Eccouncil ECSAv10 ECSA v10 Exam Practice Test Instant Access

Question 1

In the process of hacking a web application, attackers manipulate the HTTP requests to subvert the application authorization schemes by modifying input fields that relate to the user ID, username, access group, cost, file names, file identifiers, etc.

They first access the web application using a low privileged account and then escalate privileges to access protected resources.What attack has been carried out?

AXPath Injection Attack

BAuthorization Attack

CAuthentication Attack

DFrame Injection Attack

Answer : B

Question 2

The framework primarily designed to fulfill a methodical and organized way of addressing five threat classes to network and that can be used to access, plan, manage, and maintain secure computers and communication networks is:

ANortells Unified Security Framework

BThe IBM Security Framework

CBell Labs Network Security Framework

DMicrosoft Internet Security Framework

Answer : C

Question 3

How many possible sequence number combinations are there in TCP/IP protocol?

A320 billion

B32 million

C4 billion

D1 billion

Answer : C

Question 4

Which of the following documents helps in creating a confidential relationship between the pen tester and client to protect critical and confidential information or trade secrets?

APenetration Testing Agreement

BRules of Behavior Agreement

CLiability Insurance

DNon-Disclosure Agreement

Answer : D

Question 5

After passing her CEH exam, Carol wants to ensure that her network is completely secure. She implements aDMZ, statefull firewall, NAT, IPSEC, and a packet filtering firewall. Since all security measures were taken,none of the hosts on her network can reach the Internet.

Why is that?

AIPSEC does not work with packet filtering firewalls

BNAT does not work with IPSEC

CNAT does not work with statefull firewalls

DStatefull firewalls do not work with packet filtering firewalls

Answer : B

Question 6

Rule of Engagement (ROE) is the formal permission to conduct a pen-test. It provides top-level guidance for conducting the penetration testing. Various factors are considered while preparing the scope of ROE which clearly explain the limits associated with the security test.

Which of the following factors is NOT considered while preparing the scope of the Rules of Engagment (ROE)?

AA list of employees in the client organization

BA list of acceptable testing techniques

CSpecific IP addresses/ranges to be tested

DPoints of contact for the penetration testing team

Answer : A

Question 7

A Demilitarized Zone (DMZ) is a computer host or small network inserted as a ''neutral zone'' between a company's private network and the outside public network. Usage of a protocol within a DMZ environment is highly variable based on the specific needs of an organization.

Privilege escalation, system is compromised when the code runs under root credentials, and DoS attacks are the basic weakness of which one of the following Protocol?

ALightweight Directory Access Protocol (LDAP)

BSimple Network Management Protocol (SNMP)

CTelnet

DSecure Shell (SSH)

Answer : D

Eccouncil ECSAv10 Certified Security Analyst (ECSA) v10 ECSA v10 Exam Practice Test