ExamGecko
Search Search Login
Home Home / ECCouncil / 312-50v12

ECCouncil 312-50v12 Practice Test - Questions Answers, Page 58

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A new wireless client is configured to join a 802.11 network. This client uses the same hardware and software as many of the other clients on the network. The client can see the network, but cannot connect. A wireless packet sniffer shows that the Wireless Access Point (WAP) is not responding to the association requests being sent by the wireless client. What is a possible source of this problem?
The "Gray-box testing" methodology enforces what kind of restriction?
You are the Network Admin, and you get a complaint that some of the websites are no longer accessible. You try to ping the servers and find them to be reachable. Then you type the IP address and then you try on the browser, and find it to be accessible. But they are not accessible when you try using the URL. What may be the problem?
Upon establishing his new startup, Tom hired a cloud service provider (CSP) but was dissatisfied with their service and wanted to move to another CSP. What part of the contract might prevent him from doing so?
A penetration tester was assigned to scan a large network range to find live hosts. The network is known for using strict TCP filtering rules on its firewall, which may obstruct common host discovery techniques. The tester needs a method that can bypass these firewall restrictions and accurately identify live systems. What host discovery technique should the tester use?
Which of the following types of SQL injection attacks extends the results returned by the original query, enabling attackers to run two or more statements if they have the same structure as the original one?
In an attempt to damage the reputation of a competitor organization, Hailey, a professional hacker, gathers a list of employee and client email addresses and other related information by using various search engines, social networking sites, and web spidering tools. In this process, she also uses an automated tool to gather a list of words from the target website to further perform a brute-force attack on the previously gathered email addresses. What is the tool used by Hailey for gathering a list of words from the target website?
Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection. Identify the behavior of the adversary In the above scenario.
A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?
Attacker Rony Installed a rogue access point within an organization's perimeter and attempted to Intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack. What is the type of vulnerability assessment performed by Johnson in the above scenario?

Question 571

Report
Export
Collapse

During a recent vulnerability assessment of a major corporation's IT systems, the security team identified several potential risks. They want to use a vulnerability scoring system to quantify and prioritize these vulnerabilities. They decide to use the Common Vulnerability Scoring System (CVSS). Given the characteristics of the identified vulnerabilities, which of the following statements is the most accurate regarding the metric types used by CVSS to measure these vulnerabilities?

A.
Temporal metric represents the inherent qualities of a vulnerability
A.
Temporal metric represents the inherent qualities of a vulnerability
Answers
B.
Base metric represents the inherent qualities of a vulnerability
B.
Base metric represents the inherent qualities of a vulnerability
Answers
C.
Environmental metric involves the features that change during the lifetime of the vulnerability
C.
Environmental metric involves the features that change during the lifetime of the vulnerability
Answers
D.
Temporal metric involves measuring vulnerabilities based on a_ specific environment or implementation
D.
Temporal metric involves measuring vulnerabilities based on a_ specific environment or implementation
Answers
Suggested answer: B

Explanation:

The base metric represents the inherent qualities of a vulnerability, according to the Common Vulnerability Scoring System (CVSS). CVSS is a framework that numerically characterizes the severity of software vulnerabilities between the range of 0-10. CVSS consists of three metric groups: Base, Temporal, and Environmental. The base metric group captures the characteristics of a vulnerability that are constant over time and across user environments. The base metric group consists of six sub-metrics: Attack Vector, Attack Complexity, Privileges Required, User Interaction, Scope, and Impact. The impact sub-metric further consists of three sub-metrics: Confidentiality, Integrity, and Availability.The base metric group produces a score ranging from 0 to 10, which reflects the intrinsic and fundamental properties of a vulnerability12.

The other options are not correct for the following reasons:

A) Temporal metric represents the inherent qualities of a vulnerability: This option is incorrect because the temporal metric group captures the characteristics of a vulnerability that change over time due to events external to the vulnerability. The temporal metric group consists of three sub-metrics: Exploit Code Maturity, Remediation Level, and Report Confidence.The temporal metric group modifies the base score to reflect the current state of the vulnerability, such as the availability of exploit code, the existence of patches or workarounds, and the degree of verification of the vulnerability report12.

