ECSA Dump 4

12/15/2020 ECSA EEEEEEEEEEE XXXXXXXXXXXXXXXX AAAAAAAAAAAAAAAA MMMMMMMMMMMM YUUHHUUUU ~ Try to Grab
ECSA EEEEEEEEEEE XXXXXXXXXXXXXXXX

AAAAAAAAAAAAAAAA MMMMMMMMMMMM YUUHHUUUU
SULTAN SULTAN
https://trytograb.blogspot.com/2020/02/ecsa-eeeeeeeeeee-xxxxxxxxxxxxxxxx.html 1/75
Question 151
David is working on a pen tes ng assignment as a junior consultant. His supervisor told him to test a web applica on for SQL injec on. The supervisor also
informed David the web applica on is known to
be vulnerable to the “admin' OR '” injec on. When David tried this string, he received a WAF error message the input is not allowed.
Which of following strings could David use instead of the above string to bypass the WAF filtering?
' union select

exec sp_addsrvrolemember 'name' , 'sysadmin'
admin') or '1'='1'--
' or username like char(37);
Question 152
Chris, a penetra on tester working with a large so ware company, is tes ng the company’s web servers for vulnerabili es. What can he do to find other
domains that share the same web servers in a
target organiza on?
Perform reverse lookup using nslookup

Perform reverse lookup with the USENET
Perform reverse lookup using YouGetSignal
Perform reverse lookup using nmap
Question 153
Analyze the ICMP packet below and mark the correct statement.

It is a ping request, but the des na on port is unreachable
It is a ping packet that requires fragmenta on, but the Don't Fragment flag is set
It is a ping response, when the des na on host is unknown
It is a ping request, but the des na on network is unreachable
Question 154
As a normal three-way handshake mechanism system A sends an ACK packet to system B. However, system A does not send an ACK packet to system B. In this
case, client B is wai ng for an ACK packet from client A.
What is the status of client B?
“Half-open”
“Filtered”
“Full-open”
“Half-closed”
Question 155
James, a penetra on tester, found a SQL injec on vulnerability in the website h p://www.xsecurity.com. He used sqlmap and extracted the website’s
databases from the sql server,
one of them being “offices.” Which among the following sqlmap queries does James issue in order to extract the tables related to the database “offices”?
sqlmap -u “www.xsecurity.com” --dbs offices --T

sqlmap -u “www.xsecurity.com” --dbs offices --tables
sqlmap -u “www.xsecurity.com” --dbs offices -T
sqlmap -u “www.xsecurity.com” --dbs offices -tables
Question 156
During a pen test, you are presented with a web applica on which has a login page. Your task is to use Burp Suite and perform a dic onary a ack to crack the
user creden als. Which among the following
intruder payload methods will you choose if you have to use mul ple payload sets and crack the usernames and passwords?
Ba ering fork
Sniper
Ba ering ram
Cluster bomb
Question 157
What is the command nmap -e eth0 -S 192.168.1.100 192.168.1.109 used for?
Perform Ethernet scan

Change Ethernet connec on status
Spoof an IP Address
Spoofing Packets
Question 158
Charles, a network penetra on tester, is part of a team assessing the security of perimeter devices of an organiza on. He is using the following Nmap
command to bypass the firewall: nmap -D 10.10.8.5, 192.168.168.9, 10.10.10.12
What is Charles trying to do?
Cloaking a scan with decoys

Packet Fragmenta on
Spoofing source address
Spoofing source port number
Question 159
During a WordPress web applica on audit, you found a plugin ebook download version 1.1 installed and ac vated in the applica on. Upon research, it was
found that the plugin has directory traversal vulnerability. The URL of the web applica on is h p://172.19.19.17/wordpress. Iden fy the URL which
allows you to successfully exploit the vulnerability and download wp-config.php file.
h p://172.19.19.17/wordpress/wp-content/plugins/ebookdownload/
download.php?ebookdownloadurl=h p://www.a ackerwebsite.com/wp-config.php
fileupload.php?ebookdownloadurl=./././wp-config.php
filedownload.php?ebookdownloadurl=../../../wp-config.php
download.php?h p://www.a ackerwebsite.com=wp-config.php
Question 160
The Finger service displays informa on such as currently logged-on users, email address, full name, etc. Which among the following ports would you scan to
iden fy this service during a penetra on test?
Port 69
Port 79
Port 89
Port 99
Question 161
While scanning a server, you found rpc, nfs and mountd services running on it. During the inves ga on, you were told that NFS Shares were men oned in
the /etc/exports list of the NFS server.
Based on this informa on, which among the following commands would you issue to view the NFS Shares running on the server?
mount
showmount
rpcinfo
nfsenum
Question 162
During an internal network audit, you are asked to see if there is any RPC server running on the network and if found, enumerate the associated RPC
services. Which port would you scan to determine
the RPC server and which command will you use to enumerate the RPC services?
Port 111, rpcenum

Port 145, rpcinfo
Port 145, rpcenum
Port 111, rpcinfo
Question 163
Which of the following network perimeter devices is a vic m of the VLAN Trunking Protocol (VTP) a ack?
Routers
Switches
Firewalls
IDS
Question 164
During a security assessment, you observed that one of the machines with the IP address
192.168.168.10 has only SMB port open. As a part of the assessment, you wanted to perform a password audit using Hydra, so you have prepared wordlists for
usernames and passwords with the namesUsernames.txt and Passwords.txt and stored them in Kali Linux root folder. Which among the following commands
will you use to perform the a ack?
hydra -U /root/Usernames.txt -P /root/Passwords.txt 192.168.168.10 smb

hydra -L /root/Usernames.txt -P /root/Passwords.txt 192.168.168.10 smb
hydra -L /root/Usernames.txt -P /root/Passwords.txt 192.168.168.10 445
hydra -U /root/Usernames.txt -P /root/Passwords.txt 192.168.168.10 445
Question 165
Which of the following tool can you use to find the publicly available email addresses of an organiza on?
LinkedIn
Maltego
Google Dorks
The Harvester
Question 166
During an internal network audit, you came across a Linux opera ng system which has a vulnerable
version of Apache server running on it with CGI enabled. If you are asked to exploit this machine with
the given informa on, which Metasploit exploit module would you choose in order to gain access to
the
machine?
apache_mod_cgi_bash_env_exec
apache_mod_cgi_bin_env_exec
ms17_010_eternalblue
ssl_poodle
Question 167
You are working on a pen tes ng assignment for Na onal Healthcare Inc. The client has specifically
asked you for a Data Use Agreement (DUA).
What does it indicate?
You are working with a HIPAA compliant organiza on

You are working on a target that is not connected to the Internet
You are working with a publicly traded organiza on
The client organiza on does not want you to exploit vulnerabili es
Question 168
Arrange the steps in the correct order for crea ng a firewall policy:
i. Prepare a cost-benefit analysis to secure the network applica on(s)
Create a network applica on traffic matrix to iden fy the protec on method
Iden fy the network applica on(s) vulnerabili es
Iden fy the network applica ons that are of utmost importance
Create a firewall ruleset which depends on the applica on’s traffic matrix
iv-->iii-->i-->ii-->v
iii-->i-->iv-->ii-->v
iv-->ii-->v-->iii-->i
iii-->iv-->ii-->i-->v
Question 169
During an internal network audit, you came across a Windows 7 SP1 opera ng system which has SMB
version 1 (SMBv1) server running on it. If you are asked to exploit this machine with the given informa on, which Metasploit exploit module would you
choose in order to gain access to the machine?
ssl_poodle
openssl_heartbleed
apache_mod_cgi_bash_env_exec
ms17_010_eternalblue
Question 170
As a part of informa on gathering, you are given a website URL and asked to iden fy the opera ng system using passive OS fingerprin ng. When you begin to
use p0f tool and browse the website URL, the
tool captures the header informa on of all the packets sent and received, and decodes them. Which among the decoded request/response packets hold the
opera ng system informa on of the remote opera ng system?
SYN-ACK
SYN
RST
ACK
Question 171
Jason is working on a pen tes ng assignment. He is sending customized ICMP packets to a host in the target network. However, the ping requests to the target
failed with “ICMP Time Exceeded Type = 11”
error messages.
What can Jason do to overcome this error?
Increase the ICMP header length

Set a Fragment Offset
Increase the Window size in the packets
Increase the TTL value in the packets
Question 172
Watson works as a Penetra ng test engineer at Neo security services. The company found its wireless networks opera ng in an unusual manner, with signs that a
possible cyber a ack might have happened. Watson was asked to resolve this problem. Watson starts a wireless penetra ng test, with the first step of discovering
wireless networks by war-driving. A er several thorough checks, he iden fies that there is some problem with rogue access points and resolves it. Iden fying
rogue access
points involves a series of steps.
Which of the following arguments is NOT valid when iden fying the rogue access points?
If a radio media type used by any discovered AP is not present in the authorized list of media
types, it is considered as a rogue AP
If any new AP which is not present in the authorized list of APs is detected, it would
be
considered as a rogue AP
If the radio channel used by any discovered AP is not present in the authorized list of channels, it
is considered as a rogue AP
If the MAC of any discovered AP is present in the authorized list of MAC addresses, it would be
considered as a rogue AP
Question 173
Dale is a network admin working in Zero Faults Inc. Recently the company’s network was compromised and is experiencing very unusual traffic. Dale
checks for the problem that compromised
the network. He performed a penetra on test on the network’s IDS and iden fied that an a acker sent
spoofed packets to a broadcast address in the network. Which of the following a acks compromised the network?
Amplifica on a ack
MAC Spoofing
ARP Spoofing
Session hijacking
Question 174
If you are trying to determine whether the port is open by sending TCP probe packets with ACK flag set to a remote device, then which of the following
statements is true about the header informa on of
received RST packets?
If the WINDOW value of RST packet on port is zero, then that port is open
If the WINDOW value of RST packet on a port is 1, then that port is closed
If the TTL value of RST packet on a port is less than the boundary value of 64, then that port is
open
If the TTL value of RST packet on a port is more than the boundary value of 64, then that port is
open
Question 175
Arrange the WEP cracking process in the correct order:
I.aireplay-ng -1 0 -e SECRET_SSID -a 1e:64:51:3b:ff:3e -h a7:71:fe:8e:d8:25 eth1
II.aircrack-ng -s capture.ivs
III.airmon-ng start eth1
IV.airodump-ng --ivs --write capture eth1
V.aireplay-ng -3 -b 1e:64:51:3b:ff:3e -h a7:71:fe:8e:d8:25 eth1
IV-->I-->V-->III-->II
IV-->I-->V-->III-->II
III-->IV-->I-->V-->II
III-->IV-->V-->II-->I
Question 176
While performing a web applica on vulnerability scan, Fred found that the applica on contained a cross-site scrip ng vulnerability in a text field. In order to
document the vulnerability, he first needs to
verify that the vulnerability exists and the result is not false posi ve. Which among the following scripts
would he execute in the text field to prove that the vulnerability exists?
1' or '1' = '1

<script>alert("XSS");</script>
Set-Cookie: JSESSIONID=xxxxx; SameSite=Strict
select tle, text from news where id=$id
Question 177
Which of the following tool is used by a penetra on tester to find all domains similar to a company’s domain name?
dnsmap
sublist3r
urlcrazy
subbrute.py
Question 178
Cindy, a network security analyst, is trying to locate a DNS PTR record within the organiza on’s IP range. Which of the following commands will help her to
complete her search?
traceroute -t 162.240.0.0-162.241.255.255
nmap - - traceroute -r 162.240.0.0-162.241.255.255
dnsrecon -t asfr -d 162.240.0.0-162.241.255.255
dnsrecon -r 162.240.0.0-162.241.255.255
Question 179
During scanning of a test network, Paul sends TCP probe packets with the ACK flag set to a remote device and then analyzes the header informa on (TTL and
WINDOW field) of the received RST packets
to find whether the port is open or closed.
Analyze the scanning result below and iden fy the open port.
Port 20
Port 23
Port 22
Port 21
Question 180
Mike, was asked by his Informa on Security Office to recommend a firewall for the company’s internal network which works at the network level of the OSI
model. The firewall must filter the network
traffic based on specified session rules, such as when a session is ini ated by a recognized computer. Which of the following firewall types should Mike
recommend to his Informa on Security Office?
Packet Filtering Firewall

Stateful Mul layer Inspec on Firewall
Applica on Level Firewall
Circuit Level Gateway
Question 181
During a pen test, June was able to successfully crack user creden als of an Ubuntu machine and connect to it using ssh. When trying to access a file
containing sensi ve informa on, the server returned
an error sta ng “Access Denied,” meaning the user account June cracked did not have sufficient privileges. She then tried to view the opera ng system
version, planning to perform privilege escala on
if the backend server was running a vulnerable version of opera ng system. Which command would June issue in the ssh terminal to view the OS version of
Ubuntu?
uname
lsb_release
sysname
lsb_system
Question 182
Adam found a pen drive in his company’s parking lot. He connected it to his system to check the content. On the next day, he found that someone has logged
into his company email account and sent
some emails. What type of social engineering a ack has Adam encountered?
Phishing
Dumpster Diving
Eaves Dropping
Media Dropping
Question 183
Smith, a pen tester, has been hired to analyze the security posture of an organiza on and is trying to find the opera ng systems used in the network using
Wireshark. What can be inferred about the selected packet in the Wireshark screenshot below?
The machine with IP 10.0.0.12 is running on Linux
The machine with IP 10.0.0.12 is running on Windows
The machine with IP 10.0.0.10 is running on Linux
The machine with IP 10.0.0.10 is running on Windows
Exam B (81 questions)

Question 184
The Finger service displays informa on such as currently logged-on users, email address, full name, etc. Which among the following ports would you
scan to iden fy this service during a penetra on test?
Port 79
Port 69
Port 89
Port 99
Question 185
Cedrick, who is a so ware support execu ve working for Panacx Tech. Inc., was asked to install Ubuntu opera ng system in the computers present in the
organiza on. A er installing the OS, he came to know that there are many unnecessary services and packages in the OS that were automa cally
installed without his knowledge. Since these services or packages can be poten ally harmful and can create various security threats to the host machine, he was
asked to disable all the unwanted services.
In order to stop or disable these unnecessary services or packages from the Ubuntu distribu ons, which of the following commands should Cedrick employ?
# chkconfig [service name] off

# chkconfig [service name] –del
# service [service name] stop
# update-rc.d -f [service name] remove
Question 186
The penetra on testers are required to follow predefined standard frameworks in making penetra on tes ng repor ng formats.
Which of the following standards does NOT follow the commonly used methodologies in penetra on tes ng?
Open Web Applica on Security Project (OWASP)

Informa on Systems Security Assessment Framework (ISSAF)
American Society for Tes ng and Materials (ASTM)
Na onal Ins tute of Standards and Technology (NIST)
Question 187
Which of the following roles of Microso Windows Ac ve Directory refers to the ability of an ac ve directory to transfer roles to any domain controller
(DC) in the enterprise?
Master Browser (MB)

Rights Management Services (RMS)
Flexible Single Master Opera on (FSMO)
Global Catalog (GC)
Question 188
An a acker with a malicious inten on decided to hack confiden al data from the target organiza on. For acquiring such informa on, he started tes ng IoT
devices that are connected to the target network. He started monitoring the network traffic passing between the IoT devices and the
network to verify whether creden als are being transmi ed in clear text. Further, he also tried to crack the passwords using well-known keywords across all
the interfaces. Which of the following IoT threats the a acker is trying to exploit?
Insecure firmware
Poor authen ca on
Poor physical security
Privacy concerns
Question 189
Recently, SecGlobal Corpora on adopted a cloud service in which cloud service provider offers applica on so ware to subscribers on-demand over the Internet
and the provider charges for it on a pay-per-use basis, by subscrip on, by adver sing, or by sharing among mul ple users. Iden fy the type of cloud service
adopted by the organiza on?
Anything as a service (XaaS)

So ware as a service (SaaS)
Infrastructure as a service (IaaS)
Pla orm as a service (PaaS)
Question 190
The penetra on tes ng team of MirTech Inc. iden fied the presence of various vulnerabili es in the web applica on coding. They prepared a detailed report
addressing to the web developers regarding the findings. In the report, the penetra on tes ng team advised the web developers to avoid the use of dangerous
standard library func ons. They also informed the web developers that the
web applica on copies the data without checking whether it fits into the target des na on memory and is suscep ble in supplying the applica on with large
amount of data.
According to the findings by the penetra on tes ng team, which type of a ack was possible on the web applica on?
SQL injec on
Cross-site scrip ng
Buffer overflow
Denial-of-service
Question 191
John is a network administrator and he is configuring the Ac ve Directory roles in the primary domain controller (DC) server. Whilst configuring the Flexible Single
Master Opera on (FSMO) roles in the primary DC, he configured one of the roles to synchronize the me among all the DCs in an enterprise. The role that he
configured also records the password changes performed by other DCs in the domain, authen ca on failures due to entering an incorrect password, and
processes account lockout ac vi es.
Which of the following FSMO roles has John configured?
PDC emulator
Domain naming master
Schema master
RID master
Question 192
Stanley, a pen tester needs to perform various tests to detect SQL injec on vulnerabili es. He has to make a list of all input fields whose values could be used
in cra ing a SQL query. This includes the hidden fields of POST requests and then test them separately, a emp ng to interfere with the query and cause an
error to generate as a result.
In which of the following tests is the source code of the applica on tested in a non-run me environment to detect the SQL injec on vulnerabili es?
Sta c Tes ng
Func on Tes ng
Dynamic Tes ng
Fuzz Tes ng
Question 193
Joe works as an engagement team lead with Xsecurity Inc. His pen tes ng team follows all the standard pentes ng procedures, however, one of the team
members inadvertently deletes a document
containing the client’s sensi ve informa on. The client is using Xsecurity for damages.
Which part of the Penetra on Tes ng Contract should Joe have wri en be er to avoid this lawsuit?
Non-disclosure clause
Indemnifica on clause
Fees and project schedule
Objec ve of the penetra on test
Question 194
GenSec Inc, a UK-based Company, uses Oracle database to store all its data. The company also uses Oracle DataBase Vault to restrict user access to specific
areas of their database. GenSec hired a senior penetra on tester and security auditor named Victor to check the vulnerabili es of the company’s
Oracle DataBase Vault. He was asked to find all the possible vulnerabili es that can bypass the company’s Oracle DB Vault. Victor tried different kinds of a acks
to penetrate into the company’s Oracle DB Vault and succeeded.
Which of the following a acks can help Victor to bypass GenSec’s Oracle DB Vault?
Denial-of-Service A ack
SQL Injec on
Man-in-the-Middle A ack
Replay A ack
Question 195
In delivering penetra on tes ng report, which of the following steps should NOT be followed?
Always ask for a signed acknowledgment a er submi ng the report

Report must be presented in a PDF format, unless requested otherwise
Always deliver the report to approved stakeholders in the company in person
Always send the report by email or CD-ROM
Question 196
Tom is a networking manager in XYZ Inc. He and his team were assigned the task to store and update the confiden al files present on a remote server using
Network File System (NFS) client-server applica on protocol. Since the files are confiden al, Tom was asked to perform this opera on in a secured manner
by limi ng the access only to his team. As per the instruc ons provided to him, to use NFS securely, he employed the process of limi ng the superuser
access privileges only to his team by using authen ca on based on the team personnel iden ty. Iden fy the method employed by Tom for securing access
controls in NFS?
nosuid
Root Squashing
Suid
noexec
Question 197
Joe, an ECSA cer fied professional, is working on a pen tes ng engagement for one of his SME clients. He discovered the host file in one of the Windows
machines has the following entry:65.172.55 microso .com
A er performing a Whois lookup, Joe discovered the IP does not refer to Microso .com. The network
admin denied modifying the host files.
Which type of a ack does this scenario present?
Phishing
MAC spoofing
DNS starva on
DNS poisoning
Question 198
An employee is trying to access the internal website of his company. When he opened a webpage, he received an error message no fying “Proxy Authen ca on
Required.” He approached the IT department
in the company and reported the issue. The IT staff explained him that this is an HTTP error indica ng that the server is unable to process the request due to lack
of appropriate client’s authen ca on creden als for a proxy server that is processing the requests between the clients and the server.
Iden fy the HTTP error code corresponding to the above error message received by the employee?
404
407
417
415
Question 199
Nancy Jones is a network admin at Society Technology Ltd. When she is trying to send data packets
from one network (Token-ring) to another network (Ethernet), she receives an error message sta ng:
‘Des na on unreachable’
What is the reason behind this?
TTL value in the packet header is not set

Packet size is small and not able to reach the des na on
Packet contains image data
Packet size is big and fragmenta on is required
Question 200
Nick is a penetra on tester in Stanbiz Ltd. As a part of his duty, he was analyzing the network
traffic by using various filters in the Wireshark tool. While sniffing the network traffic, he used
“tcp.port==1433” Wireshark filter for acquiring a specific database related informa on since port
number 1433 is the default port of that specific target database.
Which of the following databases Nick is targe ng in his test?
MySQL
Microso SQL Server
PostgreSQL
Oracle
Question 201
Jack, a network engineer, is working on an IPv6 implementa on for one of his clients. He deployed IPv6 on IPv4 networks using a mechanism where a node
can choose from IPv6 or IPv4 based on
the DNS value. This makes the network resources work simpler.
What kind of technique did Jack use?
Tunneling
Transla on
Dual stacks
Filtering
Question 202
A web applica on developer is wri ng code for valida ng the user input. His aim is to verify
the user input against a list of predefined nega ve inputs to ensure that the received input is not one among the nega ve condi ons.
Iden fy the input filtering mechanism being implemented by the developer?
Authen ca on
Authoriza on
White lis ng
Black lis ng
Question 203
A penetra on tester at Trinity Ltd. is performing IoT device tes ng. As part of this process,
he is checking the IoT devices for open ports using port scanners such as Nmap. A er iden fying the open ports, he started using automated tools to check each
open port for any exploitable vulnerabili es.
Iden fy the IoT security issues the penetra on tester is trying to uncover?
Lack of transport encryp on

Insecure so ware/firmware
Insecure network services
Insufficient security configurability
Question 204
An a acker targeted to a ack network switches of an organiza on to steal confiden al informa on such as network subscriber informa on, passwords, etc. He
started transmi ng data through one switch to another by crea ng and sending two 802.1Q tags, one for the a acking switch and the other for vic m switch. By
sending these frames, the a acker is fooling the vic m switch into thinking that the frame is intended for it. The target switch then forwards the frame to the
vic m port.
Iden fy the type of a ack being performed by the a acker?
VLAN hopping
MAC flooding
IP spoofing
SNMP brute forcing
Question 205
Which of the following access point cannot be considered as rogue access point?
AP is present in authorized list of APs

AP with radio channel not present in the authorized list of channels
AP with radio media type not present in the authorized list of media types
AP not present in the authorized list of APs
Question 206
Jason is a penetra on tester, and a er comple ng the ini al penetra on test, he wanted to create a final penetra on test report that consists of all
ac vi es performed throughout the penetra on tes ng process.
Before crea ng the final penetra on tes ng report, which of the following reports should Jason prepare in order to verify if any crucial informa on is missed
from the report?
Dra report
Host report
Ac vity report
User report
Question 207
George, a reputed ethical hacker and penetra on tes ng consultant, was hired by FNB Services, a startup financial services company, to audit the security of
their web applica ons. During his inves ga on, George discovered that the company’s website is vulnerable to blind SQL injec on a acks. George, entered a
custom SQL query in a form located on the vulnerable page which resulted
in a back-end SQL query similar to the one given below: h p://fnb.com/forms/?id=1+AND+555=if(ord(mid((select+pass
from+users+limit+0,1),1,2))= 97,555,777)
What is George trying to achieve with this custom SQL query?
George is searching for the second character of the second table entry
George is searching for the first character of all the table entries
George is searching for the first character of the second table entry
George is searching for the first character of the first table entry
Question 208
Thomas is an a acker and he skimmed through the HTML source code of an online shopping website for the presence of any vulnerabili es that he can exploit. He
already knows that when a user makes any selec on of items in the online shopping webpage, the selec on is typically stored as form
field values and sent to the applica on as an HTTP request (GET or POST) a er clicking the Submit bu on. He also knows that some fields related to the selected
items are modifiable by the user (like quan ty, color, etc.) and some are not (like price). While skimming through the HTML code, he iden fied that the price
field values of the items are present in the HTML code. He modified the price field values of certain items from $200 to $2 in the HTML code and submi ed the
request successfully to the applica on.
Iden fy the type of a ack performed by Thomas on the online shopping website?
Session poisoning a ack

HTML embedding a ack
Hidden field manipula on a ack
XML external en ty a ack
Question 209
Allen and Greg, a er inves ng in their startup company called Zamtac Ltd., developed a new web applica on for their company. Before hos ng the applica on,
they want to test the robustness and immunity of the developed web applica on against a acks like buffer overflow, DOS, XSS, and SQL injec on.
What is the type of the web applica on security test Allen and Greg should perform?
Web mirroring
Web crawling
Web fuzzing
Web spidering
Question 210
Adam is an IT administrator for Syncan Ltd. He is designated to perform various IT tasks like
se ng up new user accounts, managing backups/restores, security authen ca ons and passwords, etc.
Whilst performing his tasks, he was asked to employ the latest and most secure authen ca on protocol to encrypt the passwords of users that are stored
in the Microso Windows OS-based systems
which makes use of the Key Distribu on Center (KDC). Which of the following authen ca on protocols
should Adam employ in order to achieve the objec ve?
LANMAN
NTLM
NTLMv2
Kerberos
Question 211
Steven is performing a wireless network audit. As part of the engagement, he is trying to crack a WPA-PSK key. Steven has captured enough packets to
run aircrack-ng and discover the key, but aircrack-ng did not yield any result, as there were no authen ca on packets in the capture. Which of the following
commands should Steven use to generate authen ca on packets?
airmon-ng start eth0

aircrack-ng.exe -a 2 -w capture.cap
aireplay-ng --deauth 11 -a AA:BB:CC:DD:EE:FF
airodump-ng --write capture eth0
Question 212
Tecty Motors Pvt. Ltd. has recently deployed RFID technology in the vehicles which allows the car owner to unlock the car with the exchange of a valid RFID
signal between a reader and a tag. Jamie, on the other hand, is a hacker who decided to exploit this technology with the aim of stealing the target vehicle. To
perform this a ack on the target vehicle, he first used an automated tool to intercept the signals between the reader and the tag to capture a valid RFID signal
and then later used the same signal to unlock and steal the vic m’s car.
Which of the following RFID a acks Jamie has performed in the above scenario?
RFID cloning
Power analysis a ack
Replay a ack
DoS a ack
Question 213
A security analyst at Techso Solu ons is performing penetra on tes ng on the cri cal IT
assets of the company. Without any prior informa on about the target, he/she is simula ng the methodologies and techniques, just like what real a acker
does. This type of test is very me consuming and expensive since nothing is provided to pen tester, pentester has to gain required informa on on his/her
own. Iden fy the type of tes ng performed by the security analyst?
Blind tes ng
Announced tes ng
Unannounced tes ng
White-box tes ng
Question 214
Michael, a Licensed Penetra on Tester, wants to create an exact replica of an original website, so he can browse and spend more me analyzing it.
Which of the following tools will Michael use to perform this task?
VisualRoute
Zaproxy
BlackWidow
NetInspector
Question 215
David is a penetra on tester and he is a emp ng to extract password hashes from the Oracle database.
Which of the following u li es should David employ in order to brute-force password hashes from oracle databases?
Orabf
TNS
OAT
Opwg
Question 216
John is working as a cloud security analyst in an organiza on. The management instructed him to implement a technology in the cloud infrastructure which
allows the organiza on to share the underlying cloud resources such as server, storage devices, and network. Which of the following technologies John must
employ?
Virtualiza on technology
Site technology
VoIP technology
RFID technology
Question 217
Russel, a penetra on tester a er performing the penetra on tes ng, wants to create a report so that he can provide details of the tes ng process and
findings of the vulnerabili es to the management. Russel employs the commonly available vulnerability scoring framework called Common
Vulnerability Scoring System (CVSS) v3.0 ra ngs for grading the severity and risk level of iden fied vulnerabili es in the report. For a specific SMB-based
vulnerability, Russel assigned a score of 8.7.
What is the level of risk or level of severity of the SMB vulnerability as per CVSS v3.0 for the assigned score?
High
Medium
Cri cal
Low
Question 218
John is a newly appointed penetra on tes ng manager in ABC Ltd. He is assigned a task to build a penetra on tes ng team and asked to jus fy the return
on investment (ROI).
To assess and predict the ROI of the team by considering the parameters like expected returns from the team and cost of investment, how can John calculate the
ROI?
ROI = (Cost of investment - Expected returns)/Expected returns

