EC-Council ECSAv10 EC-Council Certified Security Analyst Online Training
EC-Council ECSAv10 Online Training
The questions for ECSAv10 were last updated at Nov 23,2024.
- Exam Code: ECSAv10
- Exam Name: EC-Council Certified Security Analyst
- Certification Provider: EC-Council
- Latest update: Nov 23,2024
Edward is a penetration tester hired by the OBC Group. He was asked to gather information on the client’s network. As part of the work assigned, Edward needs to find the range of IP addresses and the subnet mask used by the target organization.
What does Edward need to do to get the required information?
- A . Search for web pages posting patterns and revision numbers
- B . Search for an appropriate Regional Internet Registry (RIR)
- C . Search for link popularity of the company’s website
- D . Search for Trade Association Directories
Karen is a Network engineer at ITSec, a reputed MNC based in Philadelphia, USA. She wants to retrieve the DNS records from the publicly available servers. She searched using Google for the providers DNS Information and found the following sites: http://www.dnsstuff.com https://dnsquery.org Through these sites she got the DNS records information as she wished.
What information is contained in DNS records?
- A . Information about the DNS logs.
- B . Information about local MAC addresses.
- C . Information such as mail server extensions, IP addresses etc.
- D . Information about the database servers and its services.
As a part of information gathering, you are given a website URL and asked to identify the operating system using passive OS fingerprinting. When you begin to use p0f tool and browse the website URL, the tool captures the header information of all the packets sent and received, and decodes them.
Which among the decoded request/response packets hold the operating system information of the remote operating system?
- A . SYN
- B . SYN-ACK
- C . ACK
- D . RST
The Finger service displays information such as currently logged-on users, email address, full name, etc.
Which among the following ports would you scan to identify this service during a penetration test?
- A . Port 89
- B . Port 99
- C . Port 69
- D . Port 79
Stuart has successfully cracked the WPA-PSK password during his wireless pen testing assignment.
However, he is unable to connect to the access point using this password.
What could be the probable reason?
- A . It is a rogue access point
- B . The access point implements another layer of WEP encryption
- C . The access point implements a signal jammer to protect from attackers
- D . The access point implements MAC filtering
Veronica, a penetration tester at a top MNC company, is trying to breach the company’s database as a part of SQLi penetration testing. She began to use the SQLi techniques to test the database security level. She inserted new database commands into the SQL statement and appended a SQL Server EXECUTE command to the vulnerable SQL statements.
Which of the following SQLi techniques was used to attack the database?
- A . Function call injection
- B . File inclusion
- C . Buffer Overflow
- D . Code injection
Christen is a renowned SQL penetration testing specialist in the US. A multinational ecommerce company hired him to check for vulnerabilities in the SQL database. Christen wanted to perform SQL penetration testing on the database by entering a massive amount of data to crash the web application of the company and discover coding errors that may lead to a SQL injection attack.
Which of the following testing techniques is Christen using?
- A . Fuzz Testing
- B . Stored Procedure Injection
- C . Union Exploitation
- D . Automated Exploitation
Fred, who owns a company called Skyfeit Ltd., wants to test the enterprise network for presence of any vulnerabilities and loopholes. He employed a third-party penetration testing team and asked them to perform the penetration testing over his organizational infrastructure. Fred briefed the team about his network infrastructure and provided them with a set of IP addresses on which they can perform tests. He gave them strict instruction not to perform DDoS attacks or access the domain servers in the company. He also instructed them that they can carry out the penetration tests even when the regular employees are on duty since they lack the clue about the happenings.
However, he asked the team to take care that no interruption in business continuity should be caused. He also informed the penetration testing team that they get only 1 month to carry out the test and submit the report.
What kind of penetration test did Fred ask the third-party penetration testing team to perform?
- A . Announced testing
- B . Blind testing
- C . Grey-Box testing
- D . Unannounced testing
Frank is performing a wireless pen testing for an organization. Using different wireless attack techniques, he successfully cracked the WPA-PSK key. He is trying to connect to the wireless network using the WPAPSK key.
However, he is unable to connect to the WLAN as the target is using MAC filtering.
What would be the easiest way for Frank to circumvent this and connect to the WLAN?
- A . Attempt to crack the WEP key
- B . Crack the Wi-Fi router login credentials and disable the ACL
- C . Sniff traffic off the WLAN and spoof his MAC address to the one that he has captured
- D . Use deauth command from aircrack-ng to deauthenticate a connected user and hijack the session
Moses, a professional hacker, attempts to overwhelm the target victim computer by transmitting TCP connection requests faster than the computer can process them. He started sending multiple SYN packets of size between 800 and 900 bytes with spoofed source addresses and port numbers. The main intention of Moses behind this attack is to exhaust the server resources and saturate the network of the target organization.
Identify the type of attack being performed by Moses?
- A . VTP attack
- B . DoS attack
- C . ARP attack
- D . HSRP attack
Latest ECSAv10 Dumps Valid Version with 150 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
