DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Boost Your Preparation with Updated EC-Council ECSA Exam Dumps

SPOTO's EC-Council Certified Security Analyst (ECSA) practice questions are the ultimate resource to ace the ECSA exam. These comprehensive exam questions and answers cover all essential topics, providing realistic practice questions and mock exams that simulate the real test environment. Leverage these invaluable exam preparation study materials and exam resources to identify knowledge gaps and reinforce your analytical skills in ethical hacking. With SPOTO's ECSA practice questions, you'll gain the confidence and expertise necessary to pass successfully. These meticulously crafted exam resources offer a wide range of exam questions, ensuring you're fully prepared to analyze the outcomes of hacking tools and technologies, solidifying your mastery as an EC-Council Certified Security Analyst.
Take other online exams

Question #1
From where can clues about the underlying application environment can be collected?
A. rom source code
B. rom file types and directories
C. rom executable file
D. rom the extension of the file
View answer
Correct Answer: D

View The Updated ECSA Exam Questions

SPOTO Provides 100% Real ECSA Exam Questions for You to Pass Your ECSA Exam!

Question #2
Which of the following acts related to information security in the US establish that the management of an organization is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting?
A. SA Patriot Act 2001
B. arbanes-Oxley 2002
C. ramm-Leach-Bliley Act (GLBA)
D. alifornia SB 1386
View answer
Correct Answer: A
Question #3
Wireshark is a network analyzer. It reads packets from the network, decodes them, and presents them in an easy-to- understand format. Which one of the following is the command-line version of Wireshark, which can be used to capture the live packets from the wire or to read the saved capture files?
A. cpdump
B. apinfos
C. shark
D. dl2wrs
View answer
Correct Answer: B
Question #4
Which of the following contents of a pen testing project plan addresses the strengths, weaknesses, opportunities, and threats involved in the project?
A. roject Goal
B. uccess Factors
C. bjectives
D. ssumptions
View answer
Correct Answer: D
Question #5
A firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. It examines all traffic routed between the two networks to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped.Why is an appliance-based firewall is more secure than those implemented on top of the commercial operating system (Software based)?
A. ppliance based firewalls cannot be upgraded
B. irewalls implemented on a hardware firewall are highly scalable
C. ardware appliances does not suffer from security vulnerabilities associated with the underlying operating system
D. perating system firewalls are highly configured
View answer
Correct Answer: A
Question #6
After passively scanning the network of Department of Defense (DoD), you switch over to active scanning to identify live hosts on their network. DoD is a lage organization and should respond to any number of scans. You start an ICMP ping sweep by sending an IP packet to the broadcast address. Only five hosts responds to your ICMP pings; definitely not the number of hosts you were expecting. Why did this ping sweep only produce a few responses?
A. A switched network will not respond to packets sent to the broadcast address
B. Only IBM AS/400 will reply to this scan
C. Only Unix and Unix-like systems will reply to this scan
D. Only Windows systems will reply to this scan
View answer
Correct Answer: C
Question #7
What are the scanning techniques that are used to bypass firewall rules and logging mechanisms and disguise themselves as usual network traffic?
A. Connect Scanning Techniques
B. SYN Scanning Techniques
C. Stealth Scanning Techniques
D. Port Scanning Techniques
View answer
Correct Answer: C
Question #8
Which of the following defines the details of services to be provided for the client's organization and the list of services required for performing the test in the organization?
A. raft
B. eport
C. equirement list
D. uotation
View answer
Correct Answer: D
Question #9
Which of the following pen testing reports provides detailed information about all the tasks performed during penetration testing?
A. lient-Side Test Report
B. ctivity Report
C. ost Report
D. ulnerability Report
View answer
Correct Answer: A
Question #10
Information gathering is performed to:i) Collect basic information about the target company and its network ii) Determine the operating system used, platforms running, web server versions, etc.iii) Find vulnerabilities and exploitsWhich of the following pen testing tests yields information about a company's technology infrastructure?
A. earching for web page posting patterns
B. nalyzing the link popularity of the company's website
C. earching for trade association directories
D. earching for a company's job postings
View answer
Correct Answer: D
Question #11
Rules of Engagement (ROE) document provides certain rights and restriction to the test team for performing the test and helps testers to overcome legal, federal, and policy-related restrictions to use different penetration testing tools and techniques.What is the last step in preparing a Rules of Engagement (ROE) document?
