← Back to exam page

ECSAv10 EC-Council Certified Security Analyst (ECSA) v10 : Penetration Testing

Loading demo links...

Showing 4–6 of 10 questions

Question 4

Richard is working on a web app pen testing assignment for one of his clients. After preliminary information, gathering and vulnerability scanning Richard runs the SQLMAP tool to extract the database information.

Which of the following commands will give Richard an output as shown in the screenshot?

Select an option, then click Submit answer.

  • sqlmap –url http://quennhotel.com/about.aspx?name=1 –D queenhotel --tables

  • sqlmap –url http://quennhotel.com/about.aspx?name=1 –dbs

  • sqlmap –url http://quennhotel.com/about.aspx?name=1 –D queenhotel –T --columns

  • sqlmap –url http://quennhotel.com/about.aspx?name=1 –database queenhotel –tables
Question 5

Cedric, who is a software support executive working for Panacx Tech. Inc., was asked to install Ubuntu operating system in the computers present in the organization. After installing the OS, he came to know that there are many unnecessary services and packages in the OS that were automatically installed without his knowledge. Since these services or packages can be potentially harmful and can create various security threats to the host machine, he was asked to disable all the unwanted services.

In order to stop or disable these unnecessary services or packages from the Ubuntu distributions, which of the following commands should Cedric employ?

Select an option, then click Submit answer.

  • # update-rc.d -f [service name] remove

  • # chkconfig [service name] –del

  • # chkconfig [service name] off

  • # service [service name] stop
Question 6

A web application developer is writing code for validating the user input. His aim is to verify the user input against a list of predefined negative inputs to ensure that the received input is not one among the negative conditions. Identify the input filtering mechanism being implemented by the developer?

Select an option, then click Submit answer.

  • Black listing

  • White listing

  • Authentication

  • Authorization