New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

ECCouncil ECSAv10 EC-Council Certified Security Analyst (ECSA) v10 : Penetration Testing Exam Practice Test

Demo: 30 questions
Total 201 questions

EC-Council Certified Security Analyst (ECSA) v10 : Penetration Testing Questions and Answers

Question 1

A wireless intrusion detection system (WIDS) monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools.

The system monitors the radio spectrum used by wireless LANs, and immediately alerts a systems administrator whenever a rogue access point is detected. Conventionally it is achieved by comparing the MAC address of the participating wireless devices.

Which of the following attacks can be detected with the help of wireless intrusion detection system (WIDS)?

Options:

A.

Social engineering

B.

SQL injection

C.

Parameter tampering

D.

Man-in-the-middle attack

Question 2

You are a security analyst performing a penetration tests for a company in the Midwest. After some initial reconnaissance, you discover the IP addresses of some Cisco routers used by the company. You type in the following URL that includes the IP address of one of the routers:

http://172.168.4.131/level/99/exec/show/config

After typing in this URL, you are presented with the entire configuration file for that router. What have you discovered?

Options:

A.

URL Obfuscation Arbitrary Administrative Access Vulnerability

B.

Cisco IOS Arbitrary Administrative Access Online Vulnerability

C.

HTTP Configuration Arbitrary Administrative Access Vulnerability

D.

HTML Configuration Arbitrary Administrative Access Vulnerability

Question 3

After passively scanning the network of Department of Defense (DoD), you switch over to active scanning to identify live hosts on their network. DoD is a large organization and should respond to any number of scans. You start an ICMP ping sweep by sending an IP packet to the broadcast address.

Only five hosts responds to your ICMP pings; definitely not the number of hosts you were expecting. Why did this ping sweep only produce a few responses?

Options:

A.

A switched network will not respond to packets sent to the broadcast address

B.

Only IBM AS/400 will reply to this scan

C.

Only Unix and Unix-like systems will reply to this scan

D.

Only Windows systems will reply to this scan

Question 4

You setup SNMP in multiple offices of your company. Your SNMP software manager is not receiving data from other offices like it is for your main office. You suspect that firewall changes are to blame.

What ports should you open for SNMP to work through Firewalls.

(Select 2)

Options:

A.

162

B.

160

C.

161

D.

163

Question 5

Which among the following information is not furnished by the Rules of Engagement (ROE) document?

Options:

A.

Techniques for data collection from systems upon termination of the test

B.

Techniques for data exclusion from systems upon termination of the test

C.

Details on how data should be transmitted during and after the test

D.

Details on how organizational data is treated throughout and after the test

Question 6

Which one of the following 802.11 types uses either FHSS or DSSS for modulation?

Options:

A.

802.11b

B.

802.11a

C.

802.11n

D.

802.11-Legacy

Question 7

Vulnerability assessment is an examination of the ability of a system or application, including the current security procedures and controls, to withstand assault.

What does a vulnerability assessment identify?

Options:

A.

Disgruntled employees

B.

Weaknesses that could be exploited

C.

Physical security breaches

D.

Organizational structure

Question 8

An external intrusion test and analysis identify security weaknesses and strengths of the client's systems and networks as they appear from outside the client's security perimeter, usually from the Internet.

The goal of an external intrusion test and analysis is to demonstrate the existence of known vulnerabilities that could be exploited by an external attacker.

During external penetration testing, which of the following scanning techniques allow you to determine a port’s state without making a full connection to the host?

Options:

A.

XMAS Scan

B.

SYN scan

C.

FIN Scan

D.

NULL Scan

Question 9

Which of the following is not a characteristic of a firewall?

Options:

A.

Manages public access to private networked resources

B.

Routes packets between the networks

C.

Examines all traffic routed between the two networks to see if it meets certain criteria

D.

Filters only inbound traffic but not outbound traffic

Question 10

Frank is working on a vulnerability assessment for a company on the West coast. The company hired Frank to assess its network security through scanning, pen tests, and vulnerability assessments. After discovering numerous known vulnerabilities detected by a temporary IDS he set up, he notices a number of items that show up as unknown but questionable in the logs. 

He looks up the behavior on the Internet, but cannot find anything related. What organization should Frank submit the log to find out if it is a new vulnerability or not?

Options:

A.

CVE

B.

IANA

C.

RIPE

D.

APIPA

Question 11

Harold is a web designer who has completed a website for ghttech.net. As part of the maintenance agreement he signed with the client, Harold is performing research online and seeing how much exposure the site has received so far. Harold navigates to google.com and types in the following search.

link:www.ghttech.net

What will this search produce?

Options:

A.

All sites that link to ghttech.net

B.

Sites that contain the code: link:www.ghttech.net

C.

All sites that ghttech.net links to

D.

All search engines that link to .net domains

Question 12

What does ICMP Type 3/Code 13 mean?

Options:

A.

Host Unreachable

B.

Port Unreachable

C.

Protocol Unreachable

D.

Administratively Blocked

Question 13

Which of the following has an offset field that specifies the length of the header and data?

Options:

A.

IP Header

B.

UDP Header

C.

ICMP Header

D.

TCP Header

Question 14

You work as a penetration tester for Hammond Security Consultants. You are currently working on a contract for the state government of California. Your next step is to initiate a DoS attack on their network. Why would you want to initiate a DoS attack on a system you are testing?

Options:

A.

Use attack as a launching point to penetrate deeper into the network

B.

Demonstrate that no system can be protected against DoS attacks

C.

List weak points on their network

D.

Show outdated equipment so it can be replaced

Question 15

How many possible sequence number combinations are there in TCP/IP protocol?

