Summer Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free ECCouncil ECSAv10 Practice Exam with Questions & Answers | Set: 2

Questions 11

What will the following URL produce in an unpatched IIS Web Server?

ECSAv10 Question 11

Options:
A.

Execute a buffer flow in the C: drive of the web server

B.

Insert a Trojan horse into the C: drive of the web server

C.

Directory listing of the C:\windows\system32 folder on the web server

D.

Directory listing of C: drive on the web server

ECCouncil ECSAv10 Premium Access
Questions 12

Which of the following acts is a proprietary information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards and applies to all entities involved in payment card processing?

Options:
A.

PIPEDA

B.

PCI DSS

C.

Human Rights Act 1998

D.

Data Protection Act 1998

Questions 13

Kyle is performing the final testing of an application he developed for the accounting department. His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following command. What is he testing at this point?

include

#include <string.h>

int main(int argc, char *argv[])

{

char buffer[10];

if (argc < 2)

{

fprintf(stderr, "USAGE: %s string\n", argv[0]);

return 1;

}

strcpy(buffer, argv[1]);

return 0;

}

Options:
A.

Buffer overflow

B.

Format string bug

C.

Kernal injection

D.

SQL injection

Questions 14

Which of the following reports provides a summary of the complete pen testing process, its outcomes, and recommendations?

Options:
A.

Vulnerability Report

B.

Executive Report

C.

Client-side test Report

D.

Host Report

Questions 15

Today, most organizations would agree that their most valuable IT assets reside within applications and databases. Most would probably also agree that these are areas that have the weakest levels of security, thus making them the prime target for malicious activity from system administrators, DBAs, contractors, consultants, partners, and customers.

ECSAv10 Question 15

Which of the following flaws refers to an application using poorly written encryption code to securely encrypt and store sensitive data in the database and allows an attacker to steal or modify weakly protected data such as credit card numbers, SSNs, and other authentication credentials?

Options:
A.

SSI injection attack

B.

Insecure cryptographic storage attack

C.

Hidden field manipulation attack

D.

Man-in-the-Middle attack

Questions 16

Which of the following acts related to information security in the US establish that the management of an organization is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting?

Options:
A.

USA Patriot Act 2001

B.

Sarbanes-Oxley 2002

C.

Gramm-Leach-Bliley Act (GLBA)

D.

California SB 1386

Questions 17

What are the 6 core concepts in IT security?

ECSAv10 Question 17

Options:
A.

Server management, website domains, firewalls, IDS, IPS, and auditing

B.

Authentication, authorization, confidentiality, integrity, availability, and non-repudiation

C.

Passwords, logins, access controls, restricted domains, configurations, and tunnels

D.

Biometrics, cloud security, social engineering, DoS attack, viruses, and Trojans

Questions 18

What is the maximum value of a “tinyint” field in most database systems?

Options:
A.

222

B.

224 or more

C.

240 or less

D.

225 or more

Questions 19

Which of the following policy forbids everything with strict restrictions on all usage of the company systems and network?

Options:
A.

Information-Protection Po

B.

Paranoid Policy

C.

Promiscuous Policy

D.

Prudent Policy

Questions 20

Vulnerability assessment is an examination of the ability of a system or application, including current security procedures and controls, to withstand assault. It recognizes, measures, and classifies security vulnerabilities in a computer system, network, and communication channels.

A vulnerability assessment is used to identify weaknesses that could be exploited and predict the effectiveness of additional security measures in protecting information resources from attack.

ECSAv10 Question 20

Which of the following vulnerability assessment technique is used to test the web server infrastructure for any misconfiguration and outdated content?

Options:
A.

Passive Assessment

B.

Host-based Assessment

C.

External Assessment

D.

Application Assessment

Exam Code: ECSAv10
Certification Provider: ECCouncil
Exam Name: EC-Council Certified Security Analyst (ECSA) v10 : Penetration Testing
Last Update: Apr 24, 2025
Questions: 201

ECCouncil Related Exams

How to pass ECCouncil 412-79 - EC-Council Certified Security Analyst (ECSA) Exam
How to pass ECCouncil EC0-479 - EC-Council Certified Security Analyst (ECSA) Exam
How to pass ECCouncil 412-79v10 - EC-Council Certified Security Analyst (ECSA) V10 Exam
512-50 - EC-Council Information Security Manager (E|ISM)
EC0-350 - Ethical Hacking and Countermeasures V8
312-85 - Certified Threat Intelligence Analyst (CTIA)
212-81 - EC-Council Certified Encryption Specialist (ECES)
312-76 - Disaster Recovery Professional Practice Test
312-96 - Certified Application Security Engineer (CASE) JAVA
312-40 - EC-Council Certified Cloud Security Engineer (CCSE)
312-49v10 - Computer Hacking Forensic Investigator (CHFI-v10)
312-39 - Certified SOC Analyst (CSA)
312-50 - Certified Ethical Hacker Exam
312-75 - Certified EC-Council Instructor (CEI)
ECSS - EC-Council Certified Security Specialist
ECCouncil Free Access
Get ECCouncil Full Access

ECCouncil Free Exams
ECCouncil Free Exams
Discover free ECCouncil exam prep resources at Examstrack. Access practice tests and study materials to enhance your ECCouncil exam success.