A. onduct a brainstorming session with top management and technical teams
B. ecide the desired depth for penetration testing
C. onduct a brainstorming session with top management and technical teams
D. ave pre-contract discussions with different pen-testers
View answer
Correct Answer: C
Question #12
Which of the following will not handle routing protocols properly?
A. Internet-router-firewall-net architecture”
B. Internet-firewall-router-net architecture”
C. Internet-firewall -net architecture”
D. Internet-firewall/router(edge device)-net architecture”
View answer
Correct Answer: B
Question #13
Which of the following approaches to vulnerability assessment relies on the administrator providing baseline of system configuration and then scanning continuously without incorporating any information found at the time of scanning?
A. ervice-based Assessment Solutions
B. roduct-based Assessment Solutions
C. ree-based Assessment
D. nference-based Assessment
View answer
Correct Answer: C
Question #14
On Linux/Unix based Web servers, what privilege should the daemon service be run under?
A. You cannot determine what privilege runs the daemon service
B. Guest
C. Root
D. Something other than root
View answer
Correct Answer: D
Question #15
The SnortMain () function begins by associating a set of handlers for the signals, Snort receives. It does this using the signal () function. Which one of the following functions is used as a programspecific signal and the handler for this calls the DropStats() function to output the current Snort statistics?
A. IGUSR1
B. IGTERM
C. IGINT
D. IGHUP
View answer
Correct Answer: A
Question #16
DMZ is a network designed to give the public access to the specific internal resources and you might want to do the same thing for guests visiting organizations without compromising the integrity of the internal resources. In general, attacks on the wireless networks fall into four basic categories. Identify the attacks that fall under Passive attacks category.(Select all that apply)
A. ardriving
B. poofing
C. niffing
D. etwork Hijacking
View answer
Correct Answer: A
Question #17
Internet Control Message Protocol (ICMP) messages occur in many situations, such as whenever a datagram cannot reach the destination or the gateway does not have the buffering capacity to forward a datagram. Each ICMP message contains three fields: type, code, and checksum.Different types of Internet Control Message Protocols (ICMPs) are identified by a type and code field.Which of the following ICMP messages will be generated if the destination port is not reachable?
A. CMP Type 11 code 1
B. CMP Type 5 code 3
C. CMP Type 3 code 2
D. CMP Type 3 code 3
View answer
Correct Answer: D
Question #18
Identify the type of testing that is carried out without giving any information to the employees or administrative head of the organization.
A. nannounced Testing
B. ouble Blind Testing
C. nnounced Testing
D. lind Testing
View answer
Correct Answer: B
Question #19
Nick is a penetration tester in Stanbiz Ltd. As a part of his duty, he was analyzing the network traffic by using various filters in the Wireshark tool. While sniffing the network traffic, he used ?€tcp.port==1433?€ Wireshark filter for acquiring a specific database related information since port number 1433 is the default port of that specific target database.Which of the following databases Nick is targeting in his test?
A. PostgreSQL
B. Oracle
C. MySQL
D. Microsoft SQL Server
View answer
Correct Answer: D
Question #20
A chipset is a group of integrated circuits that are designed to work together and are usually marketed as a single product.” It is generally the motherboard chips or the chips used on the expansion card. Which one of the following is well supported in most wireless applications?
A. rinoco chipsets
B. rism II chipsets
C. theros Chipset
D. isco chipset
View answer
Correct Answer: B
Question #21
The term social engineering is used to describe the various tricks used to fool people (employees, business partners, or customers) into voluntarily giving away information that would not normally be known to the general public.What is the criminal practice of social engineering where an attacker uses the telephone system in an attempt to scam the user into surrendering private information?
A. hishing
B. poofing
C. apping
D. ishing
View answer
Correct Answer: D
Question #22
Which of the following statements is true about the LM hash?
A. isabled in Windows Vista and 7 OSs
B. eparated into two 8-character strings
C. etters are converted to the lowercase
D. added with NULL to 16 characters
View answer
Correct Answer: A
Question #23
Which of the following is a framework of open standards developed by the Internet Engineering Task Force (IETF) that provides secure transmission of the sensitive data over an unprotected medium, such as the Internet?
