12/15/2020 We Love You, Guys!

E C S A E X A M PART 1 ~ Try to Grab

We Love You, Guys! E C S A E X A M PART 1

SULTAN SULTAN

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 1/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 1
Sam was asked to conduct penetra on tests on one of the client's internal networks. As part of the tes ng
process, Sam performed enumera on to gain informa on about computers belonging to a domain, list of
shares on the individual hosts in the network, policies and passwords.

Iden fy the enumera on technique.

NetBIOS Enumera on
SMTP Enumera on
NTP Enumera on
DNS Enumera on

Question 2
Ma hew is working on a pen test engagement. In the vulnerability scanning phase, he has iden fied a vulnerability giving him remote access to the target
machine. Ma hew uses the Metasploit framework and gains a meterpreter session on the target machine. However, when Ma hew tries to dump the password
hashes from the remote machine, he receives an error that permission is denied. Which of the following Metasploit exploits escalate his privileges on the target
machine?

exploit/mul /handler
exploit/windows/local/bypassuac
exploit/windows/dcerpc/ms03_026_dcom
exploit/windows/smb/psexec

Question 3
Christen is a renowned SQL penetra on tes ng specialist in the US. A mul na onal ecommerce company hired him to check for vulnerabili es in the SQL
database. Christen wanted to perform SQL penetra on tes ng on the database by entering a massive amount of data to crash the web applica on of the
company and discover coding errors that may lead to a SQL injec on a ack. Which of the following tes ng techniques is Christen using?

Fuzz Tes ng
Automated Exploita on
Stored Procedure Injec on
Union Exploita on

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 2/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 3/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 4
During penetra on tes ng on some mobile devices, Steve discovered a suspicious applica on (apk) installed on a device that had permissions to access the
device's camera, phonebook, storage, etc. He, then used code analysis tools to gather valuable informa on regarding the applica on's source code, proprietary
IP, etc in an a empt to obtain the origin of the applica on.

Which of the following techniques did Steve implement, in order to obtain the la er informa on?

Code encryp on
Code signing
Reverse coding
Reverse engineering

Question 5
Jason is working on a pentes ng assignment. He is sending customized ICMP packets to a host in the
target”network.”However,”the”ping”requests”to”the”target”failed”with””ICMP”Time”Exceeded”Type”=”11” error messages.

What can Jason do to overcome this error?

Increase the TTL value in the packets

Increase the Window size in the packets
Set a Fragment Offset
Increase the ICMP header length

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 4/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 5/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 6
Iden fy the PRGA from the following screenshot:
0842 0201 000f b5ab cb9d 0014 6c7e 4080
replay_src-0124-161120.cap
fragment-0124-161129.xor
0505 933f af2f 740e

Question 7
A large IT based company hired Gary, a penetra on tester, to perform mobile penetra on tes ng in the
organiza on. Gary knows that mobile penetra on tes ng requires roo ng/jailbreaking of mobile devices. Gary observed that most of the employees in the
organiza on are using iPhones.

Which of the following tools should Gary use to jailbreak the mobile devices?

Pangu
SuperOneClick
One Click Root
Superboot

Question 8
Which of the following is true about Full-duplex TCP service?

Full-duplex service allows sending informa on in both direc ons between two nodes, but only one direc on or the other can be u lized at a me
Full-duplex services are the only services that provide error free delivery
Full-duplex is the only service that provides reliable data delivery
Full-duplex service allows data flow in each direc on, independent of the other direc on

Question 9
An a acker injects malicious query strings in user input fields to bypass the web service authen ca on mechanisms and to access back-end
databases.

Which of the following a acks is this?

Frame Injec on A ack

LDAP Injec on A ack
SOAP Injec on A ack
XPath Injec on A ack

Question 10
In an a empt to assess the security configura on of the firewall deployed on the client's network, you test
whether a par cular port on the firewall is open or closed. You use the hping u lity with the following syntax:

#hping -S -c 1 -p <port> <IP Address> -t <TTL>

What response will indicate the par cular port is allowed in the firewall?

No Response
ICMP Port Unreachable
TTL Exceeded
Host Unreachable

Question 11
Iden fy the a ack from the descrip on below:

I. User A sends an ARP request to a switch

II. The switch broadcasts the ARP request in the network
An a acker eavesdrops on the ARP request and responds by spoofing as a legi mate user IV. The a acker sends his MAC address to User A

ARP poisoning
ARP injec on
MAC spoofing
ARP flooding

Question 12
Mike, was asked by his Informa on Security Office to recommend a firewall for the company's internal network which works at the network level of the OSI
model. The firewall must filter the network traffic based on specified session rules, such as when a session is ini ated by a recognized computer.
Which of the following firewall types should Mike recommend to his Informa on Security Office?

Circuit Level Gateway

Stateful Mul layer Inspec on Firewall
Applica on Level Firewall
Packet Filtering Firewall

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 6/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 13
Sam is a penetra on tester and network admin at McLaren & McLaren, based out of Washington. The
Company has recently deployed IPv6 in their network. Sam found problems with the protocol implementa on and tried to redeploy IPv6 over IPv4. This me,
he used the tunneling mechanism while deploying the IPv6 network.

How does the tunneling mechanism works?

It replaces IPv4 with IPv6

It encapsulates IPv6 packets in IPv4 packets
It transfers IPv4 first and the IPv6
It splits the IPv4 packets and provide a way to IPv6

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 7/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 8/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 14
Stanley, a pen tester needs to perform various tests to detect SQL injec on vulnerabili es. He has to make a list of all input fields whose values could be used in
cra ing a SQL query. This includes the hidden fields of POST requests and then test them separately, a emp ng to interfere with the query and cause an error to
generate as a result.

In which of the following tests is the source code of the applica on tested in a non-run me environment to
detect the SQL injec on vulnerabili es?

Dynamic Tes ng
Source Code Tes ng
Func on Tes ng
Sta c Tes ng

Question 15
Richard, a penetra on tester was asked to assess a web applica on. During the assessment, he discovered a file upload field where users can upload their profile
pictures. While scanning the page for vulnerabili es, Richard found a file upload exploit on the web site. Richard wants to test the web applica on by uploading a
malicious PHP shell, but the web page denied the file upload. Trying to get around the security, Richard added the 'jpg' extension to the end of the file. The new
file name ended with '.php.jpg'. He then used the Burp suite tool and removed the 'jpg' extension from the request while uploading the file. This enabled him to
successfully upload the PHP shell.

Which of the following techniques has Richard implemented to upload the PHP shell?

Cookie tampering
Parameter tampering
Session stealing
Cross site scrip ng

Question 16
Na onal Insurance, a large insurance services provider based out of Atlanta, US, was worried about the
security of their informa on assets due to an increase in the number of data breaches occurring around the world. The company requested Anthony, to
perform a comprehensive security audit of the company's
informa on systems. Anthony, decided to collect some preliminary informa on about Na onal Insurance's
network. During this phase, Anthony used the 46Bouncer u lity to understand the complexity of his
new
assignment.

What is Anthony trying to ascertain by using the 46Bouncer u lity?

The use of IPv6 in the company's network

The use of mail servers in the company's network
The type of perimeter security solu ons used in the company 's network
Deployment of a honeypot in the company

Question 17
Which type of penetra on tes ng will require you to send the Internal Control Ques onnaires (ICQ) to the client?

Unannounced tes ng
Blind tes ng
White-box tes ng
Black-box tes ng

Question 18
Depp Networks is a leader in providing ethical hacking services. They were tasked to examine the strength of a client network. A er using a wide range of
tests, they finally zeroed in on ICMP tunneling to bypass the firewall.

What factor makes ICMP tunneling appropriate to bypass the firewall?

Firewalls can not handle the fragmented packets

Deep packet inspec on
Firewalls can not inspect ICMP packets
The payload por on is arbitrary and not examined by most firewalls

Question 19
Adam is working as a senior penetra on tester at Eon Tech Services Ltd. The company asked him to perform penetra on tes ng on their database. The
company informs Adam they use Microso SQL Server. As a part of the penetra on tes ng, Adam wants to know the complete informa on about the
company's database. He uses the Nmap tool to get the informa on.

Which of the following Nmap commands will Adam use to get the informa on?

nmap -p1801 --script ms-sql-info

nmap -p1443 --script ms-sql-info
nmap -p2051 --script ms-sql-info

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 9/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

nmap -p1521 --script ms-sql-info

Question 20
Karen is a Network engineer at ITSec, a reputed MNC based in Philadelphia, USA. She wants to retrieve the DNS records from the publicly available servers.
She searched using Google for the providers DNS Informa on and found the following sites:

h p://www.dnsstuff.com
h ps://dnsquery.org
Through these sites she got the DNS records informa on as she wished.
What informa on is contained in DNS records?

Informa on such as mail server extensions, IP addresses etc.

Informa on about the DNS logs.
Informa on about local MAC addresses.
Informa on about the database servers and its services.

Question 21
A company has recently witnessed a security breach and sensi ve customer data was published online. Arnold has been specifically asked to check for the
different ways insiders can pass data outside of the company. In order to avoid IDS and data leakage preven on systems, Arnold hid some data in image files.

Which of following techniques is Arnold using to pass the data outside of the company?

Inser on a ack
HTTP tunneling
Steganography
Cryptography

Question 22
Michel works as a penetra on tester in a firm named ITSecurity inc. Recently, Michel was given an assignment to test the security of the firewalls deployed by a
client. While conduc ng the test, Michel found the company uses the OSI model for network communica ons. He also determined the firewall is only monitoring
TCP handshaking of packets at the session layer to determine whether a requested session is legi mate.

Iden fy the type of firewall used by the company??

Stateful mul layer inspec on firewall

Applica on level firewall
Packet filtering firewall
Circuit level gateway firewall

Question 23
Adam is a senior penetra on tester at XYZsecurity Inc. He is audi ng a wireless network for vulnerabili es.

Before star ng the audit, he wants to ensure that the wireless card in his machine supports injec on.
He decided to use the latest version of aircrack-ng tool.

Which of the following commands will help Adam check his wireless card for injec on?

airodump-ng wlan0 �b wlan0

aireplay-ng -5
airdecap-ng -3 wlan0
aireplay-ng -9 wlan0

Question 24
Rebecca works as a Penetra on Tester in a security service firm named Xsecurity. Rebecca placed a sniffer on a subnet residing deep inside the client's network.
She used the Firewalk tool to test the security of the company's network firewall. A er the test, when Rebecca checked the sniffer logs, she was unable to see
any traffic produced by the Firewalk tool.

What is the reason for this?

She cannot see the traffic because Firewalk sets all packets with a TTL of zero.
Firewalk cannot pass through firewalls.
Network sniffers cannot detect firewalk so that is why none of the traffic appears.
Rebecca does not see any of the Firewalk traffic because it sets all packets with a TTL
of one.

Question 25
What is the purpose of a Get-Out-of-Jail-Free card in a pen tes ng engagement?

It is a formal approval to start pen test engagement

It indemnifies the tester against any loss or damage that may result from the tes ng
It details standards and penal es imposed by federal, state, or local governments
It gives an understanding of the limita ons, constraints, liabili es, and indemnifica on considera ons

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 10/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 26
Our local bank uses a firewall which monitors the internal network and filters the traffic the network team was hardening firewall rules over the weekend, they
ignored a basic rule of making backups of the firewall configura on before beginning the work. The next day, users complained about a technical issue and unable
to connect to some web sites. The network team troubleshooted the issue specifically to the SSL-based web sites. When a web page is opened on any of the SSL-
based sites, there is a message “your session cannot be established”. The network engineer iden fied the issue was with the firewall.

What should be done to remediate the issue without losing any of the work?

Rese ng the Firewall

Restoring the most recent backup of the firewall
Changing the firewall rule at the session layer
Restoring the default policy rule set

Question 27
Stuart has successfully cracked the WPA-PSK password during his wireless pen tes ng assignment.
However,he is unable to connect to the access point using this password.

What could be the probable reason?

The access point implement a signal jammer to protect from a ackers

It is a rogue access point
The access point implements another layer of WEP encryp on
The access point implements MAC filtering

Question 28
Jakob is working on a web applica on pen tes ng assignment. He uses Burp proxy to create a directory map of the target web app. During the audit he
intercepted a GET request with the following as the Referrer parameter:

h p://www.cer fiedhacker.com/script.ext?orders=%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63 %2f% 70%61%73%73%77%64

An analysis revealed that request is made up of:
%2e%2e%2f%2e%2e%2f%2e%2e%2f = ../../../ %65%74%63 = etc %2f = / %70%61%73%73%77%64 = passwd

What should Jakob suggest to his client to protect from these a acks?

Configure the Web Server to deny requests involving ../

Create rules in IDS to alert on strange Unicode requests
Enable Ac ve Scripts Detec on at the firewall and routers
Use SSL authen ca on on Web Servers

Question 29
Analyze the screenshot below:

What the a acker is trying to achieve?

Stealing cookies using parameter tampering

Manipula ng cookies using the CSRF a ack
Manipula ng cookies using XSS a ack
Stealing cookies using XSS a ack

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 11/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 12/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 30
Jacob is performing a vulnerability assessment of the web resources in his organiza on. During the scanning phase, Jacob discovered a web server is running
an FTP server. Jacob performed research on this FTP server and discovered it has a vulnerability enabling an a acker to perform directory traversal.

The next step is using directory traversal a acks on the webserver.

Which type of vulnerability assessment is Jacob performing?

Zero-day Assessment
Inference-based Assessment
Tree-based Assessment
Passive Assessment

Question 31
Stuart is a database penetra on tester working with Regional Server Technologies. He was asked by the company to iden fy vulnerabili es in its SQL database.
Stuart wanted to perform a SQL penetra on by passing some SQL commands through a web applica on for execu on and succeeded with a command using a
wildcard a ribute indicator.

Which of the following strings is a wildcard a ribute indicator?

%
@variable
@@variable
?Param1=foo&Param2=bar

Question 32
While audi ng a web applica on for vulnerabili es, Donald uses Burp proxy and modifies the get request as below:

h p://www.juggyboy.com/GET/process.php./../../../../../../../../etc/passwd What Donald is trying to achieve?

Donald is trying to upload /etc/password file to the web server root folder
Donald is modifying process.php file to extract /etc/password file
Donald is trying SQL injec on to extract the contents of /etc/password file
Donald is trying directory traversal to extract /etc/password file

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 13/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 14/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 33
You are joining a new organiza on as a VAPT Manager. Your predecessor informs you that the 's Organiza on complete informa on security infrastructure is in
the middle of a regular vulnerability management life cycle. He priori zed the vulnerabili es in the system and you have to start with patching these
vulnerabili es first.

Which phase of vulnerability management is the informa on system in now?

Risk Assessment
Remedia on
Vulnerability Assessment
Crea ng Baseline

Question 34
How does OS Fingerprin ng help you as a pen tester?

It defines exactly what so ware the target has installed

It opens a security-delayed window based on the port being scanned 't depend on the patches that have been applied to fix exis ng security holes
It doesn
It helps to research vulnerabili es that you can use to exploit on a target system

Question 35
Which of the following tasks is done a er submi ng the final pen tes ng report?

Kick-off mee ng
Exploi ng vulnerabili es
System patching and hardening
Mission briefing

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 15/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 16/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 36
Daniel is an ECSA cer fied penetra on tester who is an expert at performing penetra on tests for mobile devices. He is working on a project where he needs to
pen test iPhone devices for a company. As part of the job, Daniel wants to intercept the traffic of the iPhone mobile devices using the Charles proxy tool. He
installs the Charles proxy tool on a worksta on and tries to configure the HTTP Proxy se ngs on a WiFi
network in the iPhone's se ngs. During the configura on, he needs to enter a port number on which Charles is running.
Which of the following port number values does he need to enter to con nue the configura on?

8888
8080
8008
8088

Question 37
Frank is performing a wireless pen tes ng for an organiza on. Using different wireless a ack techniques, he successfully cracked the WPA-PSK key. He is trying to
connect to the wireless network using the WPA- PSK key. However, he is unable to connect to the WLAN as the target is using MAC filtering.

What would be the easiest way for Frank to circumvent this and connect to the WLAN?

A empt to crack the WEP key

Sniff traffic off the WLAN and spoof his MAC address to the one that he has captured
Use deauth command from aircrack-ng to deauthen cate a connected user and hijack the session
Crack the Wi-Fi router login creden als and disable the ACL

Question 38
GenSec Inc, a UK-based Company, uses Oracle database to store all its data. The company also uses Oracle DataBase Vault to restrict user access to specific
areas of their database. GenSec hired a senior penetra on tester and security auditor named Victor to check the vulnerabili es of the company's
Oracle DataBase Vault. He was asked to find all the possible vulnerabili es that can bypass the company's Oracle DB Vault. Victor tried different kinds of a acks
to penetrate into the company's Oracle DB Vault and succeeded.

Which of the following a acks can help Victor to bypass GenSec's Oracle DB Vault?

Replay A ack
Man-in-the-Middle A ack
SQL Injec on
Denial-of-Service A ack

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 17/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 18/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 39
Which Oracle database listener mode provides network access to an Oracle database instance?

Database
PLSExtProc
Executable
Tnslnsr

Question 40
HDC Networks Ltd. is a leading security services company. Ma hew works as a penetra ng tester with this firm. He was asked to gather informa on about the
target company. Ma hew begins with social engineering by following the steps:

I. Secretly observes the target to gain cri cal informa on

Looks at employee's password or PIN code with the help of binoculars or a low-power telescope Based on the above descrip on, iden fy the informa on

gathering technique.
Phishing
Tailga ng
Shoulder surfing
Dumpster diving

Question 41
ABC Bank, a UK-based bank hired Anthony, to perform a penetra on test for the bank. Anthony began performing lookups on the bank's DNS servers, reading
news ar cles online about the bank, performing compe ve intelligence gathering, watching what mes the bank employees come and go, and searching the
bank's job pos ngs.

What phase of the penetra on tes ng is the Anthony currently in?

Pre-a ack phase

A ack phase
Post-a ack phase
Remedia on phase

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 19/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 20/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 42
William, a penetra on tester in a pen test firm, was asked to get the informa on about the SMTP server on a target network.

What does William need to do to get the SMTP server informa on?

