Pass4itsure > EC-COUNCIL > ECSA > ECSAV10 > ECSAV10 Online Practice Questions and Answers

ECSAV10 Online Practice Questions and Answers

Questions 4

Sam was asked to conduct penetration tests on one of the client's internal networks. As part of the testing

process, Sam performed enumeration to gain information about computers belonging to a domain, list of

shares on the individual hosts in the network, policies and passwords.

Identify the enumeration technique.

A. NTP Enumeration

B. NetBIOS Enumeration

C. DNS Enumeration

D. SMTP Enumeration

Buy Now
Questions 5

Christen is a renowned SQL penetration testing specialist in the US. A multinational ecommerce company hired him to check for vulnerabilities in the SQL database. Christen wanted to perform SQL penetration testing on the database by entering a massive amount of data to crash the web application of the company and discover coding errors that may lead to a SQL injection attack. Which of the following testing techniques is Christen using?

A. Fuzz Testing

B. Stored Procedure Injection

C. Union Exploitation

D. Automated Exploitation

Buy Now
Questions 6

Dale is a network admin working in Zero Faults Inc. Recently the company's network was compromised and is experiencing very unusual traffic. Dale checks for the problem that compromised the network. He performed a penetration test on the network's IDS and identified that an attacker sent spoofed packets to a broadcast address in the network. Which of the following attacks compromised the network?

A. ARP Spoofing

B. Amplification attack

C. MAC Spoofing

D. Session hijacking

Buy Now
Questions 7

Martin works as a professional Ethical Hacker and Penetration Tester. He is an ESCA certified professional and was following the LPT methodology to perform the penetration testing. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs, (mostly by trial and error), looking for any information about the different departments and business units. Martin was unable to find any information. What should Martin do to get the information he needs?

A. Martin should use email tracking tools such as eMailTrackerPro to find the company's internal URLs

B. Martin should use online services such as netcraft.com to find the company's internal URLs

C. Martin should use WayBackMachine in Archive.org to find the company's internal URLs

D. Martin should use website mirroring tools such as HTTrack Web Site Copier to find the company's internal URLs

Buy Now
Questions 8

DMZ is a network designed to give the public access to the specific internal resources and you might want to do the same thing for guests visiting organizations without compromising the integrity of the internal resources. In general, attacks on the wireless networks fall into four basic categories. Identify the attacks that fall under Passive attacks category.

A. Wardriving

B. Spoofing

C. Sniffing

D. Network Hijacking

Buy Now
Questions 9

Snort, an open source network-based intrusion detection sensor, is the most widely installed NIDS in the world. It can be configured to run in the four modes. Which one of the following modes reads the packets off the network and displays them in a continuous stream on the console (screen)?

A. Packet Sniffer Mode

B. Packet Logger Mode

C. Network Intrusion Detection System Mode

D. Inline Mode

Buy Now
Questions 10

The Web parameter tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. Usually, this information is stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control. This attack takes advantage of the fact that many programmers rely on hidden or fixed fields (such as a hidden tag in a form or a parameter in a URL) as the only security measure for certain operations. Attackers can easily modify these parameters to bypass the security mechanisms that rely on them.

What is the best way to protect web applications from parameter tampering attacks?

A. Validating some parameters of the web application

B. Minimizing the allowable length of parameters

C. Using an easily guessable hashing algorithm

D. Applying effective input field filtering parameters

Buy Now
Questions 11

What is the following command trying to accomplish?

A. Verify that NETBIOS is running for the 192.168.0.0 network

B. Verify that TCP port 445 is open for the 192.168.0.0 network

C. Verify that UDP port 445 is open for the 192.168.0.0 network

D. Verify that UDP port 445 is closed for the 192.168.0.0 networks

Buy Now
Questions 12

Which of the following approaches to vulnerability assessment relies on the administrator providing baseline of system configuration and then scanning continuously without incorporating any information found at the time of scanning?

A. Service-based Assessment Solutions

B. Product-based Assessment Solutions

C. Tree-based Assessment

D. Inference-based Assessment

Buy Now
Questions 13

You setup SNMP in multiple offices of your company. Your SNMP software manager is not receiving data

from other offices like it is for your main office. You suspect that firewall changes are to blame. What ports

should you open for SNMP to work through Firewalls.

(Select 2)

A. 162

B. 160

C. 161

D. 163

Buy Now
Exam Code: ECSAV10
Exam Name: EC-Council Certified Security Analyst (ECSA) v10 : Penetration Testing
Last Update: Mar 21, 2024
Questions: 354
10%OFF Coupon Code: SAVE10

PDF (Q&A)

$45.99

VCE

$49.99

PDF + VCE

$59.99