← Back to exam page

ECSAv10 EC-Council Certified Security Analyst (ECSA) v10 : Penetration Testing

Loading demo links...

Showing 7–9 of 10 questions

Question 7

Harry, a penetration tester in SqSac Solutions Ltd., is trying to check if his company’s SQL server database is vulnerable. He also wants to check if there are any loopholes present that can enable the perpetrators to exploit and gain access to the user account login details from the database. After performing various test attempts, finally Harry executes an SQL query that enabled him to extract all the available Windows Login Account details. Which of the following SQL queries did Harry execute to obtain the information?

Select an option, then click Submit answer.

  • SELECT name FROM sys.server_principals WHERE TYPE = 'R'

  • SELECT name FROM sys.server_principals WHERE TYPE = 'U'

  • SELECT name FROM sys.server_principals WHERE TYPE = 'G'

  • SELECT name FROM sys.server_principals WHERE TYPE = 'S'
Question 8

How does OS Fingerprinting help you as a pen tester?

Select an option, then click Submit answer.

  • It defines exactly what software the target has installed

  • It doesn’t depend on the patches that have been applied to fix existing security holes

  • It opens a security-delayed window based on the port being scanned

  • It helps to research vulnerabilities that you can use to exploit on a target system
Question 9

Veronica, a penetration tester at a top MNC company, is trying to breach the company’s database as a part of SQLi penetration testing. She began to use the SQLi techniques to test the database security level. She inserted new database commands into the SQL statement and appended a SQL Server EXECUTE command to the vulnerable SQL statements.

Which of the following SQLi techniques was used to attack the database?

Select an option, then click Submit answer.

  • Function call injection

  • File inclusion

  • Buffer Overflow

  • Code injection