Options:

A.

320 billion

B.

32 million

C.

4 billion

D.

1 billion

Question 16

Which one of the following acts makes reputational risk of poor security a reality because it requires public disclosure of any security breach that involves personal information if it is unencrypted or if it is reasonably believed that the information has been acquired by an unauthorized person?

Options:

A.

California SB 1386

B.

Sarbanes-Oxley 2002

C.

Gramm-Leach-Bliley Act (GLBA)

D.

USA Patriot Act 2001

Question 17

Michael works for Kimball Construction Company as senior security analyst. As part of yearly security audit, Michael scans his network for vulnerabilities. Using Nmap, Michael conducts XMAS scan and most of the ports scanned do not give a response. In what state are these ports?

Options:

A.

Filtered

B.

Stealth

C.

Closed

D.

Open

Question 18

What are the 6 core concepts in IT security?

Options:

A.

Server management, website domains, firewalls, IDS, IPS, and auditing

B.

Authentication, authorization, confidentiality, integrity, availability, and non-repudiation

C.

Passwords, logins, access controls, restricted domains, configurations, and tunnels

D.

Biometrics, cloud security, social engineering, DoS attack, viruses, and Trojans

Question 19

Which one of the following is a supporting tool for 802.11 (wireless) packet injections, it spoofs 802.11 packets to verify whether the access point is valid or not?

Options:

A.

Airsnort

B.

Aircrack

C.

Airpwn

D.

WEPCrack

Question 20

Which of the following contents of a pen testing project plan addresses the strengths, weaknesses, opportunities, and threats involved in the project?

Options:

A.

Project Goal

B.

Success Factors

C.

Objectives

D.

Assumptions

Question 21

Kyle is performing the final testing of an application he developed for the accounting department. His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following command. What is he testing at this point?

include

#include

int main(int argc, char *argv[])

{

char buffer[10];

if (argc < 2)

{

fprintf(stderr, "USAGE: %s string\n", argv[0]);

return 1;

}

strcpy(buffer, argv[1]);

return 0;

}

Options:

A.

Buffer overflow

B.

Format string bug

C.

Kernal injection

D.

SQL injection

Question 22

Snort, an open source network-based intrusion detection sensor, is the most widely installed NIDS in the world. It can be configured to run in the four modes. Which one of the following modes reads the packets off the network and displays them in a continuous stream on the console (screen)?

Options:

A.

Packet Sniffer Mode

B.

Packet Logger Mode

C.

Network Intrusion Detection System Mode

D.

Inline Mode

Question 23

Julia is a senior security analyst for Berber Consulting group. She is currently working on a contract for a small accounting firm in Florida. They have given her permission to perform social engineering attacks on the company to see if their in-house training did any good. Julia calls the main number for the accounting firm and talks to the receptionist. Julia says that she is an IT technician from the company's main office in Iowa.

She states that she needs the receptionist's network username and password to troubleshoot a problem they are having. Julia says that Bill Hammond, the CEO of the company, requested this information. After hearing the name of the CEO, the receptionist gave Julia all the information she asked for.

What principal of social engineering did Julia use?

Options:

A.

Reciprocation

B.

Friendship/Liking

C.

Social Validation

D.

Scarcity

Question 24

Which of the following equipment could a pen tester use to perform shoulder surfing?

Options:

A.

Binoculars

B.

Painted ultraviolet material

C.

Microphone

D.

All the above

Question 25

What is the target host IP in the following command?

Options:

A.

Firewalk does not scan target hosts

B.

172.16.28.95

C.

This command is using FIN packets, which cannot scan target hosts

D.

10.10.150.1

Question 26

SQL injection attack consists of insertion or "injection" of either a partial or complete SQL query via the data input or transmitted from the client (browser) to the web application. A successful SQL injection attack can:

i) Read sensitive data from the database

iii) Modify database data (insert/update/delete)

iii) Execute administration operations on the database (such as shutdown the DBMS)

iV) Recover the content of a given file existing on the DBMS file system or write files into the file system

v) Issue commands to the operating system

Pen tester needs to perform various tests to detect SQL injection vulnerability. He has to make a list of all input fields whose values could be used in crafting a SQL query, including the hidden fields of POST requests and then test them separately, trying to interfere with the query and to generate an error.

In which of the following tests is the source code of the application tested in a non-runtime environment to detect the SQL injection vulnerabilities?

Options:

A.

Automated Testing

B.

Function Testing

C.

Dynamic Testing

D.

Static Testing

Question 27

You just passed your ECSA exam and are about to start your first consulting job running security audits for a financial institution in Los Angeles. The IT manager of the company you will be working for tries to see if you remember your ECSA class. He asks about the methodology you will be using to test the company's network.

How would you answer?

Options:

A.

IBM Methodology

B.

LPT Methodology

C.

Google Methodology

D.

Microsoft Methodology

Question 28

In the context of penetration testing, what does blue teaming mean?

Options:

A.

A penetration test performed with the knowledge and consent of the organization's IT staff

B.

It is the most expensive and most widely used

C.

It may be conducted with or without warning

D.

A penetration test performed without the knowledge of the organization's IT staff but with permission from upper management

Question 29

When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?

Options:

A.

Passive IDS

B.

Active IDS

C.

Progressive IDS

D.

NIPS

Question 30

NO: 35

In which of the following IDS evasion techniques does IDS reject the packets that an end system accepts?

Options:

A.

IPS evasion technique

B.

IDS evasion technique

C.

UDP evasion technique

D.

TTL evasion technique

Demo: 30 questions
Total 201 questions