March Sale Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

ECCouncil 412-79v10 Dumps

Page: 1 / 8
Total 201 questions

EC-Council Certified Security Analyst (ECSA) V10 Questions and Answers

Question 1

The Internet is a giant database where people store some of their most private information on the cloud, trusting that the service provider can keep it all safe. Trojans, Viruses, DoS attacks, website defacement, lost computers, accidental publishing, and more have all been sources of major leaks over the last 15 years.

What is the biggest source of data leaks in organizations today?

Options:

A.

Weak passwords and lack of identity management

B.

Insufficient IT security budget

C.

Rogue employees and insider attacks

D.

Vulnerabilities, risks, and threats facing Web sites

Question 2

Internet Control Message Protocol (ICMP) messages occur in many situations, such as whenever a datagram cannot reach the destination or the gateway does not have the buffering capacity to forward a datagram. Each ICMP message contains three fields: type, code, and checksum.

Different types of Internet Control Message Protocols (ICMPs) are identified by a type and code field.

Which of the following ICMP messages will be generated if the destination port is not reachable?

Options:

A.

ICMP Type 11 code 1

B.

ICMP Type 5 code 3

C.

ICMP Type 3 code 2

D.

ICMP Type 3 code 3

Question 3

Frank is working on a vulnerability assessment for a company on the West coast. The company hired Frank to assess its network security through scanning, pen tests, and vulnerability assessments. After discovering numerous known vulnerabilities detected by a temporary IDS he set up, he notices a number of items that show up as unknown but questionable in the logs. 

He looks up the behavior on the Internet, but cannot find anything related. What organization should Frank submit the log to find out if it is a new vulnerability or not?

Options:

A.

CVE

B.

IANA

C.

RIPE

D.

APIPA

Question 4

You are running known exploits against your network to test for possible vulnerabilities. To test the strength of your virus software, you load a test network to mimic your production network. Your software successfully blocks some simple macro and encrypted viruses.

You decide to really test the software by using virus code where the code rewrites itself entirely and the signatures change from child to child, but the functionality stays the same. What type of virus is this that you are testing?

Options:

A.

Metamorphic

B.

Oligomorhic

C.

Polymorphic

D.

Transmorphic

Question 5

What is the maximum value of a “tinyint” field in most database systems?

Options:

A.

222

B.

224 or more

C.

240 or less

D.

225 or more

Question 6

Which of the following is NOT related to the Internal Security Assessment penetration testing strategy?

Options:

A.

Testing to provide a more complete view of site security

B.

Testing focused on the servers, infrastructure, and the underlying software, including the target

C.

Testing including tiers and DMZs within the environment, the corporate network, or partner company connections

D.

Testing performed from a number of network access points representing each logical and physical segment

Question 7

Which of the following is not the SQL injection attack character?

Options:

A.

$

B.

PRINT

C.

#

D.

@@variable

Question 8

Identify the type of firewall represented in the diagram below:

Options:

A.

Stateful multilayer inspection firewall

B.

Application level gateway

C.

Packet filter

D.

Circuit level gateway

Question 9

After attending a CEH security seminar, you make a list of changes you would like to perform on your network to increase its security. One of the first things you change is to switch the Restrict Anonymous setting from 0 to 1 on your servers. This, as you were told, would prevent anonymous users from establishing a null session on the server.

Using User info tool mentioned at the seminar, you succeed in establishing a null session with one of the servers. Why is that?

Options:

A.

Restrict Anonymous must be set to "2" for complete security

B.

Restrict Anonymous must be set to "3" for complete security

C.

There is no way to always prevent an anonymous null session from establishing

D.

Restrict Anonymous must be set to "10" for complete security

Question 10

Security auditors determine the use of WAPs on their networks with Nessus vulnerability scanner which identifies the commonly used WAPs.

One of the plug-ins that the Nessus Vulnerability Scanner uses is ID #11026 and is named “Access Point Detection”. This plug-in uses four techniques to identify the presence of a WAP.

