Black Friday Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Achieve Success in the ECCouncil ECSAv10 Exam: A Detailed EC-Council Certified Security Analyst (ECSA) v10 : Penetration Testing Guide

Questions 11

What will the following URL produce in an unpatched IIS Web Server?

ECSAv10 Question 11

Options:

A.

Execute a buffer flow in the C: drive of the web server

B.

Insert a Trojan horse into the C: drive of the web server

C.

Directory listing of the C:\windows\system32 folder on the web server

D.

Directory listing of C: drive on the web server

Buy Now
Questions 12

Which of the following acts is a proprietary information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards and applies to all entities involved in payment card processing?

Options:

A.

PIPEDA

B.

PCI DSS

C.

Human Rights Act 1998

D.

Data Protection Act 1998

Buy Now
Questions 13

Kyle is performing the final testing of an application he developed for the accounting department. His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following command. What is he testing at this point?

include

#include <string.h>

int main(int argc, char *argv[])

{

char buffer[10];

if (argc < 2)

{

fprintf(stderr, "USAGE: %s string\n", argv[0]);

return 1;

}

strcpy(buffer, argv[1]);

return 0;

}

Options:

A.

Buffer overflow

B.

Format string bug

C.

Kernal injection

D.

SQL injection

Buy Now
Questions 14

Which of the following reports provides a summary of the complete pen testing process, its outcomes, and recommendations?

Options:

A.

Vulnerability Report

B.

Executive Report

C.

Client-side test Report

D.

Host Report

Buy Now
Questions 15

Today, most organizations would agree that their most valuable IT assets reside within applications and databases. Most would probably also agree that these are areas that have the weakest levels of security, thus making them the prime target for malicious activity from system administrators, DBAs, contractors, consultants, partners, and customers.

ECSAv10 Question 15

Which of the following flaws refers to an application using poorly written encryption code to securely encrypt and store sensitive data in the database and allows an attacker to steal or modify weakly protected data such as credit card numbers, SSNs, and other authentication credentials?

Options:

A.

SSI injection attack

B.

Insecure cryptographic storage attack

C.

Hidden field manipulation attack

D.

Man-in-the-Middle attack

Buy Now
Questions 16

Which of the following acts related to information security in the US establish that the management of an organization is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting?

Options:

A.

USA Patriot Act 2001

B.

Sarbanes-Oxley 2002

C.

Gramm-Leach-Bliley Act (GLBA)

D.

California SB 1386

Buy Now
Questions 17

What are the 6 core concepts in IT security?

ECSAv10 Question 17

Options:

A.

Server management, website domains, firewalls, IDS, IPS, and auditing

B.

Authentication, authorization, confidentiality, integrity, availability, and non-repudiation

C.

Passwords, logins, access controls, restricted domains, configurations, and tunnels

D.

Biometrics, cloud security, social engineering, DoS attack, viruses, and Trojans

Buy Now
Questions 18

What is the maximum value of a “tinyint” field in most database systems?

Options:

A.

222

B.

224 or more

C.

240 or less

D.

225 or more

Buy Now
Questions 19

Which of the following policy forbids everything with strict restrictions on all usage of the company systems and network?

Options:

A.

Information-Protection Po

B.

Paranoid Policy

C.

Promiscuous Policy

D.

Prudent Policy

Buy Now
Questions 20

Vulnerability assessment is an examination of the ability of a system or application, including current security procedures and controls, to withstand assault. It recognizes, measures, and classifies security vulnerabilities in a computer system, network, and communication channels.

A vulnerability assessment is used to identify weaknesses that could be exploited and predict the effectiveness of additional security measures in protecting information resources from attack.

ECSAv10 Question 20

Which of the following vulnerability assessment technique is used to test the web server infrastructure for any misconfiguration and outdated content?

Options:

A.

Passive Assessment

B.

Host-based Assessment

C.

External Assessment

D.

Application Assessment

Buy Now