New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

ECSAv10 EC-Council Certified Security Analyst (ECSA) v10 : Penetration Testing Questions and Answers

Questions 4

Rules of Engagement (ROE) document provides certain rights and restriction to the test team for performing the test and helps testers to overcome legal, federal, and policy-related restrictions to use different penetration testing tools and techniques.

What is the last step in preparing a Rules of Engagement (ROE) document?

Options:

A.

Conduct a brainstorming session with top management and technical teams

B.

Decide the desired depth for penetration testing

C.

Conduct a brainstorming session with top management and technical teams

D.

Have pre-contract discussions with different pen-testers

Buy Now
Questions 5

Identify the type of testing that is carried out without giving any information to the employees or administrative head of the organization.

Options:

A.

Unannounced Testing

B.

Double Blind Testing

C.

Announced Testing

D.

Blind Testing

Buy Now
Questions 6

Which of the following are the default ports used by NetBIOS service?

Options:

A.

135, 136, 139, 445

B.

134, 135, 136, 137

C.

137, 138, 139, 140

D.

133, 134, 139, 142

Buy Now
Questions 7

From where can clues about the underlying application environment can be collected?

Options:

A.

From source code

B.

From file types and directories

C.

From executable file

D.

From the extension of the file

Buy Now
Questions 8

Timing is an element of port-scanning that can catch one unaware. If scans are taking too long to complete or obvious ports are missing from the scan, various time parameters may need to be adjusted.

Which one of the following scanned timing options in NMAP’s scan is useful across slow WAN links or to hide the scan?

Options:

A.

Paranoid

B.

Sneaky

C.

Polite

D.

Normal

Buy Now
Questions 9

One needs to run “Scan Server Configuration” tool to allow a remote connection to Nessus from the remote Nessus clients. This tool allows the port and bound interface of the Nessus daemon to be configured.

By default, the Nessus daemon listens to connections on which one of the following?

Options:

A.

Localhost (127.0.0.1) and port 1241

B.

Localhost (127.0.0.1) and port 1240

C.

Localhost (127.0.0.1) and port 1246

D.

Localhost (127.0.0.0) and port 1243

Buy Now
Questions 10

An "idle" system is also referred to as what?

Options:

A.

Zombie

B.

PC not being used

C.

Bot

D.

PC not connected to the Internet

Buy Now
Questions 11

How many possible sequence number combinations are there in TCP/IP protocol?

Options:

A.

320 billion

B.

32 million

C.

4 billion

D.

1 billion

Buy Now
Questions 12

Which of the following policies states that the relevant application owner must authorize requests for additional access to specific business applications in writing to the IT Department/resource?

Options:

A.

Special-Access Policy

B.

User Identification and Password Policy

C.

Personal Computer Acceptable Use Policy

D.

User-Account Policy

Buy Now
Questions 13

Transmission control protocol accepts data from a data stream, divides it into chunks, and adds a TCP header creating a TCP segment. The TCP header is the first 24 bytes of a TCP segment that contains the parameters and state of an end-to-end TCP socket. It is used to track the state of communication between two TCP endpoints.

For a connection to be established or initialized, the two hosts must synchronize. The synchronization requires each side to send its own initial sequence number and to receive a confirmation of exchange in an acknowledgment (ACK) from the other side

The below diagram shows the TCP Header format:

Options:

A.

16 bits

B.

32 bits

C.

8 bits

D.

24 bits

Buy Now
Questions 14

What does ICMP Type 3/Code 13 mean?

Options:

A.

Host Unreachable

B.

Port Unreachable

C.

Protocol Unreachable

D.

Administratively Blocked

Buy Now
Questions 15

You work as an IT security auditor hired by a law firm in Boston. You have been assigned the responsibility to audit the client for security risks. When assessing the risk to the clients network, what step should you take first?

Options:

A.

Analyzing, categorizing and prioritizing resources

B.

Evaluating the existing perimeter and internal security

C.

Checking for a written security policy

D.

Analyzing the use of existing management and control architecture

Buy Now
Questions 16

After passively scanning the network of Department of Defense (DoD), you switch over to active scanning to identify live hosts on their network. DoD is a large organization and should respond to any number of scans. You start an ICMP ping sweep by sending an IP packet to the broadcast address.

Only five hosts responds to your ICMP pings; definitely not the number of hosts you were expecting. Why did this ping sweep only produce a few responses?

Options:

A.

A switched network will not respond to packets sent to the broadcast address

B.

Only IBM AS/400 will reply to this scan

C.

Only Unix and Unix-like systems will reply to this scan

D.

Only Windows systems will reply to this scan

Buy Now
Questions 17

Many security and compliance projects begin with a simple idea: assess the organization's risk, vulnerabilities, and breaches. Implementing an IT security risk assessment is critical to the overall security posture of any organization.

An effective security risk assessment can prevent breaches and reduce the impact of realized breaches.