A. NSSEC
B. etsec
C. KE
D. Psec
View answer
Correct Answer: D
Question #24
DMZ is a network designed to give the public access to the specific internal resources and you might want to do the same thing for guests visiting organizations without compromising the integrity of the internal resources. In general, attacks on the wireless networks fall into four basic categories. Identify the attacks that fall under Passive attacks category.
A. ardriving
B. poofing
C. niffing
D. etwork Hijacking
View answer
Correct Answer: A
Question #25
Which of the following is the range for assigned ports managed by the Internet Assigned Numbers Authority (IANA)?
A. 001-3100
B. 000-5099
C. 666-6674
D. \xad 1023
View answer
Correct Answer: D
Question #26
John, the penetration tester in a pen test firm, was asked to find whether NTP services are opened on the target network (10.0.0.7) using Nmap tool.Which one of the following Nmap commands will he use to find it?
A. map -sU –p 389 10
B. map -sU –p 123 10
C. map -sU –p 161 10
D. map -sU –p 135 10
View answer
Correct Answer: B
Question #27
Which of the following is not a condition specified by Hamel and Prahalad (1990)?
A. ore competency should be aimed at protecting company interests
B. ore competency is hard for competitors to imitate
C. ore competency provides customer benefits
D. ore competency can be leveraged widely to many products and markets
View answer
Correct Answer: A
Question #28
Firewall and DMZ architectures are characterized according to its design. Which one of the following architectures is used when routers have better high-bandwidth data stream handling capacity?
A. eak Screened Subnet Architecture
B. Inside Versus Outside" Architecture
C. Three-Homed Firewall" DMZ Architecture
D. trong Screened-Subnet Architecture
View answer
Correct Answer: A
Question #29
Which one of the following 802.11 types uses either FHSS or DSSS for modulation?
A. 02
B. 02
C. 02
D. 02
View answer
Correct Answer: D
Question #30
TCP/IP provides a broad range of communication protocols for the various applications on the network. The TCP/IP model has four layers with major protocols included within each layer. Which one of the following protocols is used to collect information from all the network devices?
A. imple Network Management Protocol (SNMP)
B. etwork File system (NFS)
C. nternet Control Message Protocol (ICMP)
D. ransmission Control Protocol (TCP)
View answer
Correct Answer: A
Question #31
You are running through a series of tests on your network to check for any security vulnerabilities. After normal working hours, you initiate a DoS attack against your external firewall. The firewall quickly freezes up and becomes unusable. You then initiate an FTP connection from an external IP into your internal network. The connection is successful even though you have FTP blocked at the external firewall. What has happened?
A. he firewall failed-open
B. he firewall failed-bypass
C. he firewall failed-closed
D. he firewall ACL has been purged
View answer
Correct Answer: A
Question #32
When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?
A. NIPS
B. Passive IDS
C. Progressive IDS
D. Active IDS
View answer
Correct Answer: D
Question #33
DNS information records provide important data about:
A. hone and Fax Numbers
B. ocation and Type of Servers
C. gents Providing Service to Company Staff
D. ew Customer
View answer
Correct Answer: B
Question #34
Identify the data security measure which defines a principle or state that ensures that an action or transaction cannot be denied.
A. vailability
B. ntegrity
C. uthorization
D. on-Repudiation
View answer
Correct Answer: D
Question #35
Identify the attack represented in the diagram below:
A. nput Validation
B. ession Hijacking
C. QL Injection
D. enial-of-Service
View answer
Correct Answer: B
Question #36
Besides the policy implications of chat rooms, Internet Relay Chat (IRC) is frequented by attackers and used as a command and control mechanism. IRC normally uses which one of the following TCP ports?
A. 566 TCP port
B. 771 TCP port
C. 667 TCP port
D. 257 TCP port
View answer
Correct Answer: C
Question #37
A man enters a PIN number at an ATM machine, being unaware that the person next to him was watching. Which of the following social engineering techniques refers to this type of information theft?
A. Shoulder surfing
B. Phishing
C. Insider Accomplice
D. Vishing
View answer
Correct Answer: A
Question #38
Which of the following is the objective of Gramm-Leach-Bliley Act?
A. o ease the transfer of financial information between institutions and banks
B. o protect the confidentiality, integrity, and availability of data
C. o set a new or enhanced standards for all U
D. o certify the accuracy of the reported financial statement
View answer
Correct Answer: A
Question #39
Identify the type of testing that is carried out without giving any information to the employees or administrative head of the organization.