C) Environmental metric involves the features that change during the lifetime of the vulnerability: This option is incorrect because the environmental metric group captures the characteristics of a vulnerability that are relevant and unique to a user's environment. The environmental metric group consists of three sub-metrics: Modified Attack Vector, Modified Attack Complexity, and Modified Privileges Required. The environmental metric group also allows the user to assign importance values to the impact sub-metrics: Confidentiality Requirement, Integrity Requirement, and Availability Requirement.The environmental metric group modifies the base and temporal scores to reflect the impact of the vulnerability on the user's specific environment, such as the network configuration, the security objectives, and the asset value12.

D) Temporal metric involves measuring vulnerabilities based on a specific environment or implementation: This option is incorrect because the temporal metric group does not involve measuring vulnerabilities based on a specific environment or implementation, but rather on the factors that change over time due to events external to the vulnerability. The environmental metric group, not the temporal metric group, involves measuring vulnerabilities based on a specific environment or implementation, as explained in option C.

1: What is CVSS - Common Vulnerability Scoring System - SANS Institute

2: Common Vulnerability Scoring System - Wikipedia

Question 572

Report
Export
Collapse

An ethical hacker is testing the security of a website's database system against SQL Injection attacks. They discover that the IDS has a strong signature detection mechanism to detect typical SQL injection patterns.

Which evasion technique can be most effectively used to bypass the IDS signature detection while performing a SQL Injection attack?

A.
Implement case variation by altering the case of SQL statements
A.
Implement case variation by altering the case of SQL statements
Answers
B.
Employ IP fragmentation to obscure the attack payload
B.
Employ IP fragmentation to obscure the attack payload
Answers
C.
Use Hex encoding to represent the SQL query string
C.
Use Hex encoding to represent the SQL query string
Answers
D.
Leverage string concatenation to break identifiable keywords
D.
Leverage string concatenation to break identifiable keywords
Answers
Suggested answer: D

Explanation:

The most effective evasion technique to bypass the IDS signature detection while performing a SQL Injection attack is to leverage string concatenation to break identifiable keywords. This technique involves splitting SQL keywords or operators into smaller parts and joining them with string concatenation operators, such as '+' or '||'. This way, the SQL query can still be executed by the database engine, but the IDS cannot recognize the keywords or operators as malicious, as they are hidden within strings.For example, the hacker could replace the keyword 'OR' with 'O'||'R' or 'O'+'R' in the SQL query, and the IDS would not be able to match the signature of a typical SQL injection pattern12.

The other options are not as effective as option D for the following reasons:

A) Implement case variation by altering the case of SQL statements: This option is not effective because most SQL engines and IDS systems are case-insensitive, meaning that they treat SQL keywords and operators the same regardless of their case.Therefore, altering the case of SQL statements would not help evade the IDS signature detection, as the IDS would still be able to match the signature of a typical SQL injection pattern3.

B) Employ IP fragmentation to obscure the attack payload: This option is not applicable because IP fragmentation is a network-level technique that splits IP packets into smaller fragments to fit the maximum transmission unit (MTU) of the network.IP fragmentation does not affect the content or structure of the SQL query, and it does not help evade the IDS signature detection, as the IDS would still be able to reassemble the fragments and match the signature of a typical SQL injection pattern4.

C) Use Hex encoding to represent the SQL query string: This option is not feasible because Hex encoding is a method of representing binary data in hexadecimal format, such as '0x41' for 'A'. Hex encoding does not work for SQL queries, as the SQL engine would not be able to interpret the hexadecimal values as valid SQL syntax. Moreover, Hex encoding would not help evade the IDS signature detection, as the IDS would still be able to decode the hexadecimal values and match the signature of a typical SQL injection pattern.

1: SQL Injection Evasion Detection - F5

2: Mastering SQL Injection with SQLmap: A Comprehensive Evasion Techniques Cheatsheet

3: SQL Injection Prevention - OWASP Cheat Sheet Series

4: IP Fragmentation - an overview | ScienceDirect Topics

: Hex Encoding - an overview | ScienceDirect Topics

Question 573

Report
Export
Collapse

As a cybersecurity professional, you are responsible for securing a high-traffic web application that uses MySQL as its backend database. Recently, there has been a surge of unauthorized login attempts, and you suspect that a seasoned black-hat hacker is behind them. This hacker has shown proficiency in SQL Injection and appears to be using the 'UNION' SQL keyword to trick the login process into returning additional data.