Look for informa on available in web page source code

Examine the session variables
Send an email message to a non-exis ng user of the target organiza on and check for bounced mail header
Examine TCP sequence numbers

Question 43
Paul is security analyst at Rex Security Consulta on. The company asked him to inves gate malicious ac vity in one of its client's network. Paul is trying to bypass
the client's IDS. He sent some packets with an encoded a ack payload in unicode to bypass IDS filters. He manipulated the path referenced in the signature to
trick the IDS.

Which of the following techniques did Paul implement to penetrate through the client IDS?

Packet Overlapping
Obfusca on
Unicode Evasion
False-Posi ve Genera on

Question 44
Nancy Jones is a network admin at Society Technology Ltd. When she is trying to send data packets from one network (Token-ring) to another network (Ethernet),
she receives an error message sta ng: `Des na on unreachable'

What is the reason behind this?

Packet contains image data

Packet fragmenta on is required
Packet is lost
Packet transmission is not done properly

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 21/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 22/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 45
Analyze the packet capture from Wireshark below and mark the correct statement.

It is an answer to the itera ve query from Microso .com DNS server

It is an invalid DNS query
It is a DNS response message
It is Host ( A record ) DNS query message

Question 46
Mar n works as a professional Ethical Hacker and Penetra on Tester. He is an ECSA cer fied professional and was following the LPT methodology to perform the
penetra on tes ng. He is assigned a project for informa on gathering on a client's network. He started penetra on tes ng and was trying to find out the
company's internal URLs, (mostly by trial and error), looking for any informa on about the different departments and business units. Mar n was unable find any
informa on.

What should Mar n do to get the informa on he needs?

Mar n should use WayBackMachine in Archive.org to find the company's internal

URLs
Mar n should use email tracking tools such as eMailTrackerPro to find the company's internal URLs
Mar n should use website mirroring tools such as HTTrack Web Site Copier to find the company's internal URLs
Mar n should use online services such as netcra .com to find the company's internal
URLs

Question 47
Kevin is trying to pen test an Android mobile device. He wants to extract the PIN and gesture key from the device. Kevin knows that
the gesture.key and password.key hold the informa on that he is looking for. He accesses the Android file system from an Android IDE but could not locate these
files. Which of the following will allow Kevin to access these files and their content?

Roo ng
Tethering
Jailbreaking
Debugging

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 23/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 24/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 48
Karen was running port scans on each machine of her network in order to iden fy suspicious ports on the
target machines. She observed the following results during the port scan of a par cular machine.

I. Some of the ports were not being acknowledged, i.e. no acknowledgement from the target machine
Some ports were responding with SYN + ACK packets III. Some ports were responding with a RST packet

What should she interpret for the ports that did not return the acknowledgment?

She should treat those ports as Closed ports

She should treat those ports as Open ports
She should treat those ports as Stealth ports
She should treat those ports as Half Open ports

Question 49
George works at 3D-Networks Ltd as a Network Admin. He received an email from one of his clients sta ng that the client's company website has some flaws and
they are receiving con nuous emails from customers about the inconveniences. While checking the web servers, he found loopholes with the DNS servers and
he installed DNSSEC-Aware lookups. This made the site func onal and the client was happy with the outcome.

What problem does a Non-DNSSEC-Aware site face?

The users commands will be delayed and the informa on they requested may be not delivered.
The users will get more informa on than they desired.
A mischievous Internet user can cut off the request and send back incorrect informa on by spoofing the response.
The site becomes slow and vulnerable

Question 50
Three transi on mechanisms are available to deploy IPv6 on IPv4 networks. Which of the following is not an IPv6 transi on mechanism?

Dual Stacks
Tunneling
Transla on
Posi ve Acknowledgement and Retransmission (PAR)

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 25/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 26/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 51
Consider the following code:

URL:h p://www.xsecurity.com/search.pl?text=< script >alert(document.cookie)< / script >

If an a acker tricks a vic m into clicking a link like this, and the Web applica on does not validate the input, the vic m's browser will pop up an alert showing the
users current set of cookies. An a acker can do much more damage, including stealing passwords, rese ng your home page, or redirec ng the user to another
Web site.

What is the countermeasure against XSS scrip ng?

Connect to the server using the HTTPS protocol instead of HTTP

Disable Javascript in the browsers
Replace "<" and ">" characters with ?lt;? and ?gt;?using server scripts
Create an IP access list and restrict connec ons based on port number

Question 52
Analyze the WSDL document below:

<?xml version="l.O encoding="U TF-S' standalone= ' no' ?>

<SOAP-ENV: Envelope )(mlns: SOAPSDK1="h p://www.w3.org/2001/ XMLschema' xmlns: SOAPSDK2="h p ://www .w3 .org/200 l/XMLSchem.o- inst.once" xmlns:
SOAPSDK3="h p://schemas
.xmlso.op .org/soap/ encoding/' xmlns: SOAPENV= ' h p://schemas .xmlsoap .org/soap/ envelope/'>
<SOAP- ENV:Body>
<SOAPSDK 4: GetProdLJctInforma onByName
xmlns: SOAPSDK4=' h p://sfaustlap/ProductInfo/'>
<SOAPSDK4: name>' </SOAPSDK4: name>
<SOAPSDK4: uid>312 - 111 - 8543</SOAPSDK4: uid>
<SOAPSDK4: password> 5648</SOAPSDK4: password>
</SOAPSDK 4: GetProduct Informa on B y Name>
</SOAP-ENV: Body>
</SOAP-ENV: Envelope>

Thomas, a pen tester, enters a ck mark (`) for user name. What Thomas is trying to achieve?

The ck mark (`) will result in buffer overflow and crash the web service
The ck mark (`) will result in error and Jason can gather informa on about the web
service
The ck mark (`) will help Jason to extract the underlying database
The ck mark (`) will enable Jason to extract usernames of all the users using the web
service

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 27/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 28/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 53
A hacker ini ates so many invalid requests to a cloud network host that the host uses all its resources responding to the invalid requests and ignores the
legi mate requests. Iden fy the type of a ack

Denial of Service (DoS) a acks

Side Channel a acks.
Man-in-the-middle cryptographic a acks
Authen ca on a acks.

Question 54
Which of the following SQLMAP commands will allow you to test if a parameter in a target URL is vulnerable to SQL injec on (injectable)?

sqlmap -url [ Target URL ]

sqlmap -g "inurl:\".php?id=1\""
sqlmap -host [ Target URL ]
sqlmap.py -l burp.log --scope="(www)?\.[target]\.(com|net|org)"

Question 55
David is audi ng the IDS systems deployed at one of his client organiza ons. During reconnaissance he realized the organiza on is using an outdated IDS system
that does not reconstruct sessions before performing any pa ern matching on the data. He then sends several data packets to the IDS with a me delay and is
successful in keeping the session ac ve longer than the IDS will spend on reassembling. With this the IDS stopped working and the packets David sent bypassed
the IDS to reach the intended des na on host.

Which of the following IDS evasion techniques was used?

Session Splicing
Fragmenta on
Session Extension
Session Hijacking

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 29/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 30/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 56
Kevin is audi ng a cloud infrastructure for vulnerabili es. During the reconnaissance phase, he runs a
Nmap scan that gives him the following informa on:
Which of the following Metasploit commands will allow Kevin to decrypt the SSL traffic to the cloud? exploit

use exploit/scanner/ssl/openssl_heartbleed
exploit
use exploit/ssl/openssl_heartbleed
exploit
set payload/scanner/ssl/openssl_heartbleed
exploit
use auxiliary/scanner/ssl/openssl_heartbleed

Question 57
James is a security consultant at Big Frog So ware Pvt Ltd. He is an expert in Footprin ng and Social engineering tasks. His team lead tasked him to find details
about the target through passive reconnaissance.

James used websites to check the link popularity of the client's domain name.

What informa on does the link popularity provide?

Informa on about visitors, their geoloca ons, etc.

Informa on about the server and its infrastructure
Informa on about the network resources
Informa on about the partners of the organiza on

Question 58
Mar n is performing an internal pentest for one of his clients. The client has provided him with the necessary informa on. The scope of the test allows Mar n
to exploit the vulnerabili es discovered during the vulnerability scans. He is permi ed to a empt a acks including Denial-of-Service (DoS) and Buffer Overflow.

How can you categorize the scope of this pentest?

Nondestruc ve black-box test

Destruc ve black-box test
Black-box test
Destruc ve test

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 31/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 32/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 59
Richard is working on a web app pen tes ng assignment for one of his clients. A er preliminary informa on, gathering and vulnerability scanning Richard
runs the SQLMAP tool to extract the database informa on.

Which of the following commands will give Richard an output as shown in the screenshot?

sqlmap -url h p://queenhotel.com/about.aspx?name=1 -D queenhotel --tables

sqlmap -url h p://queenhotel.com/about.aspx?name=1 -dbs
sqlmap -url h p://queenhotel.com/about.aspx?name=1 -database queenhotel -
tables
sqlmap -url h p://queenhotel.com/about.aspx?name=1 -D queenhotel -T -columns

Question 60
Analyze the ARP packet below and mark the correct statement.

