Download Ec-council.Examsheets.312-50.v2014-02-04.by.Batista

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Document related concepts

Computer and network surveillance wikipedia, lookup

Computer security compromised by hardware failure wikipedia, lookup

Transcript
or 1=1-" in the username filed of an authentication form. This is the output returned from the server.
What is the next step you should do?
A. Identify the user context of the web application by running_ http://www.example.com/order/
include_rsa_asp?pressReleaseID=5 AND
USER_NAME() = `dbo'
B. Identify the database and table name by running:
http://www.example.com/order/include_rsa.asp?pressReleaseID=5 AND
ascii(lower(substring((SELECT TOP 1 name FROM sysobjects WHERE xtype='U'),1))) > 109
C. Format the C: drive and delete the database by running:
http://www.example.com/order/include_rsa.asp?pressReleaseID=5 AND xp_cmdshell `format c: /q /yes `;
drop database myDB; -D. Reboot the web server by running:
http://www.example.com/order/include_rsa.asp?pressReleaseID=5 AND xp_cmdshell `iisreset reboot'; -Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:
QUESTION 758
Your boss Tess King is attempting to modify the parameters of a Web-based application in order to alter the
SQL statements that are parsed to retrieve data from the database. What would you call such an attack?
A.
B.
C.
D.
SQL Input attack
SQL Piggybacking attack
SQL Select attack
SQL Injection attack
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:
This technique is known as SQL injection attack
QUESTION 759
When a malicious hacker identifies a target and wants to eventually compromise this target, what would be
among the first steps that he would perform? (Choose the best answer)
A.
B.
C.
D.
Cover his tracks by eradicating the log files and audit trails.
Gain access to the remote computer in order to conceal the venue of attacks.
Perform a reconnaissance of the remote target for identical of venue of attacks.
Always begin with a scan in order to quickly identify venue of attacks.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: A hacker always starts with a preparatory phase (Reconnaissance) where he seeks to gather as
much information as possible about the target of evaluation prior to launching an attack. The reconnaissance