What is the formula to calculate risk?

Options:

A.

Risk = Budget x Time

B.

Risk = Goodwill x Reputation

C.

Risk = Loss x Exposure factor

D.

Risk = Threats x Attacks

Buy Now
Questions 18

The objective of this act was to protect consumers personal financial information held by financial institutions and their service providers.

Options:

A.

HIPAA

B.

Sarbanes-Oxley 2002

C.

Gramm-Leach-Bliley Act

D.

California SB 1386a

Buy Now
Questions 19

Which of the following will not handle routing protocols properly?

Options:

A.

“Internet-router-firewall-net architecture”

B.

“Internet-firewall-router-net architecture”

C.

“Internet-firewall -net architecture”

D.

“Internet-firewall/router(edge device)-net architecture”

Buy Now
Questions 20

Which one of the following architectures has the drawback of internally considering the hosted services individually?

Options:

A.

Weak Screened Subnet Architecture

B.

"Inside Versus Outside" Architecture

C.

"Three-Homed Firewall" DMZ Architecture

D.

Strong Screened-Subnet Architecture

Buy Now
Questions 21

Which of the following acts is a proprietary information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards and applies to all entities involved in payment card processing?

Options:

A.

PIPEDA

B.

PCI DSS

C.

Human Rights Act 1998

D.

Data Protection Act 1998

Buy Now
Questions 22

Kimberly is studying to be an IT security analyst at a vocational school in her town. The school offers many different programming as well as networking languages. What networking protocol language should she learn that routers utilize?

Options:

A.

OSPF

B.

BPG

C.

ATM

D.

UDP

Buy Now
Questions 23

Which of the following acts related to information security in the US establish that the management of an organization is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting?

Options:

A.

USA Patriot Act 2001

B.

Sarbanes-Oxley 2002

C.

Gramm-Leach-Bliley Act (GLBA)

D.

California SB 1386

Buy Now
Questions 24

Information gathering is performed to:

i) Collect basic information about the target company and its network

ii) Determine the operating system used, platforms running, web server versions, etc.

iii) Find vulnerabilities and exploits

Which of the following pen testing tests yields information about a company’s technology infrastructure?

Options:

A.

Searching for web page posting patterns

B.

Analyzing the link popularity of the company’s website

C.

Searching for trade association directories

D.

Searching for a company’s job postings

Buy Now
Questions 25

Which one of the following is a command line tool used for capturing data from the live network and copying those packets to a file?

Options:

A.

Wireshark: Capinfos

B.

Wireshark: Tcpdump

C.

Wireshark: Text2pcap

D.

Wireshark: Dumpcap

Buy Now
Questions 26

Kyle is performing the final testing of an application he developed for the accounting department. His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following command. What is he testing at this point?

include

#include

int main(int argc, char *argv[])

{

char buffer[10];

if (argc < 2)

{

fprintf(stderr, "USAGE: %s string\n", argv[0]);

return 1;

}

strcpy(buffer, argv[1]);

return 0;

}

Options:

A.

Buffer overflow

B.

Format string bug

C.

Kernal injection

D.

SQL injection

Buy Now
Questions 27

A penetration test consists of three phases: pre-attack phase, attack phase, and post-attack phase.

Active reconnaissance which includes activities such as network mapping, web profiling, and perimeter mapping is a part which phase(s)?

Options:

A.

Post-attack phase

B.

Pre-attack phase and attack phase

C.

Attack phase

D.

Pre-attack phase

Buy Now
Questions 28

Which among the following information is not furnished by the Rules of Engagement (ROE) document?

Options:

A.

Techniques for data collection from systems upon termination of the test

B.

Techniques for data exclusion from systems upon termination of the test

C.

Details on how data should be transmitted during and after the test

D.

Details on how organizational data is treated throughout and after the test

Buy Now
Questions 29

After passing her CEH exam, Carol wants to ensure that her network is completely secure. She implements a DMZ, statefull firewall, NAT, IPSEC, and a packet filtering firewall. Since all security measures were taken, none of the hosts on her network can reach the Internet.

Why is that?

Options:

A.

IPSEC does not work with packet filtering firewalls

B.

NAT does not work with IPSEC

C.

NAT does not work with statefull firewalls

D.

Statefull firewalls do not work with packet filtering firewalls

Buy Now
Questions 30

Which of the following approaches to vulnerability assessment relies on the administrator providing baseline of system configuration and then scanning continuously without incorporating any information found at the time of scanning?

Options:

A.

Service-based Assessment Solutions

B.

Product-based Assessment Solutions

C.

Tree-based Assessment

D.

Inference-based Assessment

Buy Now
Exam Code: ECSAv10
Exam Name: EC-Council Certified Security Analyst (ECSA) v10 : Penetration Testing
Last Update: Dec 21, 2024
Questions: 201

PDF + Testing Engine

$134.99

Testing Engine

$99.99

PDF (Q&A)

$84.99