It is an ARP request packet from a broadcast address to the reques ng host

It is a unicast ARP packet from responding host to the broadcast address
It is an ARP request packet from the reques ng host to a broadcast address
It is a mul cast ARP packet from a broadcast address to the other hosts in the network

Question 61
In Linux, the /etc/shadow file stores the real password in encrypted format for user accounts with added
proper es associated with the user's password.

In the example of a /etc/shadow file entry below, what does the Bold Red string indicate?

Vivek: $1$fnffc$GteyHdicpGOfffXX40w#5:13064:0:99999:7

Last me the password changed

The number of days a er which password must be changed
Number of days the user is warned before the expira on date
Minimum number of days required between password changes

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 33/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 34/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 62
Alice is working a pentes ng assignment. She succeeded in stealing a secure cookie via a XSS a ack.
She isable to replay the cookie even while the session is valid on the server.

Why is possible?

It works because encryp on is performed at the applica on layer (single encryp on

key)
She passes the cookie through an HTTPS session
Any cookie can be replayed irrespec ve of the session status
The scenario is invalid as a secure cookie cannot be replayed

Question 63
Peter works as a lead penetra on tester in a security service firm named Xsecurity. Recently, Peter was
assigned a white-box pen test assignment tes ng the security of an IDS system deployed by a client.

During the preliminary informa on gathering, Peter discovered the TTL to reach the IDS system from his end is 30. Peter created a Trojan and fragmented it in to
1-character packets using the Colaso packet builder tool. He then used a packet flooding u lity to bombard the IDS with these fragmented packets with the
des na on address of a target host behind the IDS whose TTL is 35.

What is Peter trying to achieve?

Peter is trying to bypass the IDS system using the inser on a ack
Peter is trying to bypass the IDS system using inconsistent packets
Peter is trying to bypass the IDS system using the broadcast address
Peter is trying to bypass the IDS system using a Trojan

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 35/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 36/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 64
During scanning of a test network, Paul sends TCP probe packets with the ACK flag set to a remote device and then analyzes the header informa on (TTL and
WINDOW field) of the received RST packets to find whether the port is open or closed.

Analyze the scanning result below and iden fy the open port.

A real life response is show below:

packet 1: host XXX.XXX.XXX.XXX port 20: F:RST -> l: 70 win: 0 => closed
packet 2: host XXX.XXX.XXX.XXX port 21: F:RST -> l: 70 win: 0 => closed
packet 3: host XXX.XXX.XXX.XXX port 22: F:RST -> l: 40 win: 0 => open
packet 4: host XXX.XXX.XXX.XXX port 23: F:RST -> l: 70 win: 0 => closed

Port 20
Port 23
Port 21
Port 22

Question 65
You have implemented DNSSEC on your primary internal DNS server to protect it from various DNS a acks.

Network users complained they are not able to resolve domain names to IP addresses at certain mes.
What could be the probable reason?

DNSSEC does not guarantee authen city of a DNS response during an a ack
DNSSEC does not provide protec on against Denial of Service (DoS) a acks
DNSSEC does not protect the integrity of a DNS response
DNSSEC does not guarantee the non-existence of a domain name or type

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 37/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 38/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 66
Joe, an ECSA cer fied professional, is working on a pen tes ng engagement for one of his SME clients. He discovered the host file in one of the Windows
machines has the following entry: 213.65.172.55 microso .com

A er performing a Whois lookup, Joe discovered the IP does not refer to Microso .com. The network admin denied modifying the host files.

Which type of a ack does this scenario present?

MAC spoofing
DNS starva on
Phishing
DNS poisoning

Question 67
Jack, a network engineer, is working on an IPv6 implementa on for one of his clients. He deployed IPv6 on IPv4 networks using a mechanism where a node can
choose from IPv6 or IPv4 based on the DNS value.This makes the network resources work simpler.

What kind of a technique did Jack use?

Tunneling
Dual stacks
Filtering
Transla on

Question 68
Which port does DHCP use for client connec ons?

UDP port 66
UDP port 68
UDP port 69
UDP port 67

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 39/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 40/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 69
Analyze the two TCP/IP packets below for a three-way handshake and iden fy the acknowledgement number in the next packet of the sequence.
12954
12953
2744081
2744082

Question 70
John, a penetra on tester and security auditor, was hired by XSecurity Services. John was asked to perform a penetra on test on the company's network. John
discovers that a user from the HR department had a dial-out modem installed. John wanted to check the organiza on's security policies to see whether the
dial-out modems are allowed or not.

Which of the following security policies should John check?

User account policy

Acceptable-use policy
Firewall-management policy
Remote-access policy

Question 71
Michael, a Licensed Penetra on Tester, wants to create an exact replica of an original website, so he can browse and spend more me analyzing it.

Which of the following tools will Michael use to perform this task?

VisualRoute
BlackWidow
NetInspector
Zaproxy

Question 72
Smart Networks Ltd is an internet service provider based in the UK. The company hired Thomson as a penetra on tester and asked him to check for
vulnerabili es in one of their clients Wi-Fi networks. He performed Android Penetra on Tes ng on the Wi-Fi network using the penetra on tes ng tool. He found
that the network is vulnerable and an a acker is able to gain access to some of the employees Android mobiles devices that are connected to the network.

Which of the following penetra on tes ng tools did Thomson use to do this?

zANTI
evasion
Burp suite
Pangu

Question 73
Henderson has completed the pen tes ng tasks. He is now compiling the final report for the client. Henderson needs to include the result of scanning that
revealed a SQL injec on vulnerability and different SQL queries that he used to bypass web applica on authen ca on.

In which sec on of the pen tes ng report, should Henderson include this informa on in?

General opinion sec on

Execu ve summary sec on
Comprehensive technical report sec on
Methodology sec on

Question 74
Henderson is a cer fied ethical hacker working as an informa on security manager at Digital Essence Ltd. The
Henderson is a cer fied ethical hacker working as an informa on security manager at Digital Essence Ltd. The company uses Oracle (11g) database to store its
data. As part of their database penetra on tes ng, he wants to check whether the company's web applica ons are vulnerable to SQL injec on a ack or not.
Henderson tried different SQL queries and discovered that it is vulnerable to SQL injec on a ack by observing error message.

Which of the following SQL injec on query Henderson can use to extract all usernames from the company's database?

' or 1 = utl_inaddr.get_host_address((select banner from v$version where rownum=1))-

or 1=utl_inaddr.get_host_address((Select granted_role from ( select rownum r, granted_role from
user_role_privs) where r=1))
or 1=utl_inaddr.get_host_address((select banner from v$version where rownum=1))-
-
or 1=utl_inaddr.get_host_address((select sys.stragg (dis nct username||chr(32)) from all_users))-

Question 75
Alice is a senior security auditor and pentester, specializing in social engineering and external penetra on
tests. Alice has been hired by Xsecurity, a subcontractor for the Department of Defense. Alice has been given authority to perform all tests necessary to audit the
company's network security. No employees for the company, other than the IT director, know about the work Alice is doing. Alice's first step is to obtain a list of
employees through the company website contact pages. She then befriends a female employee of the company through an online chat website. A er mee ng
with the female employee numerous mes, Alice is able to gain her trust and they become friends. One day, Alice steals the employee's access badge and uses it
to gain unauthorized access to the Xsecurity offices.

Iden fy the type of social engineering a ack?

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 41/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Insider Accomplice
Vishing
Eavesdropping
Spear phishing

Question 76
Which of the following snort rules alert all ICMP packets from the Internet to a local network?

alert icmp $EXTERNAL any -> $INTERNAL any 10.10.40.2 (msg:"ICMP-INFO PING"; icode:0; itype:8;
reference:arachnids,135; reference:cve,1999-0265; classtype:bad-unknown; sid:472;
rev:7;)
alert PORT1 $EXTERNAL_NET any -> $HOME_NET 10.10.40.2 (msg:"ICMP-INFO PING"; icode:0;
itype:8; reference:arachnids,135; reference:cve,1999-0265; classtype:bad-unknown; sid:472; rev:7;)
alert icmp $EXTERNAL_NET any -> $HOME_NET 10.10.40.2 (msg:"ICMP-INFO PING"; icode:0; itype:8;
reference:arachnids,135; reference:cve,1999-0265; classtype:bad-unknown; sid:472;
rev:7;)
alert icmp $INTERNET any -> $HOME_NET 10.10.40.2 (msg:"ICMP-INFO PING"; icode:0; itype:8;
reference:arachnids,135; reference:cve,1999-0265; classtype:bad-unknown; sid:472;
rev:7;)

Question 77
Joseph is performing an internal pen test for one of his clients. He wants to crack the password for of the system login. Joseph has got a meterpreter session to
the target machine and was able to successfully dump the password hashes.
Which of the following password a acks will Joseph perform so he discovers the clear text password without triggering the system lock out?

Rainbow a ack
Phishing a ack
Dic onary a ack
Brute force a ack

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 42/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 43/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 78
Smith is performing a black-box test for one of his clients. He successfully gained a SSH shell and write access to the /tmp directory on a Unix web server. This
directory did not have any sensi ve informa on stored in it and was therefore not locked down. Smith, however, was able upload a .shtml web page
containing the following include statement:

<!--- #exec cmd="/bin/cat /etc/passwd" --->

What Smith is trying to do?

