Weekend Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

Achieve Success in the ECCouncil ECSAv10 Exam: A Detailed EC-Council Certified Security Analyst (ECSA) v10 : Penetration Testing Guide

Questions 21

Which of the following statements is true about Multi-Layer Intrusion Detection Systems (mIDSs)?

Options:

A.

Decreases consumed employee time and increases system uptime

B.

Increases detection and reaction time

C.

Increases response time

D.

Both Decreases consumed employee time and increases system uptime and Increases response time

Buy Now
Questions 22

Which one of the following architectures has the drawback of internally considering the hosted services individually?

Options:

A.

Weak Screened Subnet Architecture

B.

"Inside Versus Outside" Architecture

C.

"Three-Homed Firewall" DMZ Architecture

D.

Strong Screened-Subnet Architecture

Buy Now
Questions 23

What is the difference between penetration testing and vulnerability testing?

ECSAv10 Question 23

Options:

A.

Penetration testing goes one step further than vulnerability testing; while vulnerability tests check for known vulnerabilities, penetration testing adopts the concept of ‘in-depth ethical hacking’

B.

Penetration testing is based on purely online vulnerability analysis while vulnerability testing engages ethical hackers to find vulnerabilities

C.

Vulnerability testing is more expensive than penetration testing

D.

Penetration testing is conducted purely for meeting compliance standards while vulnerability testing is focused on online scans

Buy Now
Questions 24

An attacker injects malicious query strings in user input fields to bypass web service authentication mechanisms and to access back-end databases. Which of the following attacks is this?

Options:

A.

Frame Injection Attack

B.

LDAP Injection Attack

C.

XPath Injection Attack

D.

SOAP Injection Attack

Buy Now
Questions 25

DMZ is a network designed to give the public access to the specific internal resources and you might want to do the same thing for guests visiting organizations without compromising the integrity of the internal resources. In general, attacks on the wireless networks fall into four basic categories.

Identify the attacks that fall under Passive attacks category.

Options:

A.

Wardriving

B.

Spoofing

C.

Sniffing

D.

Network Hijacking

Buy Now
Questions 26

As a security analyst you setup a false survey website that will require users to create a username and a strong password. You send the link to all the employees of the company. What information will you be able to gather?

Options:

A.

The employees network usernames and passwords

B.

The MAC address of the employees' computers

C.

The IP address of the employees computers

D.

Bank account numbers and the corresponding routing numbers

Buy Now
Questions 27

ESTION NO: 92

In Linux, /etc/shadow file stores the real password in encrypted format for user’s account with added properties associated with the user’s password.

ECSAv10 Question 27

In the example of a /etc/shadow file below, what does the bold letter string indicate? 

Vivek: $1$fnffc$GteyHdicpGOfffXX40w#5:13064:0:99999:7

Options:

A.

Number of days the user is warned before the expiration date

B.

Minimum number of days required between password changes

C.

Maximum number of days the password is valid

D.

Last password changed

Buy Now
Questions 28

An "idle" system is also referred to as what?

Options:

A.

Zombie

B.

PC not being used

C.

Bot

D.

PC not connected to the Internet

Buy Now
Questions 29

O: 18

Paulette works for an IT security consulting company that is currently performing an audit for the firm ACE Unlimited. Paulette's duties include logging on to all the company's network equipment to ensure IOS versions are up-to-date and all the other security settings are as stringent as possible.

Paulette presents the following screenshot to her boss so he can inform the clients about necessary changes need to be made. From the screenshot, what changes should the client company make?

Exhibit:

ECSAv10 Question 29

Options:

A.

The banner should not state "only authorized IT personnel may proceed"

B.

Remove any identifying numbers, names, or version information

C.

The banner should include the Cisco tech support contact information as well

D.

The banner should have more detail on the version numbers for the network equipment

Buy Now
Questions 30

The SnortMain () function begins by associating a set of handlers for the signals, Snort receives. It does this using the signal () function. Which one of the following functions is used as a programspecific signal and the handler for this calls the DropStats() function to output the current Snort statistics?

Options:

A.

SIGUSR1

B.

SIGTERM

C.

SIGINT

D.

SIGHUP

Buy Now
Exam Code: ECSAv10
Exam Name: EC-Council Certified Security Analyst (ECSA) v10 : Penetration Testing
Last Update: Dec 9, 2024
Questions: 201

PDF + Testing Engine

$164.99
$57.75

Testing Engine

$124.99
$43.75

PDF (Q&A)

$104.99
$36.75