New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

412-79v10 EC-Council Certified Security Analyst (ECSA) V10 Questions and Answers

Questions 4

You are carrying out the last round of testing for your new website before it goes live. The website has many dynamic pages and connects to a SQL backend that accesses your product inventory in a database. You come across a web security site that recommends inputting the following code into a search field on web pages to check for vulnerabilities:

When you type this and click on search, you receive a pop-up window that says:

"This is a test."

What is the result of this test?

Options:

A.

Your website is vulnerable to web bugs

B.

Your website is vulnerable to XSS

C.

Your website is not vulnerable

D.

Your website is vulnerable to SQL injection

Buy Now
Questions 5

Logs are the record of the system and network activities. Syslog protocol is used for delivering log information across an IP network. Syslog messages can be sent via which one of the following?

Options:

A.

UDP and TCP

B.

TCP and SMTP

C.

SMTP

D.

UDP and SMTP

Buy Now
Questions 6

What are the 6 core concepts in IT security?

Options:

A.

Server management, website domains, firewalls, IDS, IPS, and auditing

B.

Authentication, authorization, confidentiality, integrity, availability, and non-repudiation

C.

Passwords, logins, access controls, restricted domains, configurations, and tunnels

D.

Biometrics, cloud security, social engineering, DoS attack, viruses, and Trojans

Buy Now
Questions 7

John, a penetration tester from a pen test firm, was asked to collect information about the host file in a Windows system directory. Which of the following is the location of the host file in Window system directory?

Options:

A.

C:\Windows\System32\Boot

B.

C:\WINNT\system32\drivers\etc

C.

C:\WINDOWS\system32\cmd.exe

D.

C:\Windows\System32\restore

Buy Now
Questions 8

Rules of Engagement (ROE) document provides certain rights and restriction to the test team for performing the test and helps testers to overcome legal, federal, and policy-related restrictions to use different penetration testing tools and techniques.

What is the last step in preparing a Rules of Engagement (ROE) document?

Options:

A.

Conduct a brainstorming session with top management and technical teams

B.

Decide the desired depth for penetration testing

C.

Conduct a brainstorming session with top management and technical teams

D.

Have pre-contract discussions with different pen-testers

Buy Now
Questions 9

Metasploit framework in an open source platform for vulnerability research, development, and penetration testing. Which one of the following metasploit options is used to exploit multiple systems at once?

Options:

A.

NinjaDontKill

B.

NinjaHost

C.

RandomNops

D.

EnablePython

Buy Now
Questions 10

Hackers today have an ever-increasing list of weaknesses in the web application structure at their disposal, which they can exploit to accomplish a wide variety of malicious tasks.

New flaws in web application security measures are constantly being researched, both by hackers and by security professionals. Most of these flaws affect all dynamic web applications whilst others are dependent on specific application technologies.

In both cases, one may observe how the evolution and refinement of web technologies also brings about new exploits which compromise sensitive databases, provide access to theoretically secure networks, and pose a threat to the daily operation of online businesses.

What is the biggest threat to Web 2.0 technologies?

Options:

A.

SQL Injection Attacks

B.

Service Level Configuration Attacks

C.

Inside Attacks

D.

URL Tampering Attacks

Buy Now
Questions 11

George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP programs without obtaining approval from the IT department. Few managers are using SFTP program on their computers.

Before talking to his boss, George wants to have some proof of their activity. George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network. What filter should George use in Ethereal?

Options:

A.

net port 22

B.

udp port 22 and host 172.16.28.1/24

C.

src port 22 and dst port 22

D.

src port 23 and dst port 23

Buy Now
Questions 12

Tyler is setting up a wireless network for his business that he runs out of his home. He has followed all the directions from the ISP as well as the wireless router manual. He does not have any encryption set and the SSID is being broadcast.

On his laptop, he can pick up the wireless signal for short periods of time, but then the connection drops and the signal goes away. Eventually the wireless signal shows back up, but drops intermittently.

What could be Tyler issue with his home wireless network?

Options:

A.

2.4 Ghz Cordless phones

B.

Satellite television

C.

CB radio

D.

Computers on his wired network

Buy Now
Questions 13

Vulnerability assessment is an examination of the ability of a system or application, including current security procedures and controls, to withstand assault. It recognizes, measures, and classifies security vulnerabilities in a computer system, network, and communication channels.

A vulnerability assessment is used to identify weaknesses that could be exploited and predict the effectiveness of additional security measures in protecting information resources from attack.

Which of the following vulnerability assessment technique is used to test the web server infrastructure for any misconfiguration and outdated content?

Options:

A.

Passive Assessment

B.

Host-based Assessment

C.

External Assessment

D.

Application Assessment

Buy Now
Questions 14

What operating system would respond to the following command?

Options:

A.

Mac OS X

B.

Windows XP

C.

Windows 95

D.

FreeBSD

Buy Now
Questions 15

Which one of the following Snort logger mode commands is associated to run a binary log file through Snort in sniffer mode to dump the packets to the screen?

Options:

A.

./snort -dvr packet.log icmp

B.

./snort -dev -l ./log

C.

./snort -dv -r packet.log

D.

./snort -l ./log –b

Buy Now
Questions 16

Meyer Electronics Systems just recently had a number of laptops stolen out of their office. On these laptops contained sensitive corporate information regarding patents and company strategies.

A month after the laptops were stolen, a competing company was found to have just developed products that almost exactly duplicated products that Meyer produces.

What could have prevented this information from being stolen from the laptops?

Options:

A.

SDW Encryption

B.

EFS Encryption

C.