Smith is trying to bruteforce password hashes stored in the machine

Smith is trying to escalate his privileges on the webserver machine
Smith is using Server Side Includes (SSI) to execute a malicious command on the
server
Smith is performing directory traversal to steal the /etc/passwd file from the webserver

Question 79
During a DHCP handshake in an IPv4 network, which of the following messages contains the actual IP addressing informa on for the clients to use?

SOLICIT
DHCPDISCOVER
DHCPACK
REPLY

Question 80
Lee has established a new startup where they develop android applica ons. In order to meet memory requirements of the company, Lee has hired a Cloud
Service Provider, who offered memory space along with virtual systems. Lee was dissa sfied with their service and wanted to move to another CSP, but was
denied as a part of the contract, which reads that the user cannot switch to another CSP.

What is this condi on called?

Virtualiza on
Resource Isola on
Lock-in
Lock-up

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 44/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 45/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 81
Steven is performing a wireless network audit. As part of the engagement, he is trying to crack a WPA- PSK key. Steven has captured enough packets to
run aircrack-ng and discover the key, but aircrack-ng did not yield any result, as there were no authen ca on packets in the capture.

Which of the following commands should Steven use to generate authen ca on packets?

aircrack-ng.exe -a 2 -w capture.cap
airodump-ng --write capture eth0
airmon-ng start eth0
aireplay-ng --deauth 11 -a AA:BB:CC:DD:EE:FF

Question 82
Arnold, is trying to gain access to a database by inser ng exploited query statements with a WHERE clause. He wants to retrieve all the entries from a par cular
table (e.g. StudName) using the WHERE clause.

What query does Arnold need to write to retrieve the informa on? `

SELECT * FROM StudName WHERE roll_number = '' or '1' = '1'

DUMP * FROM StudName WHERE roll_number = 1 AND 1=1-
RETRIVE * FROM StudName WHERE roll_number = 1'#
EXTRACT* FROM StudName WHERE roll_number = 1 order by 1000

Question 83
Victor is performing a wireless network pen test. During a WEP test, he runs the following aircrack-ng command:

What Victor is trying to achieve by this command?

Victor is trying to perform a DoS a ack by disassocia ng a client from the access
point
Victor is trying to dump all the Wi-Fi traffic from a client to the access point in order to capture weak IVs
Victor is trying to generate traffic so that he can generate enough packets to crack the WEP key
Victor is trying to associate his wireless card with the target access point

Question 84
Edward is a penetra on tester hired by the OBC Group. He was asked to gather informa on on the 's Client network. As part of the work assigned, Edward needs
to find the range of IP addresses and the subnet mask used by the target organiza on.

What does Edward need to do to get the required informa on?

Search for Trade Associa on Directories

Search for an appropriate Regional Internet Registry (RIR)
Search for web pages pos ng pa erns and revision numbers 's website
Search for link popularity of the company

Question 85
You are working on a pen tes ng assignment. Your client has asked for a document that shows them the detailed progress of the pen tes ng.

Which document is the client asking for?

Scope of work (SOW) document

Rule of engagement with signatures of both the par es
Project plan with work breakdown structure
Engagement log

Question 86
Your firm has over 10 years of experience in pentes ng and security audi ng fields. The penetra on tes ng team has a mix of qualified professionals from
different domains. Your firm follows all the standard engagement processes, but s ll there could be incidents that may jeopardize your firms interests in
a pentes ng engagement.

Which of the following will be the best approach to protect your firm?

You should have a detailed ROE and well documented formal permission to start the engagement
You should get the confiden ality and non-disclosure agreements (NDAs) signed by the client
You should get the engagement le er ve ed by your lawyer

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 46/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

You should obtain Liability and Errors and Omissions insurance

Question 87
Donald is audi ng a SQL server machine for robustness. He performs parameter tampering using SQL scripts that results in the following query.

h p://client.com/link.php?id=1' union select 1,2,(select tab1 from (select decode (encode(convert(compress(post) using
la n1),des_encrypt(concat (post,post,post,post),8)),des_encrypt(sha1(concat(post,post,post,post)),9)) as tab1 from table_1)a),4-

What is Donald trying to achieve?

He is a emp ng a DoS A ack against the database server using SQL injec on
He is trying to extract table names from the database server
He is trying to encrypt the complete database
He is trying to extract password hashes from the database

Question 88
Dale is a penetra on tester and security expert. He works at Sam Morison Inc. based in Detroit. He was assigned to do an external penetra on tes ng on one of
its clients. Before digging into the work, we wanted to start with reconnaissance and grab some details about the organiza on. He used tools like Netcra and
SHODAN and grabbed the internal URLs of his client.

What informa on do the internal URLs provide?

Internal URLs provide an insight into various departments and business units in an organiza on
Internal URLs provide vulnerabili es of the organiza on
Internal URLs provide server related informa on
Internal URLs provide database related informa on

Question 89
Peter is working on a pen tes ng assignment. During the reconnaissance phase, Peter discovered that the client's SYSLOG systems are taken off for four hours on
the second Saturday of every month for maintenance. He wants to analyze the client's web pages for sensi ve informa on without triggering their logging
mechanism. There are hundreds of pages on the client's website and it is difficult to analyze all the informa on in just four hours.

What will Peter do to analyze all the web pages in a stealthy manner?

Use WayBackMachine
Use HTTTrack to mirror the complete website
Perform reverse DNS lookup
Search the Internet, newsgroups, bulle n boards, and nega ve websites for informa on about the client

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 47/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 48/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 90
Thomas, is trying to simulate a SQL injec on a ack on his client's website. He is trying various strings provided in the SQL Injec on Cheat Sheet. All of his SQL
injec on a ack a empts failed and he was unable to retrieve any informa on from the website's back-end database. Later, he discovered the IDS system
deployed by his client is blocking all the SQL injec on requests. Thomas decided to bypass the IDS by slightly modifying the SQL injec on queries as below:

Original query:

/?id=1+union+(select+1,2+from+test.users)
Modified queries:
/?id=(1)unIon(selEct(1),mid(hash,1,32)from(test.users))
/?id=1+union+(sELect'1',concat(login,hash)from+test.users)
/?id=(1)union(((((((select(1),hex(hash)from(test.users))))))))

Which encoding techniques did he try to evade the IDS?

IDS evasion using in-line comments

IDS evasion using obfuscated code
IDS evasion using char encoding
IDS evasion using hex encoding

Question 91
Veronica, a penetra on tester at a top MNC company, is trying to breach the company's database as a part of SLQi penetra on tes ng. She began to use
the SLQi techniques to test the database security level. She inserted new database commands into the SQL statement and appended a SQL Server EXECUTE
command to the vulnerable SQL statements.

Which of the following SQLi techniques was used to a ack the database?

File inclusion
Code injec on
Buffer Overflow
Func on call injec on

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 49/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 50/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 92
Joe works as an engagement team lead with Xsecurity Inc. His pentes ng team follows all the standard
pentes ng procedures, however, one of the team members inadvertently deletes a document containing the client's sensi ve informa on. The client is
suing Xsecurity for damages.

Which part of the Penetra on Tes ng Contract should Joe have wri en be er to avoid this lawsuit?

Non-disclosure clause
Fees and project schedule
Indemnifica on clause
Objec ve of the penetra on test

Question 93
Mr. Smith works as a penetra ng test engineer at Lucid Security Services. Mr. Shan, a frustrated customer, contacts the company and informs them that he
iden fied some unusual behavior with his iPhone. A er performing several tests, he concludes that the iPhone is Jail broken. Which permission status of the
device root confirms that the device is jail broken?

Only Read permission

Only write permission
Read/ Write permission
Neither Read nor write permission

Question 94
Joseph, a penetra on tester, was hired by Xsecurity Services. Joseph was asked to perform a pen test on a client's network. He was not provided with any
informa on about the client organiza on except the company name.

Iden fy the type of tes ng Joseph is going to perform for the client organiza on?

White-box Penetra on Tes ng

Announced Tes ng
Grey-box Penetra on Tes ng
Black-box Penetra on Tes ng

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 51/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 52/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 95
Chris ne works as a network security auditor with Xsecurity, a large security assessment firm based out of San Francisco. During a security audit of a client
organiza on, Chris ne tests some of the network switches for an ARP flooding a ack. She tries to flood the ARP cache of the switches.

What happens when an ARP cache flood is successful?

The switches will start working as a proxy and route all traffic to the broadcast address.
The switches will drop into hub mode if the ARP cache is successfully flooded.
If the ARP cache is flooded, the switches will start working as a router, making it less suscep ble to a acks.
Depending on the switch manufacturer, the device will either delete every entry in the ARP cache or reroute
packets to the nearest switch.

Question 96
Jack, a network administrator is using snort as an addi onal layer of intrusion detec on. He is running the following command:

Snort -dev -I 1

What is Jack trying to achieve?

Jack is checking the logging mechanism of snort

Jack is running snort in sniffer mode
Jack is running snort in IDS mode
Jack is working with snort in developer mode

Question 97
Sarah is a pen tester at JK Hopes & Sons based in Las Vegas. As a part of the penetra on tes ng, she was asked to perform the test without exposing the test to
anyone else in the organiza on. Only a few people in the organiza on know about the test. This test covers the organiza on's security monitoring, incident
iden fica on and its response procedures.

