Download ECCouncil.412-79v8.RealExams.2019-02-20.200q.tqb
| Vendor: | ECCouncil |
| Exam Code: | 412-79v8 |
| Exam Name: | EC-Council Certified Security Analyst |
| Date: | Feb 20, 2019 |
| File Size: | 10 MB |
Demo Questions
Question 1
Which of the following password cracking techniques is used when the attacker has some information about the password?
- Hybrid Attack
- Dictionary Attack
- Syllable Attack
- Rule-based Attack
Correct answer: D
Explanation:
Reference: http://202.154.59.182/mfile/files/Information%20System/Computer%20Forensics%3B%20Hard%20Disk%20and%20Operating%20Systems/CHAPTER%207%20Application%20Password%20Crackers.pdf (page 4, rule-based attack) Reference: http://202.154.59.182/mfile/files/Information%20System/Computer%20Forensics%3B%20Hard%20Disk%20and%20Operating%20Systems/CHAPTER%207%20Application%20Password%20Crackers.pdf (page 4, rule-based attack)
Question 2
Which of the following is an application alert returned by a web application that helps an attacker guess a valid username?
- Invalid username or password
- Account username was not found
- Incorrect password
- Username or password incorrect
Correct answer: C
Question 3
A pen tester has extracted a database name by using a blind SQL injection. Now he begins to test the table inside the database using the below query and finds the table:
http://juggyboy.com/page.aspx?id=1; IF (LEN(SELECT TOP 1 NAME from sysobjects where xtype='U')=3) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),1,1)))=101) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),2,1)))=109) WAITFOR DELAY '00:00:10'--
http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),3,1)))=112) WAITFOR DELAY '00:00:10'—
What is the table name?
- CTS
- QRT
- EMP
- ABC
Correct answer: C
