How would you answer?
You just passed your ECSA exam and are about to start your first consulting job running security audits for a
financial institution in Los Angeles. The IT manager of the company you will be working for tries to see if you
remember your ECSA class. He asks about the methodology you will be using to test the company’s network.
How would you answer?
What has happened?
You are running through a series of tests on your network to check for any security vulnerabilities.
After normal working hours, you initiate a DoS attack against your external firewall. The firewall Quickly freezes
up and becomes unusable. You then initiate an FTP connection from an external IP into your internal network.
The connection is successful even though you have FTP blocked at the external firewall. What has happened?
why is it important to set each access point on a diffe…
When setting up a wireless network with multiple access points, why is it important to set each access point on
a different channel?
What search string will you use to locate them?
You are trying to locate Microsoft Outlook Web Access Default Portal using Google search on the Internet.
What search string will you use to locate them?
Where should Harold navigate on the computer to find th…
Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM files on a
computer. Where should Harold navigate on the computer to find the file?
What is kept in the following directory?
What is kept in the following directory? HKLM\\SECURITY\\Policy\\Secrets
What will the following URL produce in an unpatched IIS…
What will the following URL produce in an unpatched IIS Web Server?
http://www.thetargetsite.com/scripts/..% co%af../..%co%af../windows/system32/cmd.exe?/c+dir+c:\\
what privilege should the daemon service be run under?
On Linux/Unix based Web servers, what privilege should the daemon service be run under?
What type of attack has the technician performed?
Paul’s company is in the process of undergoing a complete security audit including logical and physical security
testing. After all logical tests were performed; it is now time for the physical round to begin. None of the
employees are made aware of this round of testing. The security-auditing firm sends in a technician dressed as
an electrician. He waits outside in the lobby for some employees to get to work and follows behind them when
they access the restricted areas. After entering the main office, he is able to get into the server room telling the
IT manager that there is a problem with the outlets in that room. What type of attack has the technician
performed?
What operating system would respond to the following co…
What operating system would respond to the following command?