A. nannounced Testing
B. ouble Blind Testing
C. nnounced Testing
D. lind Testing
View answer
Correct Answer: B
Question #40
Vulnerability assessment is an examination of the ability of a system or application, including current security procedures and controls, to withstand assault. It recognizes, measures, and classifies security vulnerabilities in a computer system, network, and communication channels.A vulnerability assessment is used to identify weaknesses that could be exploited and predict the effectiveness of additional security measures in protecting information resources from attack.Which of the following vulnerability
A. assive Assessment
B. ost-based Assessment
C. xternal Assessment
D. pplication Assessment
View answer
Correct Answer: D
Question #41
Which of the following password cracking techniques is used when the attacker has some information about the password?
A. ybrid Attack
B. ictionary Attack
C. yllable Attack
D. ule-based Attack
View answer
Correct Answer: D
Question #42
An attacker injects malicious query strings in user input fields to bypass web service authentication mechanisms and to access back-end databases. Which of the following attacks is this?
A. rame Injection Attack
B. DAP Injection Attack
C. Path Injection Attack
D. OAP Injection Attack
View answer
Correct Answer: D
Question #43
You are running known exploits against your network to test for possible vulnerabilities. To test the strength of your virus software, you load a test network to mimic your production network. Your software successfully blocks some simple macro and encrypted viruses.You decide to really test the software by using virus code where the code rewrites itself entirely and the signatures change from child to child, but the functionality stays the same. What type of virus is this that you are testing?
A. etamorphic
B. ligomorhic
C. olymorphic
D. ransmorphic
View answer
Correct Answer: A
Question #44
A man enters a PIN number at an ATM machine, being unaware that the person next to him was watching. Which of the following social engineering techniques refers to this type of information theft?
A. houlder surfing
B. hishing
C. nsider Accomplice
D. ishing
View answer
Correct Answer: A
Question #45
An attacker with a malicious intention decided to hack confidential data from the target organization. For acquiring such information, he started testing IoT devices that are connected to the target network. He started monitoring the network traffic passing between the IoT devices and the network to verify whether credentials are being transmitted in clear text. Further, he also tried to crack the passwords using well-known keywords across all the interfaces.Which of the following IoT threats the attacker i
A. Poor physical security
B. Poor authentication
C. Privacy concerns
D. Insecure firmware
View answer
Correct Answer: B
Question #46
DMZ is a network designed to give the public access to the specific internal resources and you might want to do the same thing for guests visiting organizations without compromising the integrity of the internal resources. In general, attacks on the wireless networks fall into four basic categories. Identify the attacks that fall under Passive attacks category.(Select all that apply)
A. Wardriving
B. Spoofing
C. Sniffing
D. Network Hijacking
View answer
Correct Answer: A
Question #47
Network scanning is used to identify the available network resources. Which one of the following is also known as a half-open scan, because a full TCP connection is never completed and it is used to determine which ports are open and listening on a target device?
A. YN Scan
B. CP Connect Scan
C. MAS Scan
D. ull Scan
View answer
Correct Answer: A
Question #48
In Linux, /etc/shadow file stores the real password in encrypted format for user’s account with added properties associated with the user’s password.In the example of a /etc/shadow file below, what does the bold letter string indicate? Vivek: $1$fnffc$GteyHdicpGOfffXX40w#5:13064:0:99999:7
A. umber of days the user is warned before the expiration date
B. inimum number of days required between password changes
C. aximum number of days the password is valid
D. ast password changed
View answer
Correct Answer: B
Question #49
The SnortMain () function begins by associating a set of handlers for the signals, Snort receives. It does this using the signal () function. Which one of the following functions is used as a program specific signal and the handler for this calls the DropStats() function to output the current Snort statistics?
A. IGUSR1
B. IGTERM
C. IGINT
D. IGHUP
View answer
Correct Answer: A
Question #50
A security policy is a document or set of documents that describes, at a high level, the security controls that will be implemented by the company. Which one of the following policies forbids everything and restricts usage of company computers, whether it is system usage or network usage?
A. aranoid Policy
B. rudent Policy
C. romiscuous Policy
D. nformation-Protection Policy
View answer
Correct Answer: A
Question #51
A framework for security analysis is composed of a set of instructions, assumptions, and limitations to analyze and solve security concerns and develop threat free applications.Which of the following frameworks helps an organization in the evaluation of the companys information security with that of the industrial standards?
