EC Council Certified Security Analyst (ECSA) Set 2

A wireless intrusion detection system (WIDS) monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools. The system monitors the radio spectrum used by wireless LANs, and immediately alerts a systems administrator whenever a rogue access point is detected. Conventionally it is achieved by comparing the MAC address of the participating wireless devices. Which of the following attacks can be detected with the help of wireless intrusion detection system (WIDS)?

A penetration test will show you the vulnerabilities in the target system and the risks associated with it. An educated valuation of the risk will be performed so that the vulnerabilities can be reported as High/Medium/Low risk issues. What are the two types of 'white-box' penetration testing?

Which of the following is not the SQL injection attack character?

Which of the following is the objective of Gramm-Leach-Bliley Act?

Which of the following contents of a pen testing project plan addresses the strengths, weaknesses, opportunities, and threats involved in the project?

In a TCP packet filtering firewall, traffic is filtered based on specified session rules, such as when a session is initiated by a recognized computer. Identify the level up to which the unknown traffic is allowed into the network stack.

Phishing is typically carried out by email spoofing or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures. What characteristics do phishing messages often have that may make them identifiable?

Which of the following are the default ports used by NetBIOS service?

What is the maximum value of a "tinyint" field in most database systems?

Which of the following policies states that the relevant application owner must authorize requests for additional access to specific business applications in writing to the IT Department/resource?