لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
In the process of hacking a web application, attackers manipulate the HTTP requests to subvert the application authorization schemes by modifying input fields that relate to the user ID, username, access group, cost, file names, file identifiers, etc. They first access the web application using a low privileged account and then escalate privileges to access protected resources. What attack has been carried out?
A. XPath Injection Attack
B. Authorization Attack
C. Authentication Attack
D. Frame Injection Attack
عرض الإجابة
اجابة صحيحة: B
السؤال #2
Before performing the penetration testing, there will be a pre-contract discussion with different pen-testers (the team of penetration testers) to gather a quotation to perform pen testing. Which of the following factors is NOT considered while preparing a price quote to perform pen testing?
A. Expected time required to finish the project
B. The budget required
C. Total number of employees in the client organization
D. Type of testers involved
عرض الإجابة
اجابة صحيحة: C
السؤال #3
An organization deployed Microsoft Azure cloud services for running their business activities. They appointed Jamie, a security analyst for performing cloud penetration testing. Microsoft prohibits certain tests to be carried out on their platform. Which of the following penetration testing activities Jamie cannot perform on the Microsoft Azure cloud service?
A. Post scanning
B. Denial-of-Service
C. Log monitoring
D. Load testing
عرض الإجابة
اجابة صحيحة: B
السؤال #4
Metasploit framework in an open source platform for vulnerability research, development, and penetration testing. Which one of the following metasploit options is used to exploit multiple systems at once?
A. NinjaDontKill
B. NinjaHost
C. RandomNops
D. EnablePython
عرض الإجابة
اجابة صحيحة: A
السؤال #5
A firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. It examines all traffic routed between the two networks to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped. [ECCouncil-ECSAv8-10.3/ECCouncil-ECSAv8-4_2.png] Why is an appliance-based firewall is more secure than those implemented on top of the commercial operating system (Software based)?
A. Appliance based firewalls cannot be upgraded
B. Firewalls implemented on a hardware firewall are highly scalable
C. Hardware appliances does not suffer from security vulnerabilities associated with the underlying operating system
D. Operating system firewalls are highly configured
عرض الإجابة
اجابة صحيحة: C
السؤال #6
Thomas is an attacker and he skimmed through the HTML source code of an online shopping website for the presence of any vulnerabilities that he can exploit. He already knows that when a user makes any selection of items in the online shopping webpage, the selection is typically stored as form field values and sent to the application as an HTTP request (GET or POST) after clicking the Submit button. He also knows that some fields related to the selected items are modifiable by the user (like quantity, color,
A. Session poisoning attack
B. Hidden field manipulation attack
C. HTML embedding attack
D. XML external entity attack
عرض الإجابة
اجابة صحيحة: C
السؤال #7
Why are Linux/Unix based computers better to use than Windows computers for idle scanning?
A. Windows computers are constantly talking
B. Linux/Unix computers are constantly talking
C. Linux/Unix computers are easier to compromise
D. Windows computers will not respond to idle scans
عرض الإجابة
اجابة صحيحة: A
السؤال #8
Adam is an IT administrator for Syncan Ltd. He is designated to perform various IT tasks like setting up new user accounts, managing backup/restores, security authentications and passwords, etc. Whilst performing his tasks, he was asked to employ the latest and most secure authentication protocol to encrypt the passwords of users that are stored in the Microsoft Windows OS-based systems. Which of the following authentication protocols should Adam employ in order to achieve the objective?
A. LANMAN
B. Kerberos
C. NTLM
D. NTLMv2
عرض الإجابة
اجابة صحيحة: C
السؤال #9
Which one of the following is a supporting tool for 802.11 (wireless) packet injections, it spoofs 802.11 packets to verify whether the access point is valid or not?
A. Airsnort
B. Aircrack
C. Airpwn
D. WEPCrack
عرض الإجابة
اجابة صحيحة: C
السؤال #10
Which of the following contents of a pen testing project plan addresses the strengths, weaknesses, opportunities, and threats involved in the project?
A. Project Goal
B. Success Factors
C. Objectives
D. Assumptions
عرض الإجابة
اجابة صحيحة: B
السؤال #11
Which of the following policy forbids everything with strict restrictions on all usage of the company systems and network?
A. Paranoid Policy
B. Information-Protection Po
C. Promiscuous Policy
D. Prudent Policy
عرض الإجابة
اجابة صحيحة: A
السؤال #12
A hacker initiates so many invalid requests to a cloud network host that the host uses all its resources responding to invalid requests and ignores the legitimate requests. Identify the type of attack -
A. Denial of Service (DoS) attacks
B. Side Channel attacks
C. Man-in-the-middle cryptographic attacks
D. Authentication attacks
عرض الإجابة
اجابة صحيحة: A
السؤال #13
A man enters a PIN number at an ATM machine, being unaware that the person next to him was watching. Which of the following social engineering techniques refers to this type of information theft?
A. Shoulder surfing
B. Phishing
C. Insider Accomplice
D. Vishing
عرض الإجابة
اجابة صحيحة: A
السؤال #14
Which of the following will not handle routing protocols properly?
A. “Internet-router-firewall-net architecture”
B. “Internet-firewall-router-net architecture”
C. “Internet-firewall -net architecture”
D. “Internet-firewall/router(edge device)-net architecture”
عرض الإجابة
اجابة صحيحة: B
السؤال #15
Simon is a former employee of Trinitron XML Inc. He feels he was wrongly terminated and wants to hack into his former company's network. Since Simon remembers some of the server names, he attempts to run the axfr and ixfr commands using DIG. What is Simon trying to accomplish here?