Which one of the following techniques is mostly used for uploading new firmware images while upgrading the WAP device?

Options:

A.

NMAP TCP/IP fingerprinting

B.

HTTP fingerprinting

C.

FTP fingerprinting

D.

SNMP fingerprinting

Question 11

Identify the port numbers used by POP3 and POP3S protocols.

Options:

A.

113 and 981

B.

111 and 982

C.

110 and 995

D.

109 and 973

Question 12

You just passed your ECSA exam and are about to start your first consulting job running security audits for a financial institution in Los Angeles. The IT manager of the company you will be working for tries to see if you remember your ECSA class. He asks about the methodology you will be using to test the company's network.

How would you answer?

Options:

A.

IBM Methodology

B.

LPT Methodology

C.

Google Methodology

D.

Microsoft Methodology

Question 13

Which of the following defines the details of services to be provided for the client’s organization and the list of services required for performing the test in the organization?

Options:

A.

Draft

B.

Report

C.

Requirement list

D.

Quotation

Question 14

To locate the firewall, SYN packet is crafted using Hping or any other packet crafter and sent to the firewall. If ICMP unreachable type 13 message (which is an admin prohibited packet) with a source IP address of the access control device is received, then it means which of the following type of firewall is in place?

Options:

A.

Circuit level gateway

B.

Stateful multilayer inspection firewall

C.

Packet filter

D.

Application level gateway

Question 15

John, the penetration testing manager in a pen testing firm, needs to prepare a pen testing pricing report for a client. Which of the following factors does he need to consider while preparing the pen testing pricing report?

Options:

A.

Number of employees in the client organization

B.

Complete structure of the organization

C.

Number of client computers to be tested and resources required to perform a pen test

D.

Number of servers available in the client organization

Question 16

In Linux, what is the smallest possible shellcode?

Options:

A.

800 bytes

B.

8 bytes

C.

80 bytes

D.

24 bytes

Question 17

Which type of vulnerability assessment tool provides security to the IT system by testing for vulnerabilities in the applications and operation system?

Options:

A.

Active/Passive Tools

B.

Application-layer Vulnerability Assessment Tools

C.

Location/Data Examined Tools

D.

Scope Assessment Tools

Question 18

George is a senior security analyst working for a state agency in Florida. His state's congress just passed a bill mandating every state agency to undergo a security audit annually. After learning what will be required, George needs to implement an IDS as soon as possible before the first audit occurs.

The state bill requires that an IDS with a "time-based induction machine" be used. What IDS feature must George implement to meet this requirement?

Options:

A.

Pattern matching

B.

Statistical-based anomaly detection

C.

Real-time anomaly detection

D.

Signature-based anomaly detection

Question 19

DMZ is a network designed to give the public access to the specific internal resources and you might want to do the same thing for guests visiting organizations without compromising the integrity of the internal resources. In general, attacks on the wireless networks fall into four basic categories.

Identify the attacks that fall under Passive attacks category.

Options:

A.

Wardriving

B.

Spoofing

C.

Sniffing

D.

Network Hijacking

Question 20

The term social engineering is used to describe the various tricks used to fool people (employees, business partners, or customers) into voluntarily giving away information that would not normally be known to the general public.

What is the criminal practice of social engineering where an attacker uses the telephone system in an attempt to scam the user into surrendering private information?

Options:

A.

Phishing

B.

Spoofing

C.

Tapping

D.

Vishing

Question 21

An external intrusion test and analysis identify security weaknesses and strengths of the client's systems and networks as they appear from outside the client's security perimeter, usually from the Internet.

The goal of an external intrusion test and analysis is to demonstrate the existence of known vulnerabilities that could be exploited by an external attacker.

During external penetration testing, which of the following scanning techniques allow you to determine a port’s state without making a full connection to the host?

Options:

A.

XMAS Scan

B.

SYN scan

C.

FIN Scan

D.

NULL Scan

Question 22

Many security and compliance projects begin with a simple idea: assess the organization's risk, vulnerabilities, and breaches. Implementing an IT security risk assessment is critical to the overall security posture of any organization.

An effective security risk assessment can prevent breaches and reduce the impact of realized breaches.

What is the formula to calculate risk?

Options:

A.

Risk = Budget x Time

B.

Risk = Goodwill x Reputation

C.

Risk = Loss x Exposure factor

D.

Risk = Threats x Attacks

Question 23

Timing is an element of port-scanning that can catch one unaware. If scans are taking too long to complete or obvious ports are missing from the scan, various time parameters may need to be adjusted.

Which one of the following scanned timing options in NMAP’s scan is useful across slow WAN links or to hide the scan?

Options:

A.

Paranoid

B.

Sneaky

C.

Polite

D.

Normal

Question 24

Black-box testing is a method of software testing that examines the functionality of an application (e.g. what the software does) without peering into its internal structures or workings. Black-box testing is used to detect issues in SQL statements and to detect SQL injection vulnerabilities.

Most commonly, SQL injection vulnerabilities are a result of coding vulnerabilities during the Implementation/Development phase and will likely require code changes. Pen testers need to perform this testing during the development phase to find and fix the SQL injection vulnerability.

What can a pen tester do to detect input sanitization issues?

Options:

A.

Send single quotes as the input data to catch instances where the user input is not sanitized

B.

Send double quotes as the input data to catch instances where the user input is not sanitized

C.

Send long strings of junk data, just as you would send strings to detect buffer overruns

D.

Use a right square bracket (the “]” character) as the input data to catch instances where the user input is used as part of a SQL identifier without any input sanitization

Question 25

One needs to run “Scan Server Configuration” tool to allow a remote connection to Nessus from the remote Nessus clients. This tool allows the port and bound interface of the Nessus daemon to be configured.

By default, the Nessus daemon listens to connections on which one of the following?

Options:

A.

Localhost (127.0.0.1) and port 1241

B.

Localhost (127.0.0.1) and port 1240

C.

Localhost (127.0.0.1) and port 1246

D.

Localhost (127.0.0.0) and port 1243

Question 26

Which of the following policies helps secure data and protects the privacy of organizational information?

Options:

A.

Special-Access Policy

B.

Document retention Policy

C.

Cryptography Policy

D.

Personal Security Policy

Question 27

ARP spoofing is a technique whereby an attacker sends fake ("spoofed") Address Resolution Protocol (ARP) messages onto a Local Area Network. Generally, the aim is to associate the attacker's MAC address with the IP address of another host (such as the default gateway), causing any traffic meant for that IP address to be sent to the attacker instead.

ARP spoofing attack is used as an opening for other attacks.

What type of attack would you launch after successfully deploying ARP spoofing?

Options:

A.

Parameter Filtering

B.

Social Engineering

C.

Input Validation

D.

Session Hijacking

Question 28

Which of the following statements is true about the LM hash?

Options:

A.

Disabled in Windows Vista and 7 OSs

B.

Separated into two 8-character strings

C.

Letters are converted to the lowercase

D.

Padded with NULL to 16 characters

Question 29

If a web application sends HTTP cookies as its method for transmitting session tokens, it may be vulnerable which of the following attacks?

Options:

A.

Parameter tampering Attack

B.

Sql injection attack

C.

Session Hijacking

D.

Cross-site request attack

Question 30

Transmission Control Protocol (TCP) is a connection-oriented four layer protocol. It is responsible for breaking messages into segments, re-assembling them at the destination station, and re-sending. Which one of the following protocols does not use the TCP?

Options:

A.

Reverse Address Resolution Protocol (RARP)

B.

HTTP (Hypertext Transfer Protocol)

C.

SMTP (Simple Mail Transfer Protocol)

D.

Telnet

Page: 1 / 8
Total 201 questions