A. Microsoft Internet Security Framework
B. Information System Security Assessment Framework
C. The IBM Security Framework
D. Nortell’s Unified Security Framework
View answer
Correct Answer: B
Question #52
Which one of the following Snort logger mode commands is associated to run a binary log file through Snort in sniffer mode to dump the packets to the screen?
A.
B.
C.
D.
View answer
Correct Answer: C
Question #53
In the TCP/IP model, the transport layer is responsible for reliability and flow control from source to the destination. TCP provides the mechanism for flow control by allowing the sending and receiving hosts to communicate. A flow control mechanism avoids the problem with a transmitting host overflowing the buffers in the receiving host.Which of the following flow control mechanism guarantees reliable delivery of data?
A. liding Windows
B. indowing
C. ositive Acknowledgment with Retransmission (PAR)
D. ynchronization
View answer
Correct Answer: C
Question #54
Irin is a newly joined penetration tester for XYZ Ltd. While joining, as a part of her training, she was instructed about various legal policies and information securities acts by her trainer. During the training, she was informed about a specific information security act related to the conducts and activities like it is illegal to perform DoS attacks on any websites or applications, it is illegal to supply and own hacking tools, it is illegal to access unauthorized computer material, etc.To which type of i
A. olice and Justice Act 2006
B. ata Protection Act 1998
C. SA Patriot Act 2001
D. uman Rights Act 1998
View answer
Correct Answer: A
Question #55
Which one of the following tools of trade is an automated, comprehensive penetration testing product for assessing the specific information security threats to an organization?
A. unbelt Network Security Inspector (SNSI)
B. ORE Impact
C. anvas
D. icrosoft Baseline Security Analyzer (MBSA)
View answer
Correct Answer: C
Question #56
Julia is a senior security analyst for Berber Consulting group. She is currently working on a contract for a small accounting firm in Florida. They have given her permission to perform social engineering attacks on the company to see if their in-house training did any good.Julia calls the main number for the accounting firm andtalks to the receptionist. Julia says that she is an IT technician from the company's main office in Iowa. She states that she needs the receptionist's network username and password t
A. Reciprocation
B. Friendship/Liking
C. Social Validation
D. Scarcity
View answer
Correct Answer: A
Question #57
The IP protocol was designed for use on a wide variety of transmission links. Although the maximum length of an IP datagram is 64K, most transmission links enforce a smaller maximum packet length limit, called a MTU.The value of the MTU depends on the type of the transmission link. The design of IP accommodates MTU differences by allowing routers to fragment IP datagrams as necessary. The receiving station is responsible for reassembling the fragments back into the original full size IP datagram.IP fragment
A. ultiple of four bytes
B. ultiple of two bytes
C. ultiple of eight bytes
D. ultiple of six bytes
View answer
Correct Answer: C
Question #58
Which of the following statements is true about the LM hash?
A. Disabled in Windows Vista and 7 OSs
B. Separated into two 8-character strings
C. Letters are converted to the lowercase
D. Padded with NULL to 16 characters
View answer
Correct Answer: A
Question #59
Which of the following is NOT related to the Internal Security Assessment penetration testing strategy?
A. esting to provide a more complete view of site security
B. esting focused on the servers, infrastructure, and the underlying software, including the target
C. esting including tiers and DMZs within the environment, the corporate network, or partner company connections
D. esting performed from a number of network access points representing each logical and physical segment
View answer
Correct Answer: B
Question #60
Which type of vulnerability assessment tool provides security to the IT system by testing for vulnerabilities in the applications and operation system?
A. ctive/Passive Tools
B. pplication-layer Vulnerability Assessment Tools
C. ocation/Data Examined Tools
D. cope Assessment Tools
View answer
Correct Answer: D
Question #61
Jim performed a vulnerability analysis on his network and found no potential problems. He runs another utility that executes exploits against his system to verify the results of the vulnerability test. The second utility executes five known exploits against his network in which the vulnerability analysis said were not exploitable. What kind of results did Jim receive from his vulnerability analysis?
A. rue negatives
B. alse negatives
C. alse positives
D. rue positives
View answer
Correct Answer: B
Question #62
Which vulnerability assessment phase describes the scope of the assessment, identifies and ranks the critical assets, and creates proper information protection procedures such as effective planning, scheduling, coordination, and logistics?
