ECCouncil ECSS Practice Test - Questions Answers, Page 3

List of questions
Question 21

Which of the following practices makes web applications vulnerable to SQL injection attacks?
Question 22

Melanie, a professional hacker, is attempting to break into a target network through an application server. In this process, she identified a logic flaw in the target web application that provided visibility into the source code. She exploited this vulnerability to launch further attacks on the target web application.
Which of the web application vulnerabilities was identified by Melanie in the above scenario?
Question 23

Harry, a security professional, was hired to identify the details of an attack that was initiated on a Windows system. In this process, Harry decided to check the logs of currently running applications and the information related to previously uninstalled or removed applications for suspicious events.
Which of the following folders in a Windows system stores information on applications run on the system?
Question 24

Bob. a security specialist at an organization, extracted the following IIS log from a Windows-based server: ''2019-12-12 06:11:41 192.168.0.10 GET /images/content/bg_body_l.jpg - 80 - 192.168.0.27 Mozilla/5.0 (Windows*NT6.3:*WOW64)*AppleWebKit/537.36*(KHTML.*likeCecko)*Chrome/48.0.2564.103Safari/537.36 http://www.movie5cope.com/css/style.c5s 200 0 0 365'
Identify the element in the above IIS log entry that indicates the request was fulfilled without error.
Question 25

Which of the following techniques is referred to as a messaging feature that originates from a server and enables the delivery of data or a message from an application to a mobile device without any explicit request from the user?
Question 26

Johnson is a professional hacker who targeted an organization's customers and decided to crack their system passwords. In this process, he found a list of valid customers, created a list of possible passwords, ranked the passwords from high to low probability, and started keying in each password in the target system until the correct password is discovered.
Identify the type of attack performed by Johnson in the above scenario.
Question 27

Below are the various steps involved in establishing a network connection using the shared key authentication process.
l .The AP sends a challenge text to the station.
2 .The station connects to the network.
3 .The station encrypts the challenge text using its configured 128-bit key and sends the encrypted text to the AP.
4 .The station sends an authentication frame to the AP.
5 .The AP uses its configured WEP key to decrypt the encrypted text and compares it with the original challenge text.
What is the correct sequence of steps involved in establishing a network connection using the shared key authentication process?
Question 28

An organization decided to strengthen the security of its network by studying and analyzing the behavior of attackers. For this purpose. Steven, a security analyst, was instructed to deploy a device to bait attackers. Steven selected a solution that appears to contain very useful information to lure attackers and find their locationsand techniques.
Identify the type of device deployed by Steven in the above scenario.
Question 29

Kane, an investigation specialist, was appointed to investigate an incident in an organization's network. In this process, Kane executed a command and identified that a network interface is running in the promiscuous mode and is allowing all incoming packets without any restriction.
In the above scenario, which of the following commands did Kane use to check whether the network interface is set to the promiscuous mode?
Question 30

Mark, a network administrator in an organization, was assigned the task of preventing data from falling into the wrong hands. In this process, Mark implemented authentication techniques and performed full memory encryption for the data stored on RAM.
In which of the following states has Steve encrypted the data in the above scenario?
Question