ROI = (Expected returns + Cost of investment)/Cost of investment
ROI = (Expected returns - Cost of investment)/Cost of investment
ROI = (Cost of investment + Expected returns)/Expected returns
Question 219
Robert is a network admin in XYZ Inc. He deployed a Linux server in his enterprise network and wanted to share some cri cal and sensi ve files that are present
in the Linux server with his subordinates. He wants to set the file access permissions using chmod command in such a way that his
subordinates can only read/view the files but cannot edit or delete the files.
Which of the following chmod commands can Robert use in order to achieve his objec ve?
chmod 777
chmod 666
chmod 644
chmod 755
Question 220
A user unknowingly installed a fake malicious banking app in his Android mobile. This app
includes a configura on file that consists of phone numbers of the bank. When the user makes a call to the bank, he is automa cally redirected to the number
being used by the a acker. The a acker impersonates as a banking official. Also, the app allows the a acker to call the user, then the app displays fake caller ID
on the user’s mobile resembling call from a legi mate bank. Iden fy the a ack being performed on the Android mobile user?
Tailga ng
Eavesdropping
Vishing
SMiShing
Question 221
You are working on a pen tes ng assignment. Your client has asked for a document that shows them
the detailed progress of the pen tes ng.
Which document is the client asking for?
Project plan with work breakdown structure

Engagement log
Scope of work (SOW) document
Rule of engagement with signatures of both the par es
Question 222
AB Cloud services provide virtual pla orm services for the users in addi on to storage. The company offers users with virtual machines and other abstracted
hardware and opera ng systems (OSs)
which may be controlled through a service API. What is the name of the service AB Cloud services offer?

So ware as a Service (SaaS)
Web Applica on Services
Question 223
Harry, a penetra on tester in SqSac Solu ons Ltd., is trying to check if his company’s SQL
server database is vulnerable. He also wants to check if there are any loopholes present that can enable the perpetrators to exploit and gain access to the user
account login details from the database. A er performing various test a empts, finally Harry executes an SQL query that enabled him to extract all the
available Windows Login Account details.
Which of the following SQL queries did Harry execute to obtain the informa on?
SELECT name FROM sys.server_principals WHERE TYPE = 'G'

SELECT name FROM sys.server_principals WHERE TYPE = 'I'
SELECT name FROM sys.server_principals WHERE TYPE = 'U‘
SELECT name FROM sys.server_principals WHERE TYPE = 'R'
Question 224
Jacob is a penetra on tester at TechSo Inc. based at Singapore. The company assigned him the task of conduc ng penetra on test on the IoT devices
connected to the corporate network. As part of
this process, he captured the network traffic of the devices, their mobile applica ons, and cloud connec ons to check whether any cri cal data are transmi ed
in plain text. Also, he tried to check whether SSL/TLS protocols are properly updated and implemented. Which of the following IoT security issues Jacob is
dealing with?
Insecure so ware/firmware
Lack of transport encryp on
Poor authen ca on/authoriza on
Privacy concerns
Question 225
An organiza on hosted a website to provide services to its customers. A visitor of this website
has reported a complaint to the organiza on that they are ge ng an error message with code 502 when they are trying to access the website. This issue was
forwarded to the IT department in the organiza on. The IT department iden fied the reason behind the error and started resolving the issue by checking
whether the server is overloaded, whether the name resolu on is working properly,
whether the firewall is configured properly, etc.
Iden fy the error message corresponding to code 502 that the visitors obtained when they tried to access the organiza on’s website?
Forbidden
Bad gateway
Internal error
Bad request
Question 226
Rock is a disgruntled employee of XYZ Inc. He wanted to take revenge. For that purpose, he created a malicious so ware that automa cally visits every page on
the company’s website, checks pages for important links to other content recursively, and indexes them in a logical flow. By using this malicious so ware, he
gathered a lot of crucial informa on that is required to exploit the organiza on.
What is the type of so ware that Rock developed?
Web spider
Web scanner
Web proxy
Web fuzzer
Question 227
Jan is a newly joined penetra on tester for XYZ Ltd. While joining, as a part of her training, she was instructed about various legal policies and informa on
securi es acts by her trainer. During the training, she was informed about a specific informa on security act related to the conducts and ac vi es like it is illegal
to perform DoS a acks on any websites or applica ons, it is illegal to supply and own hacking tools, it is illegal to access unauthorized computer material, etc. To
which type of informa on security act does the above conducts and ac vi es best suit?
Police and Jus ce Act 2006

Data Protec on Act 1998
USA Patriot Act 2001
Human Rights Act 1998
Question 228
Adam is an IT administrator for Hyperscan LLC. He is designated to perform various IT tasks like se ng up new user accounts, managing backup/restores,
security authen ca ons and passwords, etc. Whilst performing his tasks, he was asked to employ the latest and most secure authen ca on protocol to encrypt
the passwords of users that are stored in the Microso Windows OS-based systems. Which of the following authen ca on protocols should Adam employ in
order to achieve the objec ve?
LANMAN
Kerberos
NTLM
NTLMv2
Question 229
Hans Olo, a Licensed Penetra on Tester, wants to create an exact replica of an original website, so he can browse and spend more me analyzing it. Which of the
following tools will Mr. Olo use to perform this task?
VisualRoute
NetInspector
BlackWidow
Zaproxy
Question 230
o
o
o
o
Question 231
o
o
o
o
Question 232
An organiza on deployed Microso Azure cloud services for running their business ac vi es. They appointed Jamie, a security analyst for performing cloud
penetra on tes ng. Microso prohibits certain tests to be carried out on their pla orm. Which of the following penetra on tes ng ac vi es Jamie cannot
perform on the Microso Azure cloud service?
Post scanning
Denial-of-Service
Log monitoring
Load tes ng
Question 233
Peter, a disgruntled ex-employee of Zapmaky Solu ons Ltd., is trying to jeopardize the company’s website h p://zapmaky.com. He conducted the port scan of
the website by using the Nmap tool to extract the informa on about open ports and their corresponding services. While performing the scan, he recognized
that some of his requests are being blocked by the firewall deployed by the IT personnel of Zapmaky and he wants to bypass the same. For evading the firewall,
he wanted to employ the stealth scanning technique which is an incomplete TCP three-way handshake method that can effec vely bypass the firewall rules and
logging mechanisms. Which if the following Nmap commands should Peter execute to perform stealth scanning?
nmap -sT -v zapmaky.com

nmap -T4 -A -v zapmaky.com
nmap -sX -T4 -A -v zapmaky.com
nmap -sN -A zapmaky.com
Question 234
Mr. Riddick is an a acker who wants to a ack XYZ Inc. He has performed reconnaissance over all the publicly available resources of the company and iden fied
the official company website h p://xyz.com. He scanned all the pages of the company website to find for any poten al vulnerabili es to exploit. Finally, in the
user account login page of the company’s website, he found a user login form which consists of several fields that accepts user inputs like username and
password. He also found than any non-validated query that is requested can be directly communicated to the ac ve directory and enable unauthorized users to
obtain direct access to the databases. Since Mr. Riddick knew an employee named Jason from XYZ Inc., he enters a valid username “jason” and injects “jason)
(&))” in the username field. In the password field, Mr. Riddick enters “blah” and clicks Submit bu on. Since the complete URL string entered by Mr. Riddick
becomes “(& (USER=jason)(&))(PASS=blah)),” only the first filter is processed by the Microso Ac ve Directory, that is, the query “(&(USER=jason)(&))” is
processed. Since this query always stands true, Mr. Riddick successfully logs into the user account without a valid password of Jason. In the above scenario,
iden fy the type of a ack performed by Mr. Riddick?
LDAP injec on a ack

HTML embedding a ack
Shell injec on a ack
File injec on a ack
Question 235
An organiza on has deployed a web applica on that uses encoding technique before transmi ng the data over the Internet. This encoding technique helps the
organiza on to hide the confiden al data such as user creden als, email a achments, etc. when in transit. This encoding technique takes 3 bytes of binary data
and divides it into four chunks of 6 bits. Each chunk is further encoded into respec ve printable character. Iden fy the encoding technique employed by the
organiza on?
Unicode encoding
Base64 encoding
URL encoding
HTMS encoding
Question 236
SecGlobal Corpora on hired Hans Olo, a penetra on tester. Management asked Hans Olo to perform cloud penetra on tes ng on the company’s cloud
infrastructure. As a part of his task, he started checking all the agreements with cloud service provider and came to a conclusion that it is not possible to perform
penetra on tes ng on the cloud services that are being used by the organiza on due to the level of responsibili es between company and the Cloud Service
Provider (CSP). Iden fy the type of cloud service deployed by the organiza on?

So ware as a service (SaaS)
Anything as a service (XaaS)
Question 237
A team of cyber criminals in Germany has sent malware-based emails to workers of a fast-food center which is having mul ple outlets spread geographically.
When any of the employees click on the malicious email, it will give backdoor access to the point of sale (POS) systems located at various outlets. A er gaining
access to the POS systems, the criminals will be able to obtain credit card details of the fast-food center’s customers. In the above scenario, iden fy the type of
a ack being performed on the fast-food center?
Phishing
Vishing
Tailga ng
Dumpster diving
Question 238
Fred, who owns a company called Skyfeit Ltd., wants to test the enterprise network for presence of any vulnerabili es and loopholes. He employed a third-party
penetra on tes ng team and asked them to perform the penetra on tes ng over his organiza onal infrastructure. Fred briefed the team about his network
infrastructure and provided them with a set of IP addresses on which they can perform tests. He gave them strict instruc on not to perform DDoS a acks or
access the domain servers in the company. He also instructed them that they can carry out the penetra on tests even when the regular employees are on duty
since they lack the clue about the happenings. However, he asked the team to take care that no interrup on in business con nuity should be caused. He also
informed the penetra on tes ng team that they get only 1 month to carry out the test and submit the report. What kind of penetra on test did Fred ask the
third- party penetra on tes ng team to perform?
Announced tes ng
Blind tes ng
Grey-Box tes ng
Unannounced tes ng
Question 239
Ross performs security test on his company’s network assets and creates a detailed report of all the findings. In his report, he clearly explains the methodological
approach that he has followed in finding the loopholes in the network. However, his report does not men on about the security gaps that can be exploited or the
amount of damage that may result from the successful exploita on of the loopholes. The report does not even men on about the remedia on steps that are to
be taken to secure the network. What is the type of test that Ross has performed?
Penetra on tes ng
Vulnerability assessment
Risk assessment
Security audit
Question 240
JUA Networking Solu ons is a group of cer fied ethical hacking professionals with a large client base. Stanley works as a penetra ng tester at this firm. Future
group approached JUA for an internal pen test. Stanley performs various penetra on tes ng test sequences and gains informa on about the network resources
and shares, rou ng tables, audit and service se ngs, SNMP and DNS details, machine names, users and groups, applica ons and banners. Iden fy the technique
that gave Stanley this informa on.
Enumera on
Sniffing
Ping sweeps
Port scanning
Question 241
Moses, a professional hacker, a empts to overwhelm the target vic m computer by transmi ng TCP connec on requests faster than the computer can process
them. He started sending mul ple SYN packets of size between 800 and 900 bytes with spoofed source addresses and port numbers. The main inten on of Moses
behind this a ack is to exhaust the server resources and saturate the network of the target organiza on. Iden fy the type of a ack being performed by Moses?
VTP a ack
DoS a ack
ARP a ack
HSRP a ack
Question 242
Mulder, an ex-employee of Netabb Ltd. with bruised feelings due to his layoff, tries to take revenge against the company. He randomly tried several a acks
against the organiza on. As some of the employees used weak passwords to their user accounts, Mulder was successful in cracking the user accounts of several
employees with the help of a common passwords file. What type of password cracking a ack did Mulder perform?
Hybrid a ack
Dic onary a ack
Brute forcing a ack
Birthday a ack
Question 243
Mr. Riddick, a research scholar, received an email informing that someone is trying to access his Google account from an unknown device. When he opened his
email message, it looked like a standard Google no fica on instruc ng him to click the link below to take further steps. This link was redirected to a malicious
webpage where he was tricked to provide Google account creden als.
Mr. Riddick observed that the URL began with www.translate.google.com giving a legi mate appearance. In the above scenario, iden fy the type of a ack
being performed on Mr. Riddick’s email account?
SMiShing
Dumpster diving
Phishing
Vishing
Question 244
During scanning of a test network, Paul sends TCP probe packets with the ACK flag set to a remote device and then analyzes the header informa on (TTL and
WINDOW field) of the received RST packets to find whether the port is open or closed. Analyze the scanning result below and iden fy the open port.
Port 22
Port 23
Port 21
Port 20
Question 245
Jeffry, a penetra on tester in Repotes Solu ons Pvt. Ltd., is facing a problem in tes ng the firewall. By consul ng other penetra on testers and considering
other penetra on tes ng approaches, he was able to take cri cal decisions on how to test the
firewall; he was finally successful in tes ng the firewall for vulnerabili es. In which of the following sec ons of penetra on tes ng report will Jeffry men on the
above situa on?
Timeline
Evalua on purpose
Assump ons
System descrip on
Question 246
Analyze the packet capture from Wireshark below and mark the correct statement.

It is an invalid DNS query
It is a DNS response message
It is an answer to the itera ve query from Microso .com DNS server
It is Host (A record) DNS query message
Question 247
Henderson has completed the pen tes ng tasks. He is now compiling the final report for the client. Henderson needs to include the result of scanning that
revealed a SQL injec on vulnerability and different SQL queries that he used to bypass web applica on authen ca on. In which sec on of the pen tes ng
report, should Henderson include this informa on?
General opinion sec on

Methodology sec on
Compressive technical report sec on
Execu ve summary sec on
Question 248
John, a security analyst working for LeoTech organiza on, was asked to perform penetra on tes ng on the client organiza onal network. In this process, he used
a method that involves threatening or convincing a person from the client organiza on to obtain sensi ve informa on. Iden fy the type of penetra on tes ng
performed by John on the client organiza on?
Wireless network penetra on tes ng

Social engineering penetra on tes ng
Mobile device penetra on tes ng
Web applica on penetra on tes ng
Question 249
Which of the following acts provides federal protec ons for personal health informa on held by covered en es and gives pa ents an array of rights with
respect to that informa on?
PCI-DSS
SOX
HIPAA
GLBA
Question 250
John is a penetra on tester who wants to perform port scan on the DNS Server (IP address:
192.168.0.124) deployed in the perimeter. In his primary research, he iden fied that the DNS server
is configured with default se ngs. Since he is employing Nmap tool to perform port scanning, which
of the following Nmap commands should John execute to port scan the DNS Server?
nmap -sS -sU –p 80 192.168.0.124

nmap -sS -sU –p 69 192.168.0.124
nmap -sS -sU –p 123 192.168.0.124
nmap -sS -sU –p 53 192.168.0.124
Question 251
Frodo, an employee in EvilCorp Ltd., no ces a USB flash drive on the pavement of the company. Before he could hand it over to the security guard, he tries to
check it out. He connects it with an OTG to his mobile phone and finds some of his favorite music playlists and games. He tries to download them into his mobile,
but very lately he came to know that he has been a acked and some of his sensi ve financial informa on was exposed to a ackers. What type of a acks did
Frodo face?
Social engineering a ack

Phishing a ack
Wardriving a ack
Impersona on a ack
Question 252
Which of the following informa on security acts enables to ease the transfer of financial informa on between ins tu ons and banks while making the rights of
the individual through security requirements more specific?
The Digital Millennium Copyright Act (DMCA)

Sarbanes Oxley Act (SOX)
Computer Misuse Act 1990
Gramm-Leach-Bliley Act (GLBA)
Question 253
Peter is working on a pen tes ng assignment. During the reconnaissance phase, Peter discovered that the client’s SYSLOG systems are taken off for four hours on
the second Saturday of every month for maintenance. He wants to analyze the client’s web pages for sensi ve informa on without triggering their logging
mechanism. There are hundreds of pages on the client’s website and it is difficult to analyze all the informa on in just four hours. What will Peter do to analyze
all the web pages in a stealthy manner?
Use HTTrack to mirror the complete website

Use WayBackMachine
Perform reverse DNS lookup
Search the Internet, newsgroups, bulle n boards, and nega ve websites for informa on about the client
Question 254
SecInfo is a leading cyber security provider who recently hired Andrew, a security analyst. He was assigned the task of iden fying vulnerabili es in the NFC
devices by performing an a ack on them. In this process, he was present with his receiver. Iden fy the type of a ack performed by Andrew on the target NFC
devices?
Ticket cloning
MITM a ack
DoS a ack
Virus a ack
Question 255
A recent study from HyThech Technologies found that three of the most popular websites are having most commonly exploitable flaw in their web applica ons.
Using this vulnerability, an a acker may inject malicious code that can be executed on a user’s machine. Also, the study revealed that most sensi ve target of this
vulnerability is stealing session cookies. This helps a ackers to duplicate the user session and access anything the user can perform on a website like
manipula ng personal informa on, crea ng fake social media posts, stealing credit card informa on and performing unauthorized financial transac ons, etc.
Iden fy the vulnerability revealed by HyThech Technologies?
DoS vulnerability
Buffer overflow vulnerability
Insecure decentraliza on vulnerability
XSS vulnerability
Question 256
Clark, a professional hacker, decided to bring down the services provided by the target organiza on. In the ini al informa on-gathering stage, he detected some
vulnerabili es in the TCP/IP protocol stack of the vic m’s system. He exploited these vulnerabili es to create mul ple malformed packets in ample magnitude
and has sent these unusually cra ed packets to the vic m’s machine. Iden fy the type of a ack being performed by Clark?
Dic onary a ack

DoS a ack
SNMP brute-forcing a ack
ARP a ack
Question 257
Jackson, a social media editor for Early Times, iden fied that there are exploitable zero-day vulnerabili es in many of the open source protocols and common file
formats across so ware used by some of the specific industries. To iden fy vulnerabili es in so ware, he had sent malformed or random input to the target
so ware and then observed the result. This technique helps in uncovering zero-day vulnerabili es and helps security teams in iden fying areas where the quality
and security of the so ware need to be improved. Iden fy the technique used by Jackson to uncover zero-day vulnerabili es?
Applica on fuzz tes ng

Applica on black tes ng
Source code review
Applica on white tes ng
Question 258
An organiza on recently faced a cybera ack where an a acker captured legi mate user creden als and gained access to the cri cal informa on systems. He also
led other malicious hackers in gaining access to the informa on systems. To defend and prevent such a acks in future, the organiza on has decided to route all
the incoming and outgoing network traffic through a centralized access proxy apart from valida ng user creden als. Which of the following defensive
mechanisms the organiza on is trying to strengthen?
Authen ca on
Serializa on
Encryp on
Hashing
Question 259
Hans Olo, a penetra on tester of Rolatac Pvt. Ltd., has completed his ini al penetra on tes ng and now he needs to create a penetra on tes ng report for
company’s client, management, and top officials for their reference. For this, he created a report providing a detailed summary of the complete penetra on
tes ng process of the project that he has undergone, its outcomes, and recommenda ons for future tes ng and exploita on. In the above scenario, which type
of penetra on tes ng report has Hans Olo prepared?
Host report
Ac vity report
User report
Execu ve report
Question 260
Gibson, a security analyst at MileTech Solu ons, is performing cloud penetra on tes ng. As part of this process, he needs to check for any governance and
compliance issues against cloud services. Which of the following documents helps Gibson in checking whether the CSP is regularly audited and cer fied for
compliance issues?
Service level agreement

Data use agreement
ROE agreement
Nondisclosure agreement
Question 261
StarMotel is a prominent chain of hotels in the world that uses high-tech solu ons to ease the stay of their guests. In those high-tech solu ons, they deployed
RFID cards using which a guest can get access to the allocated hotel room. Keeping an eye on the RFID technology and with an objec ve of exploi ng it, John, a
professional hacker, decided to hack it in order to obtain access to any room in the target hotel. In this process, he first pulled an RFID keycard from the trash of
the target hotel and iden fied the master keycard code in several tries using an RFID card reading and wri ng tool. Then, he created its clone using a new RFID
card that gave him free reign to roam in any hotel room in the building. Iden fy the RFID a ack John has performed on the target hotel?
RFID spoofing a ack

Reverse engineering a ack
RFID replay a ack
Power analysis a ack
Question 262
An a acker impersonated himself as a pizza delivery boy and is wai ng outside the target company. He observed that an employee of the company is gaining
security approval to enter the campus. When the employee is opening the entrance door of the company, the a acker requested the employee to hold the door
open to enter into the company. In the above scenario, iden fy the technique used by the a acker to enter into the company?
Dumpster diving
Vishing
Tailga ng
Phishing
Question 263
A disgruntled employee Robert targeted to acquire business secrets of the organiza on he is working in and wants to sell them to a compe ng organiza on for
some financial gain. He started gathering informa on about the organiza on and
somehow found out that the organiza on is conduc ng a mee ng to discuss future business plans. To collect the informa on about the organiza on’s business
plans, he had built a listening device housed in his bag and arrived the mee ng loca on wearing a suit and e. One of the employees of the organiza on thought
he was a senior execu ve from other branch who came to a end the mee ng and readily took him to the mee ng room. Robert waited un l that employee le
the mee ng room and planted listening devices at mul ple places in the room. Then, he went outside the building and started listening and recorded all the
conversa ons in the mee ng. Iden fy the type of a ack being performed by Robert on the target organiza on?
Vishing
Phishing
Shoulder surfing
Eavesdropping
Question 264
A company iden fied cri cal vulnerability in its hyperconverged infrastructure that provides services such as compu ng, networking, and storage resources in a
single system. Also, the company iden fied that this vulnerability may lead to various injec on a acks that allow the a ackers to execute malicious commands as
the root users. The company decided to immediately implement appropriate countermeasure to defend against such a acks. Which of the following defensive
mechanisms should the company employ?
Data correla on
Patch management
Input valida on
Session management
By trytograb di Februari 27, 2020 (2020-02-27T12:12:00-08:00)
~~
Tidak ada komentar:

Posting Komentar
Masukkan komentar Anda...
Beri komentar sebagai: Google Accou
Publikasikan Pratinjau
Older post >
We Love You, Guys! E C S A E X A M PART 1
ECSA GUYS!
ECSA EEEEEEEEEEE XXXXXXXXXXXXXXXX AAAAAAAAAAAAAAAA MMMMMMMMMMMM YUUHHUUUU
2020-02-27

2020-02-27
MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A

2020-02-26
CINTAKU CUMA KAMU SAYANG ! Part 2 E C S A

2020-02-26
CUKIMAI KALI KAU INI ! Part 1 E C S A

2020-02-26
SECCIONS
 Module 07 Malware Threats 7
 Module 08 Sni ng 7
 SULTAN SULTAN 5
ABOUT
trytograb
Lihat pro l lengkapku
Lihat pro l lengkapku
Cari Blog Ini

Telusuri
Diberdayakan oleh Blogger.
Blog Archive
Februari 2020 (5)
Januari 2020 (19)
Laporkan Penyalahgunaan
Popular Posts
ECSA EEEEEEEEEEE XXXXXXXXXXXXXXXX AAAAAAAAAAAAAAAA MMMMMMMMMMMM YUUHHUUUU
MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A
CINTAKU CUMA KAMU SAYANG ! Part 2 E C S A
I See Dead People 11
I See Dead People 12
I See Dead People 6
BTemplates.com
Blogroll
About
Beranda
Popular Photos
No posts found
ECSA EEEEEEEEEEE XXXXXXXXXXXXXXXX AAAAAAAAAAAAAAAA

MMMMMMMMMMMM YUUHHUUUU
Categories
 Module 07 Malware Threats
 Module 08 Sni ng
Archive  SULTAN SULTAN
Februari (5)
Januari (19)
Comments
No comments found
About
This just a demo text widget, you can use it to create an about
text, for example.
Copyright © 2020 Try to Grab.  Designed by Blogger Templates, Chino Mandarín & 爱西班牙语

ECSA Dump 4

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ECSA Dump 4

Uploaded by

Copyright:

Available Formats

12/15/2020 ECSA EEEEEEEEEEE XXXXXXXXXXXXXXXX AAAAAAAAAAAAAAAA MMMMMMMMMMMM YUUHHUUUU ~ Try to Grab

ECSA EEEEEEEEEEE XXXXXXXXXXXXXXXX

' union select

Perform reverse lookup using nslookup

sqlmap -u “www.xsecurity.com” --dbs oﬃces --T

Perform Ethernet scan

Cloaking a scan with decoys

Port 111, rpcenum

hydra -U /root/Usernames.txt -P /root/Passwords.txt 192.168.168.10 smb

You are working with a HIPAA compliant organiza on

Increase the ICMP header length

1' or '1' = '1

Packet Filtering Firewall

Exam B (81 questions)

# chkconﬁg [service name] oﬀ

Open Web Applica on Security Project (OWASP)

Master Browser (MB)

Anything as a service (XaaS)

Always ask for a signed acknowledgment a er submi ng the report

TTL value in the packet header is not set

Lack of transport encryp on

AP is present in authorized list of APs

Session poisoning a ack

airmon-ng start eth0

ROI = (Cost of investment - Expected returns)/Expected returns

Project plan with work breakdown structure

Pla orm as a service (PaaS)

SELECT name FROM sys.server_principals WHERE TYPE = 'G'

What is the type of so ware that Rock developed?

Police and Jus ce Act 2006

nmap -sT -v zapmaky.com

LDAP injec on a ack

Pla orm as a service (PaaS)

General opinion sec on

Wireless network penetra on tes ng

nmap -sS -sU –p 80 192.168.0.124

Social engineering a ack

The Digital Millennium Copyright Act (DMCA)

Use HTTrack to mirror the complete website

Dic onary a ack

Applica on fuzz tes ng

Service level agreement

RFID spooﬁng a ack

By trytograb di Februari 27, 2020 (2020-02-27T12:12:00-08:00)

Tidak ada komentar:

Masukkan komentar Anda...

Beri komentar sebagai: Google Accou

Older post >

We Love You, Guys! E C S A E X A M PART 1

We Love You, Guys! E C S A E X A M PART 1

MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A

CINTAKU CUMA KAMU SAYANG ! Part 2 E C S A

CUKIMAI KALI KAU INI ! Part 1 E C S A

Cari Blog Ini

Diberdayakan oleh Blogger.

CUKIMAI KALI KAU INI ! Part 1 E C S A

ECSA EEEEEEEEEEE XXXXXXXXXXXXXXXX AAAAAAAAAAAAAAAA MMMMMMMMMMMM YUUHHUUUU

We Love You, Guys! E C S A E X A M PART 1

MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A

CINTAKU CUMA KAMU SAYANG ! Part 2 E C S A

I See Dead People 11

I See Dead People 12

I See Dead People 6

ECSA EEEEEEEEEEE XXXXXXXXXXXXXXXX AAAAAAAAAAAAAAAA