David is working on a pen testing assignment as a junior consultant. His supervisor told him to test a web application for SQL injection. The supervisor also informed David the web application is known to be vulnerable to the "admin' OR '" injection. When David tried this string, he received a WAF error message the input is not allowed. Which of the following strings could David use instead of the above string to bypass the WAF filtering?
A. exec sp_addsrvrolemember 'name ' , 'sysadmin '
B. ' union select
C. admin') or '1'='1'-
D. 'or username like char(37);
Dale is a penetration tester and security expert. He works at Sam Morrison Inc. based in Detroit. He was assigned to do an external penetration testing on one of its clients. Before digging into the work, he wanted to start with reconnaissance and grab some details about the organization. He used tools like Netcraft and SHODAN and grabbed the internal URLs of his client. What information do the internal URLs provide?
A. Internal URLs provide an insight into various departments and business units in an organization
B. Internal URLs provide database related information
C. Internal URLs provide server related information
D. Internal URLs provide vulnerabilities of the organization
Martin works as a professional Ethical Hacker and Penetration Tester. He is an ESCA certified professional and was following the LPT methodology to perform the penetration testing. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs, (mostly by trial and error), looking for any information about the different departments and business units. Martin was unable to find any information. What should Martin do to get the information he needs?
A. Martin should use email tracking tools such as eMailTrackerPro to find the company's internal URLs
B. Martin should use online services such as netcraft.com to find the company's internal URLs
C. Martin should use WayBackMachine in Archive.org to find the company's internal URLs
D. Martin should use website mirroring tools such as HTTrack Web Site Copier to find the company's internal URLs
John is a network administrator and he is configuring the Active Directory roles in the primary domain controller (DC) server. Whilst configuring the Flexible Single Master Operation (FSMO) roles in the primary DC, he configured one of the roles to synchronize the time among all the DCs in an enterprise. The role that he configured also records the password changes performed by other DCs in the domain, authentication failures due to entering an incorrect password, and processes account lockout activities. Which of the following FSMO roles has John configured?
A. RID master
B. PDC emulator
C. Domain naming master
D. Schema master
Jackson, a social media editor for Early Times, identified that there are exploitable zero-day vulnerabilities in many of the open source protocols and common file formats across software used by some of the specific industries. To identify vulnerabilities in software, he had sent malformed or random input to the target software and then observed the result. This technique helps in uncovering zero-day vulnerabilities and helps security teams in identifying areas where the quality and security of the software need to be improved. Identify the technique used by Jackson to uncover zero-day vulnerabilities?
A. Application fuzz testing
B. Application black testing
C. Source code review
D. Application white testing
Stuart is a database penetration tester working with Regional Server Technologies. He was asked by the company to identify the vulnerabilities in its SQL database. Stuart wanted to perform a SQL penetration by passing some SQL commands through a web application for execution and succeeded with a command using a wildcard attribute indicator. Which of the following strings is a wildcard attribute indicator?
A. ?Param1=fooandParam2=bar
B. %
C. @variable
D. @@variable
A web application developer is writing code for validating the user input. His aim is to verify the user input
against a list of predefined negative inputs to ensure that the received input is not one among the negative
conditions.
Identify the input filtering mechanism being implemented by the developer?
A. Black listing
B. White listing
C. Authentication
D. Authorization
Clark, a professional hacker, decided to bring down the services provided by the target organization. In the initial information-gathering stage, he detected some vulnerabilities in the TCP/IP protocol stack of the victim's system. He exploited these vulnerabilities to create multiple malformed packets in ample magnitude and has sent these unusually crafted packets to the victim's machine. Identify the type of attack being performed by Clark?
A. Dictionary attack
B. DoS attack
C. SNMP brute-forcing attack
D. ARP attack
A recent study from HyThech Technologies found that three of the most popular websites are having most commonly exploitable flaw in their web applications. Using this vulnerability, an attacker may inject malicious code that can be executed on a user's machine. Also, the study revealed that most sensitive target of this vulnerability is stealing session cookies. This helps attackers to duplicate the user session and access anything the user can perform on a website like manipulating personal information, creating fake social media posts, stealing credit card information and performing unauthorized financial transactions, etc. Identify the vulnerability revealed by HyThech Technologies?
A. DoS vulnerability
B. Buffer overflow vulnerability
C. Insecure decentralization vulnerability
D. XSS vulnerability
SecInfo is a leading cyber security provider who recently hired Andrew, a security analyst. He was assigned the task of identifying vulnerabilities in the NFC devices by performing an attack on them. In this process, he was present with his device in the close proximity with the NFC devices that are sharing data so that he can eavesdrop on the data and at the same time block the transmission to the receiver. He then manipulated the captured data and further relayed the data to the receiver. Identify the type of attack performed by Andrew on the target NFC devices?
A. Ticket cloning
B. MITM attack
C. DoS attack
D. Virus attack
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ECSAV10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.