What type of attack has the technician performed?
Paul’s company is in the process of undergoing a complete security audit including logical and
physical security testing. After all logical tests were performed; it is now time for the physical round
to begin. None of the employees are made aware of this round of testing. The security-auditing
firm sends in a technician dressed as an electrician. He waits outside in the lobby for some
employees to get to work and follows behind them when they access the restricted areas. After
entering the main office, he is able to get into the server room telling the IT manager that there is a
problem with the outlets in that room. What type of attack has the technician performed?
What information will he be able to gather from this?
John and Hillary works at the same department in the company. John wants to find out Hillary’s
network password so he can take a look at her documents on the file server. He enables
Lophtcrack program to sniffing mode. John sends Hillary an email with a link to Error! Reference
source not found.
What information will he be able to gather from this?
What type of DoS attack is James testing against his network?
James is testing the ability of his routers to withstand DoS attacks. James sends ICMP ECHO
requests to the broadcast address of his network. What type of DoS attack is James testing
against his network?
What tool should you use?
You work as an IT security auditor hired by a law firm in Boston to test whether you can gain
access to sensitive information about the company’s clients. You have rummaged through their
trash and found very little information. You do not want to set off any alarms on their network, so
you plan on performing passive footprinting against their Web servers. What tool should you use?
Where should Harold navigate on the computer to find the file?
Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM file on
a computer. Where should Harold navigate on the computer to find the file?
What is kept in the following directory?
What is kept in the following directory? HKLM\SECURITY\Policy\Secrets
How would you answer?
You just passed your ECSA exam and are about to start your first consulting job running security
audits for a financial institution in Los Angeles. The IT manager of the company you will be
working for tries to see if you remember your ECSA class. He asks about the methodology you will
be using to test the company’s network. How would you answer?
What will the following URL produce in an unpatched IIS Web Server? http://www.thetargetsite.com/scripts/..%co
What will the following URL produce in an unpatched IIS Web Server?
http://www.thetargetsite.com/scripts/..%co%af../..%co%af../windows/system32/cmd.exe?/c+dir+c:\
What ports should you open for SNMP to work through Firewalls (Select 2)
You setup SNMP in multiple offices of your company. Your SNMP software manager is not
receiving data from other offices like it is for your main office. You suspect that firewall changes
are to blame. What ports should you open for SNMP to work through Firewalls (Select 2)
What will the following command produce on a website login page?
What will the following command produce on a website login page?
SELECT email, passwd, login_id, full_name
FROM members
WHERE email = ‘someone@somehwere.com’; DROP TABLE members; –‘