What kind of pen tes ng is Sarah performing?

Blind Tes ng
Unannounced Tes ng
Double-blind Tes ng
Announced Tes ng

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 53/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 54/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 98
As part of his job role as a Network administrator of a mul -na onal company, Steve needs to perform 's BYOD policy. He chooses the proxy tools penetra on
tests of mobile devices used under the company Fiddler and Paros to perform penetra on tes ng.

Which part of the mobile penetra on tes ng methodology has he taken up?

Server-side infrastructure pen tes ng

Android debug bridge tes ng
Communica on channel penetra on tes ng
Applica on penetra on tes ng

Question 99
An a acker has inserted 'Integrated Security = true;' to the end of the string in the hopes of connec ng to the database using the OS account the web
applica on is running to avoid normal authen ca on:
Data source = mySource; Ini al Catalog = db1; Integrated Security = no; user id = myName; ; Password = 123; Integrated Security = true;

What is a acker trying to do?

The a acker is checking the web applica on for XSRF a ack

The a acker is performing Connec on Pool DoS a ack
The a acker is performing Connec on String Parameter Pollu on (CSPP) a ack
The a acker is performing Connec on String Injec on a ack

Question 100
Alisa is a Network Security Manager at Adios Cyber Security. During a regular network audit, she sent specially cra ed ICMP packet fragments with different
offset values into the network, causing a system crash.

Which a ack is Alisa trying to perform?

Smurf a ack
Ping-of-death a ack
Session hijacking
Fraggle a ack

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 55/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 56/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 101
Todd is working on an assignment involving audi ng of a web service. The scanning phase reveals the web service is using an Oracle database server at the
backend. He wants to check the TNS Listener configura on file for configura on errors.

Which of following directory contains the TNS Listener configura on file, by default:

$ORACLE_HOME/network /admin
$ORACLE_HOME/network /bin
$ORACLE_HOME/bin
$ORACLE_HOME/network

Question 102
In a 3-way handshake process before TCP communica on, host A sends a SYN packet to host B with a sequence number 4444. Host B replies to the SYN packet
with a SYN+ACK packet.

What will be the sequence number of the SYN+ACK packet?

4443
4445
The sequence number of the SYN+ACK packet is independent of the sequence number of the SYN packet,and cannot be deduced from the
above informa on
4444

Question 103
The security team found the network switch has changed its behavior to learning mode and is func oning like a hub. The CAM table of the switch was filled with
unnecessary traffic. Someone tried to penetrate into the network space by a acking the network switches. They wrote a report and submi ed to higher
authori es.

What kind of an a ack did the a ackers perform against the network switch?

MAC Flooding
DNS Poisoning
ARP Poisoning
MITM A ack

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 57/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 58/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 104
Analyze the hping3 output below and mark the correct statement.

The result shows that beta.search.microso .com is handled by two machines behind a load balancer
The result shows that beta.search.microso .com is intermi ently unavailable
The result shows that beta.search.microso .com webserver is behind two firewalls
The result shows that beta.search.microso .com is not available for public access

Question 105
Sam is audi ng a web applica on for SQL injec on vulnerabili es. During the tes ng, Sam discovered that the web applica on is vulnerable to SQL injec on. He
starts fuzzing the search field in the web applica on with UNION based SQL queries, however, he realized that the underlying WAF is blocking the requests. To
avoid this, Sam is trying the following query:

UNION/**/SELECT/**/ '/**/OR/**/1/**/=/**/1

Which of the following evasion technique is Sam using?

Sam is using inline comments to bypass WAF

Sam is manipula ng white spaces to bypass WAF
Sam is using obfuscated code to bypass WAF
Sam is using char encoding to bypass WAF

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 59/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 60/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 106
Gary has built an applica on that can help users transfer files between any two applica ons present on the mobile device or to another mobile device. This
applica on uses the principle of applica on to applica on communica on for informa on exchange.

Which of the following processes is the applica on dependent on?

Binaries
Intents
Fuzzers
Debug bridges

Question 107
You are working on a pentes ng assignment for Na onal Healthcare Inc. The client has specifically asked you for a Data Use Agreement (DUA).

What does it indicate?

You are working on a target that is not connected to the Internet

The client organiza on does not want you to exploit vulnerabili es
You are working with a publicly traded organiza on
You are working with a HIPPA compliant organiza on

Question 108
Watson is a security analyst specialized in mobile penetra on tes ng who works at Regional Secure Inc. The company's senior management asked him to check
the company's mobile communica on network for vulnerabili es. He performed a penetra on test and determined that the network is vulnerable to MITM
a acks.

Which of the following mobile penetra on tests did Watson execute to determine the a ack?

Applica on Penetra on Tes ng

Server-side Infrastructure Pen Tes ng
Android debug bridge Tes ng
Communica on Channel Penetra on Tes ng

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 61/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 62/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 109
The Rhythm Networks Pvt Ltd firm is a group of ethical hackers. Rhythm Networks was asked by their client Zombie to iden fy how the a acker penetrated their
firewall. Rhythm discovered the a acker modified the addressing informa on of the IP packet header and the source address bits field to bypass the firewall.

What type of firewall bypassing technique was used by the a acker?

Proxy Server
Source rou ng
HTTP Tunneling
Anonymous Website Surfing Sites

Question 110
JUA Networking Solu ons is a group of cer fied ethical hacking professionals with a large client base. Stanley works as a penetra ng tester at this firm. Future
Group approached JUA for an internal pen test. Stanley performs various penetra ng tes ng test sequences and gains informa on about the network resources
and shares, rou ng tables, audit and service se ngs, SNMP and DNS details, machine names, users and groups, applica ons and banners.

Iden fy the technique that gave Stanley this informa on.

Enumera on
Port scanning
Sniffing
Ping sweeps

Question 111
Recently, Jakob was assigned a project to test the perimeter security of one of a client. As part of the project,Jakob wants to test whether or not a par cular port
on the firewall is open or closed. He used the hping u lity with the following syntax:

#hping -S -c 1 -p <port> <IP Address> -t <TTL>

What response will indicate the par cular port is allowed in the firewall?

TTL Exceeded
No Response
ICMP Port Unreachable
Host Unreachable

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 63/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 64/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 112
Frank is a senior security analyst at Roger Data Systems Inc. The company asked him to perform a database penetra on test on its client network to determine
whether the database is vulnerable to a acks or not.
The client did not reveal any informa on about the database they are using. As a pen tester Frank knows that each database runs on its own default port. So he
started database port scanning using the Nmap tool and tried different commands using default port numbers and succeeded with the following command.

nmap -sU -p 1521 <client ip-address>

Iden fy the database used by the company?

SQLite
Oracle
MySQL
Microso SQL Server

Question 113
WallSec Inc. has faced several network security issues in the past and hired Williamson, a professional pentester, to audit its informa on systems. Before
star ng his work, Williamson, with the help of his legal advisor, signed an agreement with his client. This agreement states that confiden al informa on of the
client should not be revealed outside of the engagement.

What is the name of the agreement that Williamson and his client signed?

TPOC agreement
Non-disclosure agreement
Authoriza on
Engagement le er

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 65/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 66/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 114
Xsecurity Inc., has developed a web service program and wants to host it on its web server. However, before deploying the web service, management asked their
security team to assess the security of the web service against possible service a acks. George is working as the lead penetra on tester on this assignment. To
simulate a specific type of a ack on the web service, he performed the following ac vi es:

I. Trapped the WSDL document from web service traffic and analyzed it in order to determine whether it is
revealing the purpose of the applica on, entry points, func onal breakdown, and message types on
web
service.
II. Created a set of valid requests by selec ng a set of opera ons, and
formulated the request messages according to the rules of the XML Schema that can be submi ed to
the web
service
He then used these new requests to include malicious content in SOAP requests and analyzed any errors

What is he trying to do?

He is assessing the web service security against a Web Services Replay A ack
He is assessing the web service security against XPath Injec on A acks
He is assessing the web service security against a MITM A ack
He is assessing the web service security against Web Services Probing A acks

Question 115
Why is an appliance-based firewall more secure than those implemented on top of a commercial opera ng system (So ware based)?

Appliance based firewalls cannot be upgraded

Opera ng system firewalls are highly configured
Firewalls implemented on a hardware firewall are highly scalable
Hardware appliances do not suffer from security vulnerabili es associated with the underlying opera ng system

Question 116
Which of the following pre-engagement documents iden fies the systems to be tested, types of tests, and the depth of the tes ng?

Le er of Intent
Dra Report
Authoriza on Le er
Rule of Engagement

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 67/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 68/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 117
Ashton is a mobile penetra on tester and runs a mobile inves ga on firm. A company hired him to check the security of the various mobile devices used in
their office. As part of the contract, Ashton needs to perform penetra on tes ng on the communica on channel of the devices.

Which of the following steps does Ashton need to perform to complete the task?

Performing Penetra on test of Web server/applica on

Reverse engineering the applica ons
Intercep ng HTTP request
Reading stored data

Question 118
George, a freelance Security Auditor and Penetra on Tester, was working on a pen tes ng assignment for Xsecurity. George is an ECSA cer fied professional
and was following the LPT methodology in performing a comprehensive security assessment of the company. A er the ini al reconnaissance, scanning and
enumera on phases, he successfully recovered a user password and was able to log on to a Linux machine located on the network. He was also able to access
the /etc/passwd file; however, the passwords were stored as a single "x" character.

What will George do to recover the actual encrypted passwords?

George will escalate his privilege to root level and look for /etc/shadow file
George will perform a password a ack using the pre-computed hashes also known as a rainbow a ack
George will perform replay a ack to collect the actual passwords
George will perform sniffing to capture the actual passwords

Question 119
Which of the following statements highlights the difference between a vulnerability assessment and a penetra on test?

A vulnerability assessment is performed only on so ware components of an informa on system, whereas

pentes ng is performed on all hardware and so ware components of the system.
A vulnerability assessment focuses on low severity vulnerabili es and pentes ng focuses on high severity
vulnerabili es
A vulnerability assessment requires only automated tools to discover the vulnerabili es whereas pentes ng
also involves manual discovery of vulnerabili es.
A vulnerability assessment iden fies and ranks the vulnerabili es, and a penetra on test exploits the iden fied vulnerabili es for valida on and to
determine impact.

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 69/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 70/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 120
You have just completed a database security audit and wri ng the dra pen tes ng report. Which of
the following will you include in the recommenda on sec on to enhance the security of the
database
server?

Allow direct catalog updates

Grant permissions to the public database role
Install SQL Server on a domain controller
Install a cer ficate to enable SSL connec ons

Question 121
Edward, a network administrator, was worried about a report of one employee using an FTP site to send
confiden al data out of the office. Edward intends to confront the suspect employee with evidence he using FTP against the company's security policies.
Edward sniffs the network traffic using the Wireshark tool.

Which Wireshark filter will display all the FTP packets origina ng from the suspect employee's machine?

tcp.port eq 23 || ip.src==192.168.0.4
p&&ip.src==192.168.0.4
proto== p&&ip.src==192.168.0.4
tcp contains p&&23

Question 122
George, a reputed ethical hacker and penetra on tes ng consultant, was hired by FNB Services, a startup financial services company, to audit the security of
their web applica ons. During his inves ga on, George discovered that the company's website is vulnerable to blind SQL injec on a acks. George, entered a
custom SQL query in a form located on the vulnerable page which resulted in a back-end SQL query similar to the one given below:

h p://fnb.com/ forms/?id=1+AND+555=if(ord(mid((select+pass from+users+limit+0,1),1,2))= 97,555,777)

George is searching for the first character of the second table entry
George is searching for the second character of the first table entry
George is searching for the first character of the first table entry
George is searching for the first character of all the table entries

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 71/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 72/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 123
What is the purpose of the Traceroute command?

For extrac ng informa on about opened ports

For extrac ng informa on about closed ports
For extrac ng informa on about the server func oning
For extrac ng informa on about the network topology, trusted routers, and firewall loca ons

Question 124
Dale is a network admin working in Zero Faults Inc. Recently the company's network was compromised and is experiencing very unusual traffic. Dale checks for
the problem that compromised the network. He performed a penetra on test on the network's IDS and iden fied that an a acker sent spoofed packets to a
broadcast address in the network.

Which of the following a acks compromised the network?

MAC Spoofing
Session hijacking
Amplifica on a ack
ARP Spoofing

Question 125
A firm named SYS networks suffers from a wireless a ack. They hired Mr. Shaw, a wireless penetra on test engineer to rec fy the problem. Mr. Shaw proceeds
with the standard steps of wireless penetra ng tes ng. He was trying to crack sta c WEP keys, where he first monitors the wireless traffic with airmon-ng tool
and then tries to collect the wireless traffic data using airodump-ng.

Which of the following airodump-ng commands will help him do this?

C:\>airodump-ng -c 11 wlan0
C:\>aircrack-ng -s capture.ivs
C:\>airodump-ng --ivs --write capture eth1
C:\>airodump-ng -d 11 wlan0

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 73/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 74/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 126
A company asked Smith to perform a penetra on on its subsidiary network to find vulnerabili es. Smith
focused the penetra on test on any vulnerabili es to exploit the company's IDS.

He used the following command to trick the IDS and successfully bypassed the IDS to the network:

HEAD /cgi-bin/some.cgi

Which one of the following techniques did Smith use to iden fy the vulnerability?

Reverse Traversal
Method Matching
Signature Matching
Pa ern Matching

Question 127
WinSo ech hired Steven a penetra on tester to check if the company's SQL database is vulnerable to a acks or not. He performed a penetra on test on the
company's database by appending an addi onal SQL query a er escaping the original query and found the database is vulnerable to SQL injec on.

Which of the following SQL injec on techniques is performed by Steven?

Tautological injec on
Batch Query injec on
Union Query Injec on
Command Injec on

Question 128
You work as a penetra on tester for XSecCorp, a large security assessment firm based out of Atlanta. You have been assigned a project to test the strength of the
IDS system deployed at a client's internal network. You run the Wireshark tool and observe a large number of SYN/ACK packets origina ng from an internal host
and hi ng a web server, but, surprisingly, you could not find any SYN requests from the web server to the host.

What will be the most likely reason for this?

The NIC card at the web server is running in promiscuous mode

The SYN/ACK traffic is false posi ve alerts generated by the IDS
The TCP implementa on is vulnerable to a resource-exhaus on a ack
The web server is experiencing a backsca er a ack

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 75/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 76/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 129
A month ago, Jason, a so ware developer at a reputed IT firm was surfing through his company's website. He was visi ng random pages of the company's
website and came to find confiden al informa on about the company was posted on one of the web pages. Jason forgot to report the issue. Jason contacted
John another member of the Security Team and discussed the issue. John visited the page but found nothing wrong.

What should John do to see past versions and pages of a website that Jason saw one month back?

John should recover cached pages of the website from Google search engine cache
John should run the Web Data Extractor tool to recover the old data
John can go to Archive.org to see past versions of the company website
John should use SmartWhois to recover the old pages of the website

Question 130
Which type of security policy is described by the configura on below:

Provides maximum security while allowing known, but necessary, dangers All services are blocked; nothing is allowed
Safe and necessary services are enabled individually
Non-essen al services and procedures that cannot be made safe are NOT allowed
Everything is logged

Promiscuous Policy
Paranoid Policy
Permissive Policy
Prudent Policy

Question 131
Xsecurity Inc. is worried about the latest security incidents and data the reports. The management wants a comprehensive vulnerability assessment of the
complete informa on system at the company. However, Xsecurity does not have the required resources or capabili es to perform a vulnerability assessment.
They decide to hire services of a company that will perform a periodic vulnerability assessment and present reports for management to implement
remedia on.

What vulnerability assessment approach is Xsecurity following?

Tree-based Assessment
Inference-based Assessment
Product-based Assessment
Service-based Assessment

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 77/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 78/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 132
A reputed ethical hacker and penetra on tes ng consultant, was hired by Global Finance Services, to audit the security of their web applica ons. Sam is currently
audi ng the coding and logical issues that might be affec ng the company's web applica ons. In the first step, he collected valid session ID values by sniffing
traffic from authen cated users. By looking at the different requests, Sam realized the web applica on is using a weak session ID genera on mechanism and
session IDs can be guessed easily.

Analyze some of the requests sniffed by Sam below:

h p://www.juggyboy.com/view/JBEX2109201412
h p://www.juggyboy.com/view/JBEX2109201424
h p://www.juggyboy.com/view/JBEX2109201436
h p://www.juggyboy.com/view/JBEX2109201448

Considering that the above sessions are generated by the web server in the same order, which of the following will be the next session generated by the server?

h p://www.juggyboy.com/view/JBEX2109201460
h p://www.juggyboy.com/view/JBEX2408201484
h p://www.juggyboy.com/view/JBEX2009201472
h p://www.juggyboy.com/view/JBEX2509201496

Question 133
Mike, a security auditor, was asked to assess the network perimeter security deployed in the company's
network. As a part of his assignment, he created a malicious file of 300 KB and used the Colaso Packet
Builder tool to manipulate its header informa on to show the size of the packet data as 50 kB. He then sent the cra ed packet to a target host inside the
network.

What is Mike trying to achieve?

Bypass the sanity check at the IDS using packet fragmenta on technique
Bypass the sanity check at the IDS using inser on technique
Bypass the sanity check at the IDS using resource exhaus on technique
Bypass the sanity check at the IDS by ending inconsistent packets

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 79/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 80/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 134
ABC Technologies, a large financial company, hired a penetra on tester to do physical penetra on tes ng. On the first day of his assessment, the penetra on
tester goes to the company posing as a repairman and starts checking trash bins to collect the sensi ve informa on.

What is the penetra on tester trying to do?

Trying to a empt social engineering by dumpster diving

Trying to a empt social Engineering using phishing
Trying to a empt social engineering by shoulder surfing
Trying to a empt social engineering by eavesdropping

Question 135
Which of the following Wireshark op ons will allow you to view a HTTP packet in plain text as shown in the screenshot?

Follow TCP Stream

Follow UDP Stream
Follow HTTP Stream
Follow SSL Stream

Question 136
Jacob, a compliance officer with a top MNC based out of Florida, has received reports that a compe tor of the company has used and branded some of its
copyrighted so ware applica on codes. He wants to pursue a case against the compe tor.

Which of the following laws will Jacob specifically invoke in this case?

Health Insurance Portability and Accountability Act (HIPAA)

The Digital Millennium Copyright Act (DMCA)
Gramm-Leach-Bliley Act (GLBA)
Sarbanes Oxley Act (SOX)

Question 137
A company has asked a security professional, William to analyze one of its client's networks, which was
apparently compromised recently. William performed a penetra on test to iden fy the vulnerability which
allowed the a ack. He used a buffer overflow exploit to carry some hidden malicious code in encrypted format bypassing the IDS and compromised the
network.

Which of the following techniques did William use to bypass the IDS and penetrate through the network?

Unicode Evasion
Polymorphic Shellcode
Ping Flooding
Signature Encoding

Question 138
AB Cloud services provide virtual pla orm services for the users in addi on to storage. The company offers users with APIs, core connec vity and delivery,
abstrac on and hardware as part of the service.

What is the name of the service AB Cloud services offer?

Web Applica on Services

Infrastructure as a service (IaaS)
Pla orm as a service (PaaS)
So ware as a Service (SaaS)

Question 139
Mobile Silicon Securi es Ltd specializes in providing security services for mobile pla orms. A client named Riya raised an issue, sta ng that her iPhone has been
hacked. This issue was handed over to the company's mobile penetra ng test engineer, Jackson. He conducted a reverse engineering test on iOS applica on and
determined that Objec ve-C run me informa on stored in Mach-O files was corrupted.

Which of the following command line u lity did Jackson use to iden fy the issue?

class dump u lity

IDA disassembler
Keychain
ipash ME

Question 140
As a part of the pentes ng process, James performs a FIN scan as given below:

Scan directed at open port:

Client Server
192.5.2.92:4079 ----- FIN----- >192.5.2.110:23
192.5.2.92:4079 <---- ____________ ------192.5.2.110:23
Scan directed at closed port:
Client Server
192.5.2.92:4079 ----- FIN----- >192.5.2.110:23

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 81/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

192.5.2.92:4079<----- RST/ACK---------- 192.5.2.110:23

What will be the response if the port is open?

FIN/RST
RST
FIN/ACK
No response

Question 141
During the reconnaissance phase of a penetra on test, you discovered that the client has deployed a firewall that only checks the TCP header informa on.

Which of the following techniques would you use to bypass the firewall?

Bypassing the firewall using the IP address in place of an URL

Bypassing the firewall source rou ng
Bypassing the firewall by manipula ng the IPID sequence number
Bypassing the firewall using ny fragments

Question 142
Sandra, a wireless network auditor, discovered her client is using WEP. To prove the point that the WEP encryp on is very weak, she wants to decrypt some WEP
packets. She successfully captured the WEP data packets, but could not read the content as the data is encrypted.

Which of the following will help Sandra decrypt the data packets without knowing the key?

Chopchop A ack
ARP Poisoning A ack
Packet injec on a ack
Fragmenta on A ack

Question 143
You are enumera ng a target system. Which of the following PortQry commands will give a result similar to the screenshot below:
portqry -n myserver -p udp -e 123
portqry -n myserver -p TCP -e 389
portqry -n myserver -p udp -e 389
portqry -n myserver -p TCP -e 123

Question 144
Henderson is a cer fied ethical hacker working as an informa on security manager at Digital Essence Ltd. The company uses Oracle (11g) database to store its
data. As part of their database penetra on tes ng, he wants to check whether the company's web applica ons are vulnerable to SQL injec on a ack or not.
Henderson tried different SQL queries and discovered that it is vulnerable to SQL injec on a ack by observing error message.

Which of the following SQL injec on query Henderson can use to extract all usernames from the company's database?

' or 1 = utl_inaddr.get_host_address((select banner from v$version where rownum=1))-

or 1=utl_inaddr.get_host_address((Select granted_role from ( select rownum r, granted_role from
user_role_privs) where r=1))
or 1=utl_inaddr.get_host_address((select banner from v$version where rownum=1))-
-
or 1=utl_inaddr.get_host_address((select sys.stragg (dis nct username||chr(32)) from all_users))-

Question 145
Henderson has completed the pen tes ng tasks. He is now compiling the final report for the client. Henderson needs to include the result of scanning that
revealed a SQL injec on vulnerability and different SQL queries that he used to bypass web applica on authen ca on.

In which sec on of the pen tes ng report, should Henderson include this informa on in?

General opinion sec on

Execu ve summary sec on
Comprehensive technical report sec on
Methodology sec on

Question 146
Michael, a Licensed Penetra on Tester, wants to create an exact replica of an original website, so he can browse and spend more me analyzing it.
Which of the following tools will Michael use to perform this task?

VisualRoute
BlackWidow
NetInspector
Zaproxy

Question 147
Rebecca, a security analyst, was audi ng the network in her organiza on. During the scan, she found a service running on a remote host, which helped her to
enumerate informa on related to user accounts, network interfaces, network rou ng and TCP connec ons. Which among the following services allowed Rebecca
https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 82/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

to enumerate the informa on?

NTP
SMPT
SMB
SNMP

Question 148
What is the objec ve of the following bash script?

It tries to connect to FTP port on a target machine

It checks if a target host has the FTP port open and quits
It gives a list of IP addresses that have an FTP port open
It checks if an FTP port on a target machine is vulnerable to a acks

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 83/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 84/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

Question 149
Shane, a network security auditor, was asked to pen-test a Windows server hos ng a website. While examining the server, he found a vulnerable applica on
running on it and performed exploita on using
Metasploit to gain privileged access to the server. Once he a ained a meterpreter shell, he tried to dump the hashes of the user accounts. Which among the
following commands would allow Shane to dump the hashes?

run post/windows/collect/hashdump
run post/windows/gather/hashdump
run post/windows/manage/hashdump
run post/windows/capture/hashdump

Question 150
Xsecurty, a security firm, implements NFS sharing within the organiza on. One day, Philip, a network admin, found that some of the shared files containing
sensi ve informa on were missing from
the file system. He immediately called up the organiza on’s InfoSec expert James and explained him the
same. Upon inves ga on, James checked the access control list of the shared file systems and found that one among the following op ons was enabled, which
let someone who had access to the file system to delete the files. Select the op on.

no_root_squash
root_squash
no_subtree_check
subtree_check

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 85/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 86/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 87/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

By trytograb di Februari 27, 2020 (2020-02-27T12:12:00-08:00)

~~

Tidak ada komentar:

Posting Komentar

Masukkan komentar Anda...

Beri komentar sebagai: Google Accou

Publikasikan Pratinjau

< Newer post Older post >

ECSA EEEEEEEEEEE MAU SHEREN, YENY, LUKLUK APA

XXXXXXXXXXXXXXXX THERESIA ? Part 3 E C S A
AAAAAAAAAAAAAAAA
MMMMMMMMMMMM YUUHHUUUU

ECSA GUYS!
ECSA EEEEEEEEEEE XXXXXXXXXXXXXXXX AAAAAAAAAAAAAAAA MMMMMMMMMMMM YUUHHUUUU
2020-02-27

We Love You, Guys! E C S A E X A M PART 1

2020-02-27

MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A

2020-02-26

CINTAKU CUMA KAMU SAYANG ! Part 2 E C S A

2020-02-26

CUKIMAI KALI KAU INI ! Part 1 E C S A

2020-02-26

SECCIONS
 Module 07 Malware Threats 7
 Module 08 Sni ng 7
 SULTAN SULTAN 5

ABOUT
https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 88/90
 ABOUT
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

trytograb
Lihat pro l lengkapku

Cari Blog Ini

Telusuri

Diberdayakan oleh Blogger.

Blog Archive
Februari 2020 (5)
Januari 2020 (19)

Laporkan Penyalahgunaan

Popular Posts

CUKIMAI KALI KAU INI ! Part 1 E C S A

ECSA EEEEEEEEEEE XXXXXXXXXXXXXXXX AAAAAAAAAAAAAAAA MMMMMMMMMMMM YUUHHUUUU

We Love You, Guys! E C S A E X A M PART 1

MAU SHEREN, YENY, LUKLUK APA THERESIA ? Part 3 E C S A

CINTAKU CUMA KAMU SAYANG ! Part 2 E C S A

I See Dead People 11

I See Dead People 12

I See Dead People 6

BTemplates.com

Blogroll

About

Beranda

Popular Photos
https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 89/90
12/15/2020 We Love You, Guys! E C S A E X A M PART 1 ~ Try to Grab

No posts found
CUKIMAI KALI KAU INI ! Part 1 E C S A

ECSA EEEEEEEEEEE XXXXXXXXXXXXXXXX AAAAAAAAAAAAAAAA

MMMMMMMMMMMM YUUHHUUUU Categories
We Love You, Guys! E C S A E X A M PART 1
 Module 07 Malware Threats
 Module 08 Sni ng
 SULTAN SULTAN
Archive
Februari (5)
Januari (19)

Comments
No comments found

About
This just a demo text widget, you can use it to create an about
text, for example.

Copyright © 2020 Try to Grab.  Designed by Blogger Templates, Chino Mandarín & 爱西班牙语

https://trytograb.blogspot.com/2020/02/we-love-you-guys-e-c-s-e-x-m-part-1.html 90/90