EC-COUNCIL ECSAv8 dumps - 100% Pass Guarantee!

From where can clues about the underlying application environment can be collected?

A. From the extension of the file

B. From executable file

C. From file types and directories

D. From source code

A WHERE clause in SQL specifies that a SQL Data Manipulation Language (DML) statement should only affect rows that meet specified criteria. The criteria are expressed in the form of predicates. WHERE clauses are not mandatory clauses of SQL DML statements, but can be used to limit the number of rows affected by a SQL DML statement or returned by a query.

A pen tester is trying to gain access to a database by inserting exploited query statements with a WHERE clause. The pen tester wants to retrieve all the entries from the database using the WHERE clause from a particular table (e.g. StudentTable).

What query does he need to write to retrieve the information?

A. EXTRACT* FROM StudentTable WHERE roll_number = 1 order by 1000

B. DUMP * FROM StudentTable WHERE roll_number = 1 AND 1=1-

C. SELECT * FROM StudentTable WHERE roll_number = '' or '1' = '1`

D. RETRIVE * FROM StudentTable WHERE roll_number = 1'#

Which of the following statements is true about Multi-Layer Intrusion Detection Systems (mIDSs)?

A. Decreases consumed employee time and increases system uptime

B. Increases detection and reaction time

C. Increases response time

D. Both a and c

SQL injection attack consists of insertion or "injection" of either a partial or complete SQL query via the

data input or transmitted from the client (browser) to the web application.

A successful SQL injection attack can:

i)Read sensitive data from the database

iii)Modify database data (insert/update/delete)

iii)Execute administration operations on the database (such as shutdown the DBMS)

iV)Recover the content of a given file existing on the DBMS file system or write files into the file system

v)Issue commands to the operating system

Pen tester needs to perform various tests to detect SQL injection vulnerability. He has to make a list of all input fields whose values could be used in crafting a SQL query, including the hidden fields of POST requests and then test them separately, trying to interfere with the query and to generate an error.

In which of the following tests is the source code of the application tested in a non-runtime environment to detect the SQL injection vulnerabilities?

A. Automated Testing

B. Function Testing

C. Dynamic Testing

D. Static Testing

Packet filtering firewalls are usually a part of a router. In a packet filtering firewall, each packet is compared to a set of criteria before it is forwarded.

Depending on the packet and the criteria, the firewall can: i)Drop the packet ii)Forward it or send a message to the originator

At which level of the OSI model do the packet filtering firewalls work?

A. Application layer

B. Physical layer

C. Transport layer

D. Network layer