CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. ECSAV8

Free ECSAV8 Exam Braindumps (page: 2)

Page 1 of 51
PDF with 200 Questions

During the process of fingerprinting a web application environment, what do you need to do in order to analyze HTTP and HTTPS request headers and the HTML source code?

  1. Examine Source of the Available Pages
  2. Perform Web Spidering
  3. Perform Banner Grabbing
  4. Check the HTTP and HTML Processing by the Browser

Answer(s): D



Which type of vulnerability assessment tool provides security to the IT system by testing for vulnerabilities in the applications and operation system?

  1. Active/Passive Tools
  2. Application-layer Vulnerability Assessment Tools
  3. Location/Data Examined Tools
  4. Scope Assessment Tools

Answer(s): D


Reference:

http://books.google.com.pk/books?id=7dwEAAAAQBAJ&pg=SA7-PA11&lpg=SA7-PA11&dq=vulnerability+assessment+tool+provides+security+to+the+IT+system+by+testing
+for+vulnerabilities+in+the+applications+and+operation+system&source=bl&ots=SQCLHRnnjI&sig=HpenOheCU4GBOnkA4EurHCMfND4&hl=en&sa=X&ei=DqYfVJCLHMTnyQODn4C4Cw&ved=0CDQQ6AEwAw#v=onepage&q=vulnerability%20assessment%20tool%20provides%20security%20to%20the%20IT%20system%20by%20testing%20for%20vulnerabilities%20in%20the%20applications%20and%20operation%20system&f=false



Which of the following policies states that the relevant application owner must authorize requests for additional access to specific business applications in writing to the IT Department/resource?

  1. Special-Access Policy
  2. User Identification and Password Policy
  3. Personal Computer Acceptable Use Policy
  4. User-Account Policy

Answer(s): B



SQL injection attack consists of insertion or "injection" of either a partial or complete SQL query via the data input or transmitted from the client (browser) to the web application.
A successful SQL injection attack can:

i) Read sensitive data from the database iii)Modify database data (insert/update/delete)
iii) Execute administration operations on the database (such as shutdown the DBMS)
iv) Recover the content of a given file existing on the DBMS file system or write files into the file system v) Issue commands to the operating system

Pen tester needs to perform various tests to detect SQL injection vulnerability. He has to make a list of all input fields whose values could be used in crafting a SQL query, including the hidden fields of POST requests and then test them separately, trying to interfere with the query and to generate an error.

In which of the following tests is the source code of the application tested in a non-runtime environment to detect the SQL injection vulnerabilities?

  1. Automated Testing
  2. Function Testing
  3. Dynamic Testing
  4. Static Testing

Answer(s): D


Reference:

http://ijritcc.org/IJRITCC%20Vol_2%20Issue_5/Removal%20of%20Data%20Vulnerabilities
%20Using%20SQL.pdf






Post your Comments and Discuss EC-Council ECSAV8 exam with other Community members:

ECSAV8 Discussions & Posts