A. Enumerate all the users in the domain
B. Perform DNS poisoning
C. Send DOS commands to crash the DNS servers
D. Perform a zone transfer
عرض الإجابة
اجابة صحيحة: D
السؤال #16
How many bits is Source Port Number in TCP Header packet?
A. 48
B. 32
C. 64
D. 16
عرض الإجابة
اجابة صحيحة: D
السؤال #17
Jason is working on a pen testing assignment. He is sending customized ICMP packets to a host in the target network. However, the ping requests to the target failed with ?€ICMP Time Exceeded Type = 11?€ error messages. What can Jason do to overcome this error?
A. Set a Fragment Offset
B. Increase the Window size in the packets
C. Increase the TTL value in the packets
D. Increase the ICMP header length
عرض الإجابة
اجابة صحيحة: C
السؤال #18
Sam was asked to conduct penetration tests on one of the client?€?s internal networks. As part of the testing process, Sam performed enumeration to gain information about computers belonging to a domain, list of shares on the individual hosts in the network, policies and passwords. Identify the enumeration technique.
A. NTP Enumeration
B. NetBIOS Enumeration
C. DNS Enumeration
D. SMTP Enumeration
عرض الإجابة
اجابة صحيحة: B
السؤال #19
An "idle" system is also referred to as what?
A. Bot
B. PC not connected to the Internet
C. PC not being used
D. Zombie
عرض الإجابة
اجابة صحيحة: D
السؤال #20
In the context of penetration testing, what does blue teaming mean? [ECCouncil-ECSAv8-10.3/ECCouncil-ECSAv8-5_2.png]
A. A penetration test performed with the knowledge and consent of the organization's IT staff
B. It is the most expensive and most widely used
C. It may be conducted with or without warning
D. A penetration test performed without the knowledge of the organization's IT staff but with permission from upper management
عرض الإجابة
اجابة صحيحة: A
السؤال #21
Firewall and DMZ architectures are characterized according to its design. Which one of the following architectures is used when routers have better high-bandwidth data stream handling capacity?
A. Strong Screened-Subnet Architecture
B. Weak Screened Subnet Architecture
C. "Inside Versus Outside" Architecture
D. "Three-Homed Firewall" DMZ Architecture
عرض الإجابة
اجابة صحيحة: B
السؤال #22
Vulnerability assessment is an examination of the ability of a system or application, including current security procedures and controls, to withstand assault. It recognizes, measures, and classifies security vulnerabilities in a computer system, network, and communication channels. A vulnerability assessment is used to identify weaknesses that could be exploited and predict the effectiveness of additional security measures in protecting information resources from attack. [ECCouncil-ECSAv8-10.3/ECCouncil-EC
A. Passive Assessment
B. Host-based Assessment
C. External Assessment
D. Application Assessment
عرض الإجابة
اجابة صحيحة: D
السؤال #23
Which of the following is not a condition specified by Hamel and Prahalad (1990)?
A. Core competency should be aimed at protecting company interests
B. Core competency is hard for competitors to imitate
C. Core competency provides customer benefits
D. Core competency can be leveraged widely to many products and markets
عرض الإجابة
اجابة صحيحة: A
السؤال #24
Your company's network just finished going through a SAS 70 audit. This audit reported that overall, your network is secure, but there are some areas that needs improvement. The major area was SNMP security. The audit company recommended turning off SNMP, but that is not an option since you have so many remote nodes to keep track of. What step could you take to help secure SNMP on your network?
A. Change the default community string names
B. Block all internal MAC address from using SNMP
C. Block access to UDP port 171
D. Block access to TCP port 171
عرض الإجابة
اجابة صحيحة: A
السؤال #25
Why are Linux/Unix based computers better to use than Windows computers for idle scanning?
A. Windows computers will not respond to idle scans
B. Linux/Unix computers are constantly talking
C. Linux/Unix computers are easier to compromise
D. Windows computers are constantly talking
عرض الإجابة
اجابة صحيحة: D
السؤال #26
Steven is performing a wireless network audit. As part of the engagement, he is trying to crack a WPA-PSK key. Steven has captured enough packets to run aircrack-ng and discover the key, but aircrack-ng did not yield any result, as there were no authentication packets in the capture. Which of the following commands should Steven use to generate authentication packets?
A. aireplay-ng --deauth 11 -a AA:BB:CC:DD:EE:FF
B. airmon-ng start eth0
C. airodump-ng --write capture eth0
D. aircrack-ng
عرض الإجابة
اجابة صحيحة: A
السؤال #27
You are carrying out the last round of testing for your new website before it goes live. The website has many dynamic pages and connects to a SQL backend that accesses your product inventory in a database. You come across a web security site that recommends inputting the following code into a search field on web pages to check for vulnerabilities: When you type this and click on search, you receive a pop-up window that says: "This is a test." What is the result of t
A. Your website is vulnerable to web bugs
B. Your website is vulnerable to CSS
C. Your website is not vulnerable
D. Your website is vulnerable to SQL injection
عرض الإجابة
اجابة صحيحة: B
السؤال #28
An "idle" system is also referred to as what?
A. Zombie
B. PC not being used
C. Bot
D. PC not connected to the Internet
عرض الإجابة
اجابة صحيحة: A
السؤال #29
Joseph, a penetration tester, was hired by Xsecurity Services. Joseph was asked to perform a pen test on a client?€?s network. He was not provided with any information about the client organization except the company name. Identify the type of testing Joseph is going to perform for the client organization?
A. White-box Penetration Testing
B. Black-box Penetration Testing
C. Announced Testing
D. Grey-box Penetration Testing
عرض الإجابة
اجابة صحيحة: B
السؤال #30
What operating system would respond to the following command?
A. Mac OS X
B. Windows XP
C. Windows 95
D. FreeBSD
عرض الإجابة
اجابة صحيحة: D

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.