CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. ECSAV8

Free ECSAV8 Exam Braindumps (page: 21)

Page 20 of 51
PDF with 200 Questions

A Blind SQL injection is a type of SQL Injection attack that asks the database true or false questions and determines the answer based on the application response. This attack is often used when the web application is configured to show generic error messages, but has not mitigated the code that is vulnerable to SQL injection.


It is performed when an error message is not received from application while trying to exploit SQL vulnerabilities. The developer's specific message is displayed instead of an error message. So it is quite difficult to find SQL vulnerability in such cases.

A pen tester is trying to extract the database name by using a blind SQL injection. He tests the database using the below query and finally finds the database name.

http://juggyboy.com/page.aspx?id=1; IF (LEN(DB_NAME())=4) WAITFOR DELAY '00:00:10'-- http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((DB_NAME()),1,1)))=97) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((DB_NAME()),2,1)))=98) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((DB_NAME()),3,1)))=99) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((DB_NAME()),4,1)))=100) WAITFOR DELAY '00:00:10'--

What is the database name?

  1. WXYZ
  2. PQRS
  3. EFGH
  4. ABCD

Answer(s): D


Reference:

http://www.scribd.com/doc/184891028/CEHv8-Module-14-SQL-Injection-pdf (see module 14, page 2049 to 2051)



Packet filtering firewalls are usually a part of a router. In a packet filtering firewall, each packet is compared to a set of criteria before it is forwarded.
Depending on the packet and the criteria, the firewall can:
i) Drop the packet
ii) Forward it or send a message to the originator


At which level of the OSI model do the packet filtering firewalls work?

  1. Application layer
  2. Physical layer
  3. Transport layer
  4. Network layer

Answer(s): D


Reference:

http://books.google.com.pk/books?id=KPjLAyA7HgoC&pg=PA208&lpg=PA208&dq=At+which+level+of+the+OSI+model+do+the+packet+filtering+firewalls+work&source=bl&ots=zRrbcmY3pj&sig=I3vuS3VA7r-3VF8lC6xq_c_r31M&hl=en&sa=X&ei=wMcfVMetI8HPaNSRgPgD&ved=0CC8Q6AEwAg#v
=onepage&q=At%20which%20level%20of%20the%20OSI%20model%20do%20the%20packet%20filtering%20firewalls%20work&f=false (packet filters)



Identify the data security measure which defines a principle or state that ensures that an action or transaction cannot be denied.

  1. Availability
  2. Integrity
  3. Authorization
  4. Non-Repudiation

Answer(s): D


Reference:

http://en.wikipedia.org/wiki/Information_security (non-repudiation)



Assessing a network from a hacker's point of view to discover the exploits and vulnerabilities that are accessible to the outside world is which sort of vulnerability assessment?

  1. Network Assessments
  2. Application Assessments
  3. Wireless Network Assessments
  4. External Assessment

Answer(s): D


Reference:

http://controlcase.com/managed_compliance_pci_vulnerability_scan.html






Post your Comments and Discuss EC-Council ECSAV8 exam with other Community members:

ECSAV8 Discussions & Posts