However, your application's security measures include filtering special characters in user inputs, a method usually effective against such attacks. In this challenging environment, if the hacker still intends to exploit this SQL Injection vulnerability, which strategy is he most likely to employ?

A.
The hacker alters his approach and injects a 'DROP TABLE' statement, a move that could potentially lead to the loss of vital data stored in the application's database
A.
The hacker alters his approach and injects a 'DROP TABLE' statement, a move that could potentially lead to the loss of vital data stored in the application's database
Answers
B.
The hacker tries to manipulate the 'UNION' keyword in such a way that it triggers a database error, potentially revealing valuable information about the database's structure
B.
The hacker tries to manipulate the 'UNION' keyword in such a way that it triggers a database error, potentially revealing valuable information about the database's structure
Answers
C.
The hacker switches tactics and resorts to a 'time-based blind' SQL Injection attack, which would force the application to delay its response, thereby revealing information based on the duration of the delay
C.
The hacker switches tactics and resorts to a 'time-based blind' SQL Injection attack, which would force the application to delay its response, thereby revealing information based on the duration of the delay
Answers
D.
The hacker attempts to bypass the special character filter by encoding his malicious input, which could potentially enable him to successfully inject damaging SQL queries
D.
The hacker attempts to bypass the special character filter by encoding his malicious input, which could potentially enable him to successfully inject damaging SQL queries
Answers
Suggested answer: D

Explanation:

SQL Injection is a type of attack that exploits a vulnerability in a web application that uses a SQL database. The attacker injects malicious SQL code into the user input, such as a login form, that is then executed by the database server. This can allow the attacker to access, modify, or delete data, or execute commands on the database server.

The 'UNION' SQL keyword is often used in SQL Injection attacks to combine the results of two or more SELECT statements into a single result set. This can allow the attacker to retrieve additional data from other tables or columns that are not intended to be displayed by the application. For example, if the application uses the following query to check the user credentials:

SELECT * FROM users WHERE username = '$username' AND password = '$password'

The attacker can inject a 'UNION' statement to append another query, such as:

' OR 1 = 1 UNION SELECT * FROM credit_cards --

This will result in the following query being executed by the database server:

SELECT * FROM users WHERE username = " OR 1 = 1 UNION SELECT * FROM credit_cards --' AND password = '$password'

The first part of the query will always return true, and the second part of the query will return the data from the credit_cards table. The '--' symbol is a comment that will ignore the rest of the query. The attacker can then see the credit card information in the application's response.

However, some web applications implement security measures to prevent SQL Injection attacks, such as filtering special characters in user inputs. Special characters are symbols that have a special meaning in SQL, such as quotes, semicolons, dashes, etc. By filtering or escaping these characters, the application can prevent the attacker from injecting malicious SQL code. For example, if the application replaces single quotes with two single quotes, the previous injection attempt will fail, as the query will become:

SELECT * FROM users WHERE username = "" OR 1 = 1 UNION SELECT * FROM credit_cards --" AND password = '$password'

This will result in a syntax error, as the query is not valid SQL.

In this challenging environment, if the hacker still intends to exploit this SQL Injection vulnerability, the strategy that he is most likely to employ is to bypass the special character filter by encoding his malicious input. Encoding is a process of transforming data into a different format, such as hexadecimal, base64, URL, etc. By encoding his input, the hacker can avoid the filter and still inject malicious SQL code. For example, if the hacker encodes his input using URL encoding, the previous injection attempt will become:

%27%20OR%201%20%3D%201%20UNION%20SELECT%20*%20FROM%20credit_cards%20--

This will result in the following query being executed by the database server, after the application decodes the input:

SELECT * FROM users WHERE username = " OR 1 = 1 UNION SELECT * FROM credit_cards --' AND password = '$password'

This will succeed in returning the credit card information, as the filter will not detect the special characters in the encoded input.

Therefore, the hacker is most likely to employ the strategy of bypassing the special character filter by encoding his malicious input, which could potentially enable him to successfully inject damaging SQL queries.

SQL Injection | OWASP Foundation

SQL Injection Union Attacks

SQL Injection Bypassing WAF

Total 573 questions
Go to page: of 58
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms