Eccouncil ECSAv10 ECSA v10 Exam Practice Test Instant Access

Question 1

You work as an IT security auditor hired by a law firm in Boston. You have been assigned the responsibility to audit the client for security risks. When assessing the risk to the clients network, what step should you take first?

AAnalyzing, categorizing and prioritizing resources

BEvaluating the existing perimeter and internal security

CChecking for a written security policy

DAnalyzing the use of existing management and control architecture

Answer : C

Question 2

Internet Control Message Protocol (ICMP) messages occur in many situations, such as whenever a datagram cannot reach the destination or the gateway does not have the buffering capacity to forward a datagram.

Each ICMP message contains three fields: type, code, and checksum. Different types of Internet Control Message Protocols (ICMPs) are identified by a TYPE field.

If the destination is not reachable, which one of the following are generated?

AType 8 ICMP codes

BType 12 ICMP codes

CType 3 ICMP codes

DType 7 ICMP codes

Answer : C

Question 3

What is the difference between penetration testing and vulnerability testing?

APenetration testing goes one step further than vulnerability testing; while vulnerability tests check for known vulnerabilities, penetration testing adopts the concept of 'in-depth ethical hacking'

BPenetration testing is based on purely online vulnerability analysis while vulnerability testing engages ethical hackers to find vulnerabilities

CVulnerability testing is more expensive than penetration testing

DPenetration testing is conducted purely for meeting compliance standards while vulnerability testing is focused on online scans

Answer : A

Question 4

Which one of the following 802.11 types uses either FHSS or DSSS for modulation?

A802.11b

B802.11a

C802.11n

D802.11-Legacy

Answer : D

Question 5

The first phase of the penetration testing plan is to develop the scope of the project in consultation with the client. Pen testing test components depend on the client's operating environment, threat perception, security and compliance requirements, ROE, and budget.

Various components need to be considered for testing while developing the scope of the project.

Which of the following is NOT a pen testing component to be tested?

ASystem Software Security

BIntrusion Detection

COutside Accomplices

DInside Accomplices

Answer : C

Question 6

Which of the following will not handle routing protocols properly?

A''Internet-router-firewall-net architecture''

B''Internet-firewall-router-net architecture''

C''Internet-firewall -net architecture''

D''Internet-firewall/router(edge device)-net architecture''

Answer : B

Question 7

SQL injection attack consists of insertion or "injection" of either a partial or complete SQL query via the data input or transmitted from the client (browser) to the web application. A successful SQL injection attack can:

i) Read sensitive data from the database

iii) Modify database data (insert/update/delete)

iii) Execute administration operations on the database (such as shutdown the DBMS) iV) Recover the content of a given file existing on the DBMS file system or write files into the file system v) Issue commands to the operating system

Pen tester needs to perform various tests to detect SQL injection vulnerability. He has to make a list of all input fields whose values could be used in crafting a SQL query, including the hidden fields of POST requests and then test them separately, trying to interfere with the query and to generate an error.

In which of the following tests is the source code of the application tested in a non-runtime environment to detect the SQL injection vulnerabilities?

AAutomated Testing

BFunction Testing

CDynamic Testing

DStatic Testing

Answer : D

Eccouncil Certified Security Analyst (ECSA) v10 ECSAv10 ECSA v10 Exam Practice Test