ECSAv10

The Rhythm Networks Pvt Ltd firm is a group of ethical hackers. Rhythm Networks was asked by their client Zombie to identify how the attacker penetrated their firewall. Rhythm discovered the attacker modified the addressing information of the IP packet header and the source address bits field to bypass the...

A hacker initiates so many invalid requests to a cloud network host that the host uses all its resources responding to invalid requests and ignores the legitimate requests. Identify the type of attackA . Denial of Service (DoS) attacksB . Side Channel attacksC . Man-in-the-middle cryptographic attacksD . Authentication attacksView...

How does OS Fingerprinting help you as a pen tester?A . It defines exactly what software the target has installedB . It doesn’t depend on the patches that have been applied to fix existing security holesC . It opens a security-delayed window based on the port being scannedD . It...

Richard, a penetration tester was asked to assess a web application. During the assessment, he discovered a file upload field where users can upload their profile pictures. While scanning the page for vulnerabilities, Richard found a file upload exploit on the website. Richard wants to test the web application by...

65.172.55 microsoft.com After performing a Who is lookup, Joe discovered the IP does not refer to Microsoft.com. The network admin denied modifying the host files. Which type of attack does this scenario present?A . DNS starvationB . DNS poisoningC . PhishingD . MAC spoofingView AnswerAnswer: B

An organization has deployed a web application that uses encoding technique before transmitting the data over the Internet. This encoding technique helps the organization to hide the confidential data such as user credentials, email attachments, etc. when in transit. This encoding technique takes 3 bytes of binary data and divides...

James is an attacker who wants to attack XYZ Inc. He has performed reconnaissance over all the publicly available resources of the company and identified the official company website http://xyz.com. He scanned all the pages of the company website to find for any potential vulnerabilities to exploit. Finally, in the...

Todd is working on an assignment involving auditing of a web service. The scanning phase reveals the web service is using an Oracle database server at the backend. He wants to check the TNS Listener configuration file for configuration errors. Which of the following directories contains the TNS Listener configuration...

Michael, a Licensed Penetration Tester, wants to create an exact replica of an original website, so he can browse and spend more time analyzing it. Which of the following tools will Michael use to perform this task?A . VisualRouteB . NetInspectorC . BlackWidowD . ZaproxyView AnswerAnswer: C

Christen is a renowned SQL penetration testing specialist in the US. A multinational ecommerce company hired him to check for vulnerabilities in the SQL database. Christen wanted to perform SQL penetration testing on the database by entering a massive amount of data to crash the web application of the company...