DFS Encryption

D.

IPS Encryption

Buy Now
Questions 17

One needs to run “Scan Server Configuration” tool to allow a remote connection to Nessus from the remote Nessus clients. This tool allows the port and bound interface of the Nessus daemon to be configured.

By default, the Nessus daemon listens to connections on which one of the following?

Options:

A.

Localhost (127.0.0.1) and port 1241

B.

Localhost (127.0.0.1) and port 1240

C.

Localhost (127.0.0.1) and port 1246

D.

Localhost (127.0.0.0) and port 1243

Buy Now
Questions 18

Which one of the following acts related to the information security in the US fix the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting?

Options:

A.

California SB 1386

B.

Sarbanes-Oxley 2002

C.

Gramm-Leach-Bliley Act (GLBA)

D.

USA Patriot Act 2001

Buy Now
Questions 19

Which of the following attacks does a hacker perform in order to obtain UDDI information such as businessEntity, businesService, bindingTemplate, and tModel?

Options:

A.

Web Services Footprinting Attack

B.

Service Level Configuration Attacks

C.

URL Tampering Attacks

D.

Inside Attacks

Buy Now
Questions 20

Why is a legal agreement important to have before launching a penetration test?

Options:

A.

Guarantees your consultant fees

B.

Allows you to perform a penetration test without the knowledge and consent of the organization's upper management

C.

It establishes the legality of the penetration test by documenting the scope of the project and the consent of the company.

D.

It is important to ensure that the target organization has implemented mandatory security policies

Buy Now
Questions 21

Transmission Control Protocol (TCP) is a connection-oriented four layer protocol. It is responsible for breaking messages into segments, re-assembling them at the destination station, and re-sending. Which one of the following protocols does not use the TCP?

Options:

A.

Reverse Address Resolution Protocol (RARP)

B.

HTTP (Hypertext Transfer Protocol)

C.

SMTP (Simple Mail Transfer Protocol)

D.

Telnet

Buy Now
Questions 22

What are placeholders (or markers) in an HTML document that the web server will dynamically replace with data just before sending the requested documents to a browser?

Options:

A.

Server Side Includes

B.

Sort Server Includes

C.

Server Sort Includes

D.

Slide Server Includes

Buy Now
Questions 23

Which of the following contents of a pen testing project plan addresses the strengths, weaknesses, opportunities, and threats involved in the project?

Options:

A.

Project Goal

B.

Success Factors

C.

Objectives

D.

Assumptions

Buy Now
Questions 24

Kyle is performing the final testing of an application he developed for the accounting department. His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following command. What is he testing at this point?

include

#include

int main(int argc, char *argv[])

{

char buffer[10];

if (argc < 2)

{

fprintf(stderr, "USAGE: %s string\n", argv[0]);

return 1;

}

strcpy(buffer, argv[1]);

return 0;

}

Options:

A.

Buffer overflow

B.

Format string bug

C.

Kernal injection

D.

SQL injection

Buy Now
Questions 25

Frank is working on a vulnerability assessment for a company on the West coast. The company hired Frank to assess its network security through scanning, pen tests, and vulnerability assessments. After discovering numerous known vulnerabilities detected by a temporary IDS he set up, he notices a number of items that show up as unknown but questionable in the logs. 

He looks up the behavior on the Internet, but cannot find anything related. What organization should Frank submit the log to find out if it is a new vulnerability or not?

Options:

A.

CVE

B.

IANA

C.

RIPE

D.

APIPA

Buy Now
Questions 26

An antenna is a device that is designed to transmit and receive the electromagnetic waves that are generally called radio waves. Which one of the following types of antenna is developed from waveguide technology?

Options:

A.

Leaky Wave Antennas

B.

Aperture Antennas

C.

Reflector Antenna

D.

Directional Antenna

Buy Now
Questions 27

What is a good security method to prevent unauthorized users from "tailgating"?

Options:

A.

Electronic key systems

B.

Man trap

C.

Pick-resistant locks

D.

Electronic combination locks

Buy Now
Questions 28

A wireless intrusion detection system (WIDS) monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools.

The system monitors the radio spectrum used by wireless LANs, and immediately alerts a systems administrator whenever a rogue access point is detected. Conventionally it is achieved by comparing the MAC address of the participating wireless devices.

Which of the following attacks can be detected with the help of wireless intrusion detection system (WIDS)?

Options:

A.

Social engineering

B.

SQL injection

C.

Parameter tampering

D.

Man-in-the-middle attack

Buy Now
Questions 29

The term social engineering is used to describe the various tricks used to fool people (employees, business partners, or customers) into voluntarily giving away information that would not normally be known to the general public.

What is the criminal practice of social engineering where an attacker uses the telephone system in an attempt to scam the user into surrendering private information?

Options:

A.

Phishing

B.

Spoofing

C.

Tapping

D.

Vishing

Buy Now
Questions 30

Which of the following documents helps in creating a confidential relationship between the pen tester and client to protect critical and confidential information or trade secrets?

Options:

A.

Penetration Testing Agreement

B.

Rules of Behavior Agreement

C.

Liability Insurance

D.

Non-Disclosure Agreement

Buy Now
Exam Code: 412-79v10
Exam Name: EC-Council Certified Security Analyst (ECSA) V10
Last Update: Dec 26, 2024
Questions: 201
412-79v10 pdf

412-79v10 PDF

$25.5  $84.99
412-79v10 Engine

412-79v10 Testing Engine

$30  $99.99
412-79v10 PDF + Engine

412-79v10 PDF + Testing Engine

$40.5  $134.99