Last Updated on July 24, 2021 by InfraExam
ECSAv10 : EC-Council Certified Security Analyst : Part 06
Watson works as a Penetrating test engineer at Neo security services. The company found its wireless network operating in an unusual manner, with signs that a possible cyber attack might have happened. Watson was asked to resolve this problem. Watson starts a wireless penetrating test, with the first step of discovering wireless networks by war-driving. After several thorough checks, he identifies that there is some problem with rogue access points and resolves it. Identifying rogue access points involves a series of steps.
Which of the following arguments is NOT valid when identifying the rogue access points?
- If a radio media type used by any discovered AP is not present in the authorized list of media types, it is considered as a rogue AP
- If any new AP which is not present in the authorized list of APs is detected, it would be considered as a rogue AP
- If the radio channel used by any discovered AP is not present in the authorized list of channels, it is considered as a rogue AP
- If the MAC of any discovered AP is present in the authorized list of MAC addresses, it would be considered as a rogue AP
Jacob is a penetration tester at TechSoft Inc. based at Singapore. The company assigned him the task of conducting penetration test on the IoT devices connected to the corporate network. As part of this process, he captured the network traffic of the devices, their mobile applications, and cloud connections to check whether any critical data are transmitted in plain text. Also, he tried to check whether SSL/TLS protocols are properly updated and implemented.
Which of the following IoT security issues Jacob is dealing with?
- Poor authentication/authorization
- Lack of transport encryption
- Privacy concerns
- Insecure software/firmware
Identify the attack from the description below:
I. User A sends an ARP request to a switch
II. The switch broadcasts the ARP request in the network
III. An attacker eavesdrops on the ARP request and responds by spoofing as a legitimate user
IV. The attacker sends his MAC address to User A
- MAC spoofing
- ARP injection
- ARP flooding
- ARP poisoning
Nancy Jones is a network admin at Society Technology Ltd. When she is trying to send data packets from one network (Token-ring) to another network (Ethernet), she receives an error message stating:
What is the reason behind this?
- Packet is lost
- Packet fragmentation is required
- Packet contains image data
- Packet transmission is not done properly
John is a penetration tester who wants to perform port scan on the DNS Server (IP address: 192.168.0.124) deployed in the perimeter. In his primary research, he identified that the DNS server is configured with default settings.
Since he is employing Nmap tool to perform port scanning, which of the following Nmap commands should John execute to port scan the DNS Server?
- nmap -sS -sU –p 80 192.168.0.124
- nmap -sS -sU –p 69 192.168.0.124
- nmap -sS -sU –p 123 192.168.0.124
- nmap -sS -sU –p 53 192.168.0.124
Linson, an employee in Skitac Ltd., notices a USB flash drive on the pavement of the company. Before he could hand it over to the security guard, he tries to check it out. He connects it with an OTG to his mobile phone and finds some of his favorite music playlists and games. He tries to download them into his mobile, but very lately he came to know that he has been attacked and some of his sensitive financial information was exposed to attackers.
What type of attacks did Linson face?
- Social engineering attack
- Phishing attack
- Wardriving attack
- Impersonation attack
ABC bank, a UK-based bank hired Anthony, to perform a penetration test for the bank. Anthony began performing lookups on the bank’s DNS servers, reading news articles online about the bank, performing competitive intelligence gathering, watching what times the bank employees come and go, and searching the bank’s job postings.
What phase of the penetration testing is Anthony currently in?
- Attack phase
- Post-attack phase
- Pre-attack phase
- Remediation phase
James, a penetration tester, found a SQL injection vulnerability in the website http://www.xsecurity.com. He used sqlmap and extracted the website’s databases from the sql server, one of them being “offices.” Which among the following sqlmap queries does James issue in order to extract the tables related to the database “offices”?
- sqlmap -u “www.xsecurity.com” –dbs offices -T
- sqlmap -u “www.xsecurity.com” –dbs offices –T
- sqlmap -u “www.xsecurity.com” –dbs offices -tables
- sqlmap -u “www.xsecurity.com” –dbs offices –tables
Which of the following information security acts enables to ease the transfer of financial information between institutions and banks while making the rights of the individual through security requirements more specific?
- The Digital Millennium Copyright Act (DMCA)
- Sarbanes Oxley Act (SOX)
- Computer Misuse Act 1990
- Gramm-Leach-Bliley Act (GLBA)
A security analyst at Techsoft Solutions is performing penetration testing on the critical IT assets of the company. As part of this process, he is simulating the methodologies and techniques of a real attacker because he is provided with limited or zero information about the company and its assets.
Identify the type of testing performed by the security analyst?
- Announced testing
- Blind testing
- White-box testing
- Unannounced testing
John is a newly appointed penetration testing manager in ABC Ltd. He is assigned a task to build a penetration testing team and asked to justify the return on investment (ROI).
To assess and predict the ROI of the team by considering the parameters like expected returns from the team and cost of investment, how can John calculate the ROI?
- ROI = (Cost of investment – Expected returns)/Expected returns
- ROI = (Expected returns – Cost of investment)/Cost of investment
- ROI = (Expected returns + Cost of investment)/Cost of investment
- ROI = (Cost of investment + Expected returns)/Expected returns
A penetration tester at Trinity Ltd. is performing IoT device testing. As part of this process, he is checking the IoT devices for open ports using port scanners such as Nmap. After identifying the open ports, he started using automated tools to check each open port for any exploitable vulnerabilities.
Identify the IoT security issues the penetration tester is trying to uncover?
- Insecure software/firmware
- Lack of transport encryption
- Insecure network services
- Insufficient security configurability
Peter is working on a pen testing assignment. During the reconnaissance phase, Peter discovered that the client’s SYSLOG systems are taken off for four hours on the second Saturday of every month for maintenance. He wants to analyze the client’s web pages for sensitive information without triggering their logging mechanism. There are hundreds of pages on the client’s website and it is difficult to analyze all the information in just four hours.
What will Peter do to analyze all the web pages in a stealthy manner?
- Use HTTrack to mirror the complete website
- Use WayBackMachine
- Perform reverse DNS lookup
- Search the Internet, newsgroups, bulletin boards, and negative websites for information about the client
SecInfo is a leading cyber security provider who recently hired Andrew, a security analyst. He was assigned the task of identifying vulnerabilities in the NFC devices by performing an attack on them. In this process, he was present with his device in the close proximity with the NFC devices that are sharing data so that he can eavesdrop on the data and at the same time block the transmission to the receiver. He then manipulated the captured data and further relayed the data to the receiver.
Identify the type of attack performed by Andrew on the target NFC devices?
- Ticket cloning
- MITM attack
- DoS attack
- Virus attack
Joe works as an engagement team lead with Xsecurity Inc. His pen testing team follows all the standard pentesting procedures, however, one of the team members inadvertently deletes a document containing the client’s sensitive information. The client is suing Xsecurity for damages.
Which part of the Penetration Testing Contract should Joe have written better to avoid this lawsuit?
- Objective of the penetration test
- Indemnification clause
- Fees and project schedule
- Non-disclosure clause
A recent study from HyThech Technologies found that three of the most popular websites are having most commonly exploitable flaw in their web applications. Using this vulnerability, an attacker may inject malicious code that can be executed on a user’s machine. Also, the study revealed that most sensitive target of this vulnerability is stealing session cookies. This helps attackers to duplicate the user session and access anything the user can perform on a website like manipulating personal information, creating fake social media posts, stealing credit card information and performing unauthorized financial transactions, etc.
Identify the vulnerability revealed by HyThech Technologies?
- DoS vulnerability
- Buffer overflow vulnerability
- Insecure decentralization vulnerability
- XSS vulnerability
Stuart is a database penetration tester working with Regional Server Technologies. He was asked by the company to identify the vulnerabilities in its SQL database. Stuart wanted to perform a SQL penetration by passing some SQL commands through a web application for execution and succeeded with a command using a wildcard attribute indicator.
Which of the following strings is a wildcard attribute indicator?
A web application developer is writing code for validating the user input. His aim is to verify the user input against a list of predefined negative inputs to ensure that the received input is not one among the negative conditions.
Identify the input filtering mechanism being implemented by the developer?
- Black listing
- White listing
Clark, a professional hacker, decided to bring down the services provided by the target organization. In the initial information-gathering stage, he detected some vulnerabilities in the TCP/IP protocol stack of the victim’s system. He exploited these vulnerabilities to create multiple malformed packets in ample magnitude and has sent these unusually crafted packets to the victim’s machine.
Identify the type of attack being performed by Clark?
- Dictionary attack
- DoS attack
- SNMP brute-forcing attack
- ARP attack
Jackson, a social media editor for Early Times, identified that there are exploitable zero-day vulnerabilities in many of the open source protocols and common file formats across software used by some of the specific industries. To identify vulnerabilities in software, he had sent malformed or random input to the target software and then observed the result. This technique helps in uncovering zero-day vulnerabilities and helps security teams in identifying areas where the quality and security of the software need to be improved.
Identify the technique used by Jackson to uncover zero-day vulnerabilities?
- Application fuzz testing
- Application black testing
- Source code review
- Application white testing