A. hreat-Assessment Phase
B. re-Assessment Phase
C. ssessment Phase
D. ost-Assessment Phase
View answer
Correct Answer: B
Question #63
Which of the following is NOT related to the Internal Security Assessment penetration testing strategy?
A. esting to provide a more complete view of site security
B. esting focused on the servers, infrastructure, and the underlying software, including the target
C. esting including tiers and DMZs within the environment, the corporate network, or partner company connections
D. esting performed from a number of network access points representing each logical and physical segment
View answer
Correct Answer: B
Question #64
In which of the following IDS evasion techniques does IDS reject the packets that an end system accepts?
A. PS evasion technique
B. DS evasion technique
C. DP evasion technique
D. TL evasion technique
View answer
Correct Answer: D
Question #65
Why is a legal agreement important to have before launching a penetration test?
A. uarantees your consultant fees
B. llows you to perform a penetration test without the knowledge and consent of the organization's upper management
C. t establishes the legality of the penetration test by documenting the scope of the project and the consent of the company
D. t is important to ensure that the target organization has implemented mandatory security policies
View answer
Correct Answer: C
Question #66
A framework is a fundamental structure used to support and resolve complex issues. The framework that delivers an efficient set of technologies in order to develop applications which are more secure in using Internet and Intranet is:
A. icrosoft Internet Security Framework
B. nformation System Security Assessment Framework (ISSAF)
C. ell Labs Network Security Framework
D. he IBM Security Framework
View answer
Correct Answer: A
Question #67
What is the difference between penetration testing and vulnerability testing?
A. enetration testing goes one step further than vulnerability testing; while vulnerability tests check for known vulnerabilities, penetration testing adopts the concept of ‘in-depth ethical hacking’
B. enetration testing is based on purely online vulnerability analysis while vulnerability testing engages ethical hackers to find vulnerabilities
C. ulnerability testing is more expensive than penetration testing
D. enetration testing is conducted purely for meeting compliance standards while vulnerability testing is focused on online scans
View answer
Correct Answer: A
Question #68
Simon is a former employee of Trinitron XML Inc. He feels he was wrongly terminated and wants to hack into his former company's network. Since Simon remembers some of the server names, he attempts to run the AXFR and IXFR commands using DIG.What is Simon trying to accomplish here?
A. numerate all the users in the domain
B. erform DNS poisoning
C. end DOS commands to crash the DNS servers
D. erform a zone transfer
View answer
Correct Answer: D
Question #69
Which of the following documents helps in creating a confidential relationship between the pen tester and client to protect critical and confidential information or trade secrets?
A. enetration Testing Agreement
B. ules of Behavior Agreement
C. iability Insurance
D. on-Disclosure Agreement
View answer
Correct Answer: D
Question #70
After passively scanning the network of Department of Defense (DoD), you switch over to active scanning to identify live hosts on their network. DoD is a lage organization and should respond to any number of scans. You start an ICMP ping sweep by sending an IP packet to the broadcast address. Only five hosts responds to your ICMP pings; definitely not the number of hosts you were expecting. Why did this ping sweep only produce a few responses?
A. A switched network will not respond to packets sent to the broadcast address
B. Only IBM AS/400 will reply to this scan
C. Only Unix and Unix-like systems will reply to this scan
D. Only Windows systems will reply to this scan
View answer
Correct Answer: C
Question #71
Which of the following is not the SQL injection attack character?
A.
B. RINT
C.
D. @variable
View answer
Correct Answer: A
Question #72
What is a difference between host-based intrusion detection systems (HIDS) and network- based intrusion detection systems (NIDS)?
A. NIDS are usually a more expensive solution to implement compared to HIDS
B. Attempts to install Trojans or backdoors cannot be monitored by a HIDS whereas NIDS can monitor and stop such intrusion events
C. NIDS are standalone hardware appliances that include network intrusion detection capabilities whereas HIDS consist of software agents installed on individual computers within the system
D. HIDS requires less administration and training compared to NIDS
View answer
Correct Answer: C
Question #73
Which of the following equipment could a pen tester use to perform shoulder surfing?
A. inoculars
B. ainted ultraviolet material
C. icrophone
D. ll the above
View answer
Correct Answer: A

View The Updated EC-Council Exam Questions

SPOTO Provides 100% Real EC-Council Exam Questions for You to Pass Your EC-Council Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: