EC-COUNCIL EC-COUNCIL Certifications ECSAv8 Questions & Answers

• Question 61:

  Traceroute is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network. It sends a sequence of three Internet Control Message Protocol (ICMP) echo request packets addressed to a destination host.

  The time-to-live (TTL) value, also known as hop limit, is used in determining the intermediate routers being traversed towards the destination.

  

  During routing, each router reduces packets' TTL value by

  A. 3

  B. 1

  C. 4

  D. 2

  Correct Answer: B

  Reference: http://www.packetu.com/2009/10/09/traceroute-through-the-asa/

• Question 62:

  Which of the following attributes has a LM and NTLMv1 value as 64bit + 64bit + 64bit and NTLMv2 value as 128 bits?

  A. Hash Key Length

  B. C/R Value Length

  C. C/R Key Length

  D. Hash Value Length

  Correct Answer: B

  Reference: http://books.google.com.pk/books?id=QWQRSTnkFsQCandpg=SA4- PA5andlpg=SA4PA5anddq=attributes+has+a+LM+and+NTLMv1+value+as+64bit+%2B+64bit+%2B+64bit+an d+NTLMv2 +value+as+128+bitsandsource=blandots=wJPR32BaF6andsig=YEt9LNfQAbm2Mc6obVggKCkQ2sandhl=enandsa=Xandei=scMfVMfdC8u7ygP4xYGQDgandved=0CCkQ6AEwAg#v =onepageandq=attributes%20has%20a%20LM%20and%20NTLMv1%20value%20as%2064 bit%20%2B% 2064bit%20%2B%2064bit%20and%20NTLMv2%20value%20as%20128%20 bitsandf=false (see Table 4-1)

• Question 63:

  Which of the following is NOT generally included in a quote for penetration testing services?

  A. Type of testing carried out

  B. Type of testers involved

  C. Budget required

  D. Expected timescale required to finish the project

  Correct Answer: B

• Question 64:

  If a web application sends HTTP cookies as its method for transmitting session tokens, it may be vulnerable which of the following attacks?

  A. Parameter tampering Attack

  B. Sql injection attack

  C. Session Hijacking

  D. Cross-site request attack

  Correct Answer: D

  Reference: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

• Question 65:

  SQL injection attack consists of insertion or "injection" of either a partial or complete SQL query via the

  data input or transmitted from the client (browser) to the web application.

  A successful SQL injection attack can:

  i)Read sensitive data from the database

  iii)Modify database data (insert/update/delete)

  iii)Execute administration operations on the database (such as shutdown the DBMS)

  iV)Recover the content of a given file existing on the DBMS file system or write files into the file system

  v)Issue commands to the operating system

  

  Pen tester needs to perform various tests to detect SQL injection vulnerability. He has to make a list of all input fields whose values could be used in crafting a SQL query, including the hidden fields of POST requests and then test them separately, trying to interfere with the query and to generate an error.

  In which of the following tests is the source code of the application tested in a non-runtime environment to detect the SQL injection vulnerabilities?

  A. Automated Testing

  B. Function Testing

  C. Dynamic Testing

  D. Static Testing

  Correct Answer: A

  Reference:

  http://ijritcc.org/IJRITCC%20Vol_2%20Issue_5/Removal%20of%20Data%20Vulnerabilities %20Using%

  20SQL.pdf

• Question 66:

  Which of the following scan option is able to identify the SSL services?

  A.璼S

  B.璼V

  C.璼U

  D.璼T

  Correct Answer: B

  Reference: https://www.owasp.org/index.php/Testing_for_SSL-TLS_(OWASP-CM-001) (blackbox test and example, second para)

• Question 67:

  Which of the following protocol's traffic is captured by using the filter tcp.port==3389 in the Wireshark tool?

  A. Reverse Gossip Transport Protocol (RGTP)

  B. Real-time Transport Protocol (RTP)

  C. Remote Desktop Protocol (RDP)

  D. Session Initiation Protocol (SIP)

  Correct Answer: C

  Reference: http://wiki.wireshark.org/RDP

• Question 68:

  In the process of hacking a web application, attackers manipulate the HTTP requests to subvert the application authorization schemes by modifying input fields that relate to the user ID, username, access group, cost, file names, file identifiers, etc. They first access the web application using a low privileged account and then escalate privileges to access protected resources. What attack has been carried out?

  A. XPath Injection Attack

  B. Authorization Attack

  C. Authentication Attack

  D. Frame Injection Attack

  Correct Answer: B

  Reference: http://luizfirmino.blogspot.com/2011_09_01_archive.html (see authorization attack)

• Question 69:

  The amount of data stored in organizational databases has increased rapidly in recent years due to the rapid advancement of information technologies. A high percentage of these data is sensitive, private and critical to the organizations, their clients and partners. Therefore, databases are usually installed behind internal firewalls, protected with intrusion detection mechanisms and accessed only by applications. To access a database, users have to connect to one of these applications and submit queries through them to the database. The threat to databases arises when these applications do not behave properly and construct these queries without sanitizing user inputs first.

  Identify the injection attack represented in the diagram below:

  

  A. Frame Injection Attack

  B. LDAP Injection Attack

  C. XPath Injection Attack

  D. SOAP Injection Attack

  Correct Answer: B

  Reference: e https://www.blackhat.com/presentations/bh-europe-08/Alonso- Parada/Whitepaper/bh-eu-08alonso-parada-WP.pdf ( page 3 to 5)

• Question 70:

  Transmission control protocol accepts data from a data stream, divides it into chunks, and adds a TCP header creating a TCP segment.

  The TCP header is the first 24 bytes of a TCP segment that contains the parameters and state of an endto-end TCP socket. It is used to track the state of communication between two TCP endpoints.

  For a connection to be established or initialized, the two hosts must synchronize. The synchronization requires each side to send its own initial sequence number and to receive a confirmation of exchange in an acknowledgment (ACK) from the other side

  The below diagram shows the TCP Header format: How many bits is a acknowledgement number?

  

  A. 16 bits

  B. 32 bits

  C. 8 bits

  D. 24 bits

  Correct Answer: B

  Reference: http://en.wikipedia.org/wiki/Transmission_Control_Protocol (acknowledgement number)