte
request with the following as the Referrer parameter: http://www.certifiedhacker.com/script.ext?orders=%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63 %2f%70%61%73%73%77%64 An analysis revealed that request is m
%2e%2e%2f%2e%2e%2f%2e%2e%2f = ../../../ %65%74%63 = etc %2f = / %70%61%73%73%77%64 = passwd What should Jakob suggest to his client to protect from these attacks? ,Configure the Web Server to
involving �hex encoded� characters,Use SSL authentication on Web Servers,Create rules in IDS to alert on strange Unicode requests,Enable Active Scripts Detection at the firewall and routers,
137,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Xsecurity Inc., has developed a web service program and wants to host it on its web server. However, before deploying the web service, management asked
team to assess the security of the web service against possible service attacks. George is working as the lead penetration tester on this assignment. To simulate a specific type of attack on the web service, he performed t
activities: I. Trapped the WSDL document from web service traffic and analyzed it in order to determine whether it is revealing the
purpose of the application, entry points, functional breakdown, and message types on web service. II. Created a set of valid requests by&
selecting a set of operations, and
formulated the request messages according to the rules of the XML Schema that can be submitted to the web&nb
He then used these new requests to include malicious content in SOAP requests and analyzed any errors What is he trying to do? ,He is assessing the web service secur
Web Services Replay Attack,He is assessing the web service security against a MITM Attack,He is assessing the web service security against Web Services Probing Attacks,He is assessing the web service security against XPath
Attacks,
138,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Consider the following code: URL:http://www.xsecurity.com/search.pl?text=< script >alert(document.cookie)&
span> If an attacker tricks a victim into clicking a link like this, and the Web application does not validate the input, the victim�s browser will pop up an alert showing the users current set of cookies. An attacker can do m
damage, including stealing passwords, resetting your home page, or redirecting the user to another Web site. What is the countermeasure against XSS scripting? ,Disable Javascript in the browsers,Connect to the server using
protocol instead of HTTP,Create an IP access list and restrict connections based on port number,Replace �<� and �>� characters with ?lt;? and ?gt;?using server scripts,
139,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,A reputed ethical hacker and penetration testing consultant, was hired by Global Finance Services, to audit the security of their web applications. Sam is cu
the coding and logical issues that might be affecting the company's web applications. In the first step, he collected valid session ID values by sniffing traffic from authenticated users. By looking at the different requests, Sa
realized the web application is using a weak session ID generation mechanism and session IDs can be guessed easily. Analyze some of the requests sniffed by Sam below: http://www.juggyboy.com/view/
JBEX2109201412 http://www.juggyboy.com/view/JBEX2109201424 http://www.juggyboy.com/view/JBEX2109201436 http://www.juggyboy.com/view/JBEX2109201448 Considering that the above sessions
by the web server in the same order, which of the following will be the next session generated by the server? ,http://www.juggyboy.com/view/JBEX2109201460,http://www.juggyboy.com/view/JBEX2009201472,http://www.juggy
JBEX2408201484,http://www.juggyboy.com/view/JBEX2509201496,
140,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Analyze the WSDL document below: <?xml version="l.O� encoding="U TF-S' standalone= ' no' ?> - <SOAP-ENV: Envelope )(mlns: SOAPS
www.w3.org/2001/ XMLschema' xmlns: SOAPSDK2="http ://www .w3 .org/200 l/XMLSchem.o- inst.once" xmlns: SOAPSDK3="http://schemas .xmlso.op .org/soap/ encoding/' xmlns: SOAPENV= ' http://schemas .xml
envelope/'> - <SOAP- ENV:Body> - <SOAPSDK 4: GetProdLJctInformationByName xmlns: SOAPSDK4=' http://sfaustlap/ProductInfo/'> <SOAPSDK4: name>' </SOAPSDK4: name> <SOAPS
uid>312 - 111 - 8543</SOAPSDK4: uid> <SOAPSDK4: password> 5648</SOAPSDK4: password> </SOAPSDK 4: GetProduct Information B y Name> </SOAP-ENV: Body> </SOAP-ENV:
Envelope> Thomas, a pen tester, enters a tick mark (�) for user name. What Thomas is trying to achieve? ,The tick mark (�) will result in error and Jason can gather information about the web service,The tick mark (�
Jason to extract usernames of all the users using the web service,The tick mark (�) will result in buffer overflow and crash the web service,The tick mark (�) will help Jason to extract the underlying database,
141,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,David is working on a pen testing assignment as a junior consultant. His supervisor told him to test a web application for SQL injection. The supervisor also
the web application is known to be vulnerable to the �admin' OR '� injection. When David tried this string, he received a WAF error message the input is not allowed. Which of foll
could David use instead of the above string to bypass the WAF filtering? ,admin') or '1'='1'--,' or username like char(37);,' union select,exec sp_addsrvrolemember 'name' , 'sysadmin',
142,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,George, a reputed ethical hacker and penetration testing consultant, was hired by FNB Services, a startup financial services company, to audit the security o
applications. During his investigation, George discovered that the company�s website is vulnerable to blind SQL injection attacks. George, entered a custom SQL query in a form located on the vulnerable page which resulted in a
query similar to the one given below: http://fnb.com/ forms/?id=1+AND+555=if(ord(mid((select+pass from+users+limit+0,1),1,2))= 97,555,777) What is George trying to achieve with this custom SQL query? ,George is
the first character of the second table entry,George is searching for the second character of the first table entry,George is searching for the first character of the first table entry,George is searching for the first character of all the t
143,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Which of the following SQLMAP commands will allow you to test if a parameter in a target URL is vulnerable to SQL injection (injectable)? ,sqlmap �u &nb
URL ],sqlmap -g "inurl:\".php?id=1\"",sqlmap.py -l burp.log --scope="(www)?\.[target]\.(com|net|org)",sqlmap �host [ Target URL ],
144,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Donald is auditing a SQL server machine for robustness. He performs parameter tampering using SQL scripts that results in the following query. <s
weight: bold;">http://client.com/link.php?id=1' union select 1,2,(select tab1 from (select decode(encode(convert(compress(post) using latin1),des_encrypt(concat(post,post,post,post),8)),des_encrypt(sha1(concat(post,post,post,
tab1 from table_1)a),4-- What is Donald trying to achieve? ,He is attempting a DoS Attack against the database server using SQL injection,He is trying to extract table names from the database server,He is trying to
complete database,He is trying to extract password hashes from the database,
145,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Henderson is a certified ethical hacker working as an information security manager at Digital Essence Ltd. The company uses Oracle (11g) database to sto
part of their database penetration testing, he wants to check whether the company�s web applications are vulnerable to SQL injection attack or not. Henderson tried different SQL queries and discovered that it is vulnerable to SQ
attack by observing error message. Which of the following SQL injection query Henderson can use to extract all usernames from the company�s database? ,or 1=utl_inaddr.get_host_address((select sys.stragg (distinct u
chr(32)) from all_users))--,or 1=utl_inaddr.get_host_address((select banner from v$version where rownum=1))--,or 1=utl_inaddr.get_host_address((Select granted_role from ( select rownum r, granted_role from user_role_privs) wh
utl_inaddr.get_host_address((select banner from v$version where rownum=1))�,
146,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Joseph, a penetration tester, was hired by Xsecurity Services. Joseph was asked to perform a pen test on a client�s network. He was not provided with an
about the client organization except the company name. Identify the type of testing Joseph is going to perform for the client organization? ,Black-box Penetration Testing,White-box Penetration Testing,Grey-box Pe
Testing,Announced Testing,
147,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Christine works as a network security auditor with Xsecurity, a large security assessment firm based out of San Francisco. During a security audit of a clien
Christine tests some of the network switches for an ARP flooding attack. She tries to flood the ARP cache of the switches. What happens when an ARP cache flood is successful? ,If the ARP cache is flooded, the switches
working as a router, making it less susceptible to attacks.,Depending on the switch manufacturer, the device will either delete every entry in the ARP cache or reroute packets to the nearest switch.,The switches will start working a
route all traffic to the broadcast address.,The switches will drop into hub mode if the ARP cache is successfully flooded.,
148,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,David is auditing the IDS systems deployed at one of his client organizations. During reconnaissance he realized the organization is using an outdated IDS
does not reconstruct sessions before performing any pattern matching on the data. He then sends several data packets to the IDS with a time delay and is successful in keeping the session active longer than the IDS will spend o
With this the IDS stopped working and the packets David sent bypassed the IDS to reach the intended destination host. Which of the following IDS evasion techniques was used? ,Session Hijacking,Fragmentation,Session
Splicing,Session Extension,
149,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Kevin is trying to pen test an Android mobile device. He wants to extract the PIN and gesture key from the device. Kevin knows that the gesture.key and pas
the information that he is looking for. He accesses the Android file system from an Android IDE but could not locate these files. Which of the following will allow Kevin to access these files and their
content? ,Rooting,Jailbreaking,Tethering,Debugging,
150,EC-Council Certified Security Analyst (ECSA) v9,ECSA V9,ECSAv9 D1,Thomas, is trying to simulate a SQL injection attack on his client�s website. He is trying various strings provided in the SQL Injection Cheat Sheet. All of h
attack attempts failed and he was unable to retrieve any information from the website�s back-end database. Later, he discovered the IDS system deployed by his client is blocking all the SQL injection requests. Thomas decided
IDS by slightly modifying the SQL injection queries as below: Original query: /?id=1+union+(select+1,2+from+test.users) Modified queries: /?id=(1)unIon(selEct(1),mid(hash,1,32)from(test.users)) /?id=1+union
+(sELect'1',concat(login,hash)from+test.users) /?id=(1)union(((((((select(1),hex(hash)from(test.users)))))))) Which encoding techniques did he try to evade the IDS? ,IDS evasion using obfuscated code,IDS evasion us
comments,IDS evasion using char encoding,IDS evasion using hex encoding,

Convertcsv

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Convertcsv

Hochgeladen von

Copyright:

Verfügbare Formate

"SR.

No","Test Name","Subject Name","Section Name","Questions","Response-A","Response-B","Response-C","Response-D",

Das könnte Ihnen auch gefallen