ECSAV10 Online Practice Questions and Answers

An organization deployed Microsoft Azure cloud services for running their business activities. They appointed Jamie, a security analyst for performing cloud penetration testing. Microsoft prohibits certain tests to be carried out on their platform. Which of the following penetration testing activities Jamie cannot perform on the Microsoft Azure cloud service?

A. Post scanning

B. Denial-of-Service

C. Log monitoring

D. Load testing

Nick is a penetration tester in Stanbiz Ltd. As a part of his duty, he was analyzing the network traffic by

using various filters in the Wireshark tool. While sniffing the network traffic, he used "tcp.port==1433"

Wireshark filter for acquiring a specific database related information since port number 1433 is the default

port of that specific target database.

Which of the following databases Nick is targeting in his test?

A. PostgreSQL

B. Oracle

C. MySQL

D. Microsoft SQL Server

What is the objective of the following bash script?

A. It gives a list of IP addresses that have an FTP port open

B. It tries to connect to FTP port on a target machine C. It checks if a target host has the FTP port open and quits

D. It checks if an FTP port on a target machine is vulnerable to arracks

An attacker with a malicious intention decided to hack confidential data from the target organization. For acquiring such information, he started testing IoT devices that are connected to the target network. He started monitoring the network traffic passing between the IoT devices and the network to verify whether credentials are being transmitted in clear text. Further, he also tried to crack the passwords using well-known keywords across all the interfaces. Which of the following IoT threats the attacker is trying to exploit?

A. Poor physical security

B. Poor authentication

C. Privacy concerns

D. Insecure firmware

Terri works for a security consulting firm that is currently performing a penetration test on First National Bank in Tokyo. Terri's duties include bypassing firewalls and switches to gain access to the network. Terri sends an IP packet to one of the company's switches with ACK bit and the source address of her machine set. What is Terri trying to accomplish by sending this IP packet?

A. Poison the switch's MAC address table by flooding it with ACK bits

B. Enable tunneling feature on the switch

C. Trick the switch into thinking it already has a session with Terri's computer

D. Crash the switch with a DoS attack since switches cannot send ACK bits

You are a security analyst performing a penetration tests for a company in the Midwest. After some initial reconnaissance, you discover the IP addresses of some Cisco routers used by the company. You type in the following URL that includes the IP address of one of the routers: http://172.168.4.131/level/99/exec/show/config After typing in this URL, you are presented with the entire configuration file for that router. What have you discovered?

A. URL Obfuscation Arbitrary Administrative Access Vulnerability

B. Cisco IOS Arbitrary Administrative Access Online Vulnerability

C. HTTP Configuration Arbitrary Administrative Access Vulnerability

D. HTML Configuration Arbitrary Administrative Access Vulnerability

When setting up a wireless network with multiple access points, why is it important to set each access point on a different channel?

A. Avoid cross talk

B. Avoid over-saturation of wireless signals

C. So that the access points will work on different frequencies

D. Multiple access points can be set up on the same channel without any issues

Amazon, an IT based company, conducts a survey on the usage of the Internet. They found that company employees spend most of the time at work surfing the web for their personal use and for inappropriate web site viewing. Management decide to block all such web sites using URL filtering software.

How can employees continue to see the blocked websites?

A. Using session hijacking

B. Using proxy servers

C. Using authentication

D. Using encryption

When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?

A. Passive IDS

B. Active IDS

C. Progressive IDS

D. NIPS

The framework primarily designed to fulfill a methodical and organized way of addressing five threat classes to network and that can be used to access, plan, manage, and maintain secure computers and communication networks is:

A. Nortells Unified Security Framework

B. The IBM Security Framework

C. Bell Labs Network Security Framework

D. Microsoft Internet Security Framework