DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Conquer the EC-Council ECSA Exam with Comprehensive Study Materials

SPOTO's EC-Council ECSA practice questions play a crucial role in helping candidates succeed in the EC-Council Certified Security Analyst (ECSA) exam. These practice tests offer a comprehensive set of exam questions and answers, closely aligned with the actual exam format. By regularly engaging with SPOTO's practice questions and mock exams, candidates can simulate exam conditions, identify areas for improvement, and enhance their exam preparation. SPOTO's extensive study materials and exam resources further support candidates in their journey towards success. With SPOTO's effective exam preparation resources, candidates can confidently approach the ECSA exam and increase their chances of passing successfully, achieving their EC-Council Certified Security Analyst certification.
Take other online exams

Question #1
During the process of fingerprinting a web application environment, what do you need to do in order to analyze HTTP and HTTPS request headers and the HTML source code?
A. Examine Source of the Available Pages
B. Perform Web Spidering
C. Perform Banner Grabbing
D. Check the HTTP and HTML Processing by the Browser
View answer
Correct Answer: D
Question #2
Michael works for Kimball Construction Company as senior security analyst. As part of yearly security audit, Michael scans his network for vulnerabilities. Using Nmap, Michael conducts XMAS scan and most of the ports scanned