[Free] 2018(Jan) EnsurePass Dumpsleader ECCouncil ECSAv8 Dumps with VCE and PDF 131-140

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released ECSAv8
100% Free Download! 100% Pass Guaranteed!

EC-Council Certified Security Analyst (ECSA)

Question No: 131

A WHERE clause in SQL specifies that a SQL Data Manipulation Language (DML) statement should only affect rows that meet specified criteria. The criteria are expressed in the form of predicates. WHERE clauses are not mandatory clauses of SQL DML statements, but can be used to limit the number of rows affected by a SQL DML statement or returned by a query.

Ensurepass 2018 PDF and VCE

A pen tester is trying to gain access to a database by inserting exploited query statements with a WHERE clause. The pen tester wants to retrieve all the entries from the database using the WHERE clause from a particular table (e.g. StudentTable).

What query does he need to write to retrieve the information?

  1. EXTRACT* FROM StudentTable WHERE roll_number = 1 order by 1000

  2. DUMP * FROM StudentTable WHERE roll_number = 1 AND 1=1-

  3. SELECT * FROM StudentTable WHERE roll_number = #39;#39; or #39;1#39; = #39;1′

  4. RETRIVE * FROM StudentTable WHERE roll_number = 1#39;#

Answer: C

Question No: 132

The term social engineering is used to describe the various tricks used to fool people (employees, business partners, or customers) into voluntarily giving away information that would not normally be known to the general public.

Ensurepass 2018 PDF and VCE

What is the criminal practice of social engineering where an attacker uses the telephone system in an attempt to scam the user into surrendering private information?

  1. Phishing

  2. Spoofing

  3. Tapping

  4. Vishing

Answer: D

Question No: 133

By default, the TFTP server listens on UDP port 69. Which of the following utility reports the port status of target TCP and UDP ports on a local or a remote computer and is used to troubleshoot TCP/IP connectivity issues?

  1. PortQry

  2. Netstat

  3. Telnet

  4. Tracert

Answer: A

Reference: http://support.microsoft.com/kb/832919

Question No: 134

To locate the firewall, SYN packet is crafted using Hping or any other packet crafter and sent to the firewall. If ICMP unreachable type 13 message (which is an admin prohibited packet) with a source IP address of the access control device is received, then it means which of the following type of firewall is in place?

  1. Circuit level gateway

  2. Stateful multilayer inspection firewall

  3. Packet filter

  4. Application level gateway

Answer: C

Question No: 135

Security auditors determine the use of WAPs on their networks with Nessus vulnerability scanner which identifies the commonly used WAPs. One of the plug-ins that the Nessus Vulnerability Scanner uses is ID #11026 and is named “Access Point Detection”. This plug- in uses four techniques to identify the presence of a WAP. Which one of the following techniques is mostly used for uploading new firmware images while upgrading the WAP device?

  1. NMAP TCP/IP fingerprinting

  2. HTTP fingerprinting

  3. FTP fingerprinting

  4. SNMP fingerprinting

Answer: C

Question No: 136

Which among the following information is not furnished by the Rules of Engagement (ROE) document?

  1. Techniques for data collection from systems upon termination of the test

  2. Techniques for data exclusion from systems upon termination of the test

  3. Details on how data should be transmitted during and after the test

  4. Details on how organizational data is treated throughout and after the test

Answer: A

Question No: 137

A framework is a fundamental structure used to support and resolve complex issues. The framework that delivers an efficient set of technologies in order to develop applications which are more secure in using Internet and Intranet is:

  1. Microsoft Internet Security Framework

  2. Information System Security Assessment Framework (ISSAF)

  3. Bell Labs Network Security Framework

  4. The IBM Security Framework

Answer: A

Question No: 138

Identify the attack represented in the diagram below:

Ensurepass 2018 PDF and VCE

  1. Input Validation

  2. Session Hijacking

  3. SQL Injection

  4. Denial-of-Service

Answer: B

Reference: http://en.wikipedia.org/wiki/Session_hijacking

Question No: 139

During external penetration testing, which of the following techniques uses tools like Nmap to predict the sequence numbers generated by the targeted server and use this information to perform session hijacking techniques?

  1. TCP Sequence Number Prediction

  2. IPID State Number Prediction

  3. TCP State Number Prediction

  4. IPID Sequence Number Prediction

Answer: A

Reference: http://www.scribd.com/doc/133636402/LPTv4-Module-18-External-Penetration- Testing-NoRestriction (p.43)

Question No: 140

Amazon Consulting Corporation provides penetration testing and managed security services to companies. Legality and regulatory compliance is one of the important components in conducting a successful security audit.

Before starting a test, one of the agreements both the parties need to sign relates to limitations, constraints, liabilities, code of conduct, and indemnification considerations between the parties.

Ensurepass 2018 PDF and VCE

Which agreement requires a signature from both the parties (the penetration tester and the company)?

  1. Non-disclosure agreement

  2. Client fees agreement

  3. Rules of engagement agreement

  4. Confidentiality agreement

Answer: C

100% Ensurepass Free Download!
Download Free Demo:ECSAv8 Demo PDF
100% Ensurepass Free Guaranteed!
ECSAv8 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.