EC-COUNCIL ECSA 412-79V10 Questions & Answers

• Question 1:

  The term social engineering is used to describe the various tricks used to fool people (employees, business partners, or customers) into voluntarily giving away information that would not normally be known to the general public.

  

  What is the criminal practice of social engineering where an attacker uses the telephone system in an attempt to scam the user into surrendering private information?

  A. Phishing

  B. Spoofing

  C. Tapping

  D. Vishing

  Correct Answer: D

• Question 2:

  Internet Control Message Protocol (ICMP) messages occur in many situations, such as whenever a datagram cannot reach the destination or the gateway does not have the buffering capacity to forward a datagram. Each ICMP message contains three fields: type, code, and checksum. Different types of Internet Control Message Protocols (ICMPs) are identified by a TYPE field. If the destination is not reachable, which one of the following are generated?

  A. Type 8 ICMP codes

  B. Type 12 ICMP codes

  C. Type 3 ICMP codes

  D. Type 7 ICMP codes

  Correct Answer: C

• Question 3:

  Which of the following is the objective of Gramm-Leach-Bliley Act?

  A. To ease the transfer of financial information between institutions and banks

  B. To protect the confidentiality, integrity, and availability of data

  C. To set a new or enhanced standards for all U.S. public company boards, management and public accounting firms

  D. To certify the accuracy of the reported financial statement

  Correct Answer: A

  Reference: http://www.itap.purdue.edu/security/policies/glb_safeguards_rule_training_general.pdf

• Question 4:

  This is a group of people hired to give details of the vulnerabilities present in the system found after a penetration test. They are elite and extremely competent penetration testers and intrusion analysts. This team prepares a report on the vulnerabilities in the system, attack methods, and how to defend against them.

  

  What is this team called?

  A. Blue team

  B. Tiger team

  C. Gorilla team

  D. Lion team

  Correct Answer: B

• Question 5:

  Which of the following policies states that the relevant application owner must authorize requests for additional access to specific business applications in writing to the IT Department/resource?

  A. Special-Access Policy

  B. User Identification and Password Policy

  C. Personal Computer Acceptable Use Policy

  D. User-Account Policy

  Correct Answer: B

• Question 6:

  SQL injection attacks are becoming significantly more popular amongst hackers and there has been an estimated 69 percent increase of this attack type.

  This exploit is used to great effect by the hacking community since it is the primary way to steal sensitive data from web applications. It takes advantage of non-validated input vulnerabilities to pass SQL commands through a web application for execution by a back- end database.

  The below diagram shows how attackers launched SQL injection attacks on web applications.

  

  Which of the following can the attacker use to launch an SQL injection attack?

  A. Blah' "2=2 ?

  B. Blah' and 2=2 -

  C. Blah' and 1=1 -

  D. Blah' or 1=1 -

  Correct Answer: D

• Question 7:

  What information can be collected by dumpster diving?

  A. Sensitive documents

  B. Email messages

  C. Customer contact information

  D. All the above

  Correct Answer: A

  Reference: http://www.spamlaws.com/dumpster-diving.html

• Question 8:

  A Blind SQL injection is a type of SQL Injection attack that asks the database true or false questions and determines the answer based on the application response. This attack is often used when the web application is configured to show generic error messages, but has not mitigated the code that is vulnerable to SQL injection.

  

  It is performed when an error message is not received from application while trying to exploit SQL vulnerabilities. The developer's specific message is displayed instead of an error message. So it is quite difficult to find SQL vulnerability in such cases.

  A pen tester is trying to extract the database name by using a blind SQL injection. He tests the database using the below query and finally finds the database name.

  http://juggyboy.com/page.aspx?id=1; IF (LEN(DB_NAME())=4) WAITFOR DELAY '00:00:10'-

  http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((DB_NAME()),1,1)))=97) WAITFOR DELAY '00:00:10'-

  http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((DB_NAME()),2,1)))=98) WAITFOR DELAY '00:00:10'-

  http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((DB_NAME()),3,1)))=99) WAITFOR DELAY '00:00:10'-

  http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((DB_NAME()),4,1)))=100) WAITFOR DELAY '00:00:10'-

  What is the database name?

  A. WXYZ

  B. PQRS

  C. EFGH

  D. ABCD

  Correct Answer: D

  Reference: http://www.scribd.com/doc/184891028/CEHv8-Module-14-SQL-Injection-pdf (see module 14, page 2049 to 2051)

• Question 9:

  Rules of Engagement (ROE) document provides certain rights and restriction to the test team for performing the test and helps testers to overcome legal, federal, and policy-related restrictions to use different penetration testing tools and techniques.

  

  What is the last step in preparing a Rules of Engagement (ROE) document?

  A. Conduct a brainstorming session with top management and technical teams

  B. Decide the desired depth for penetration testing

  C. Conduct a brainstorming session with top management and technical teams

  D. Have pre-contract discussions with different pen-testers

  Correct Answer: C

• Question 10:

  Output modules allow Snort to be much more flexible in the formatting and presentation of output to its users. Snort has 9 output plug-ins that push out data in different formats. Which one of the following output plug-ins allows alert data to be written in a format easily importable to a database?

  A. unified

  B. csv

  C. alert_unixsock

  D. alert_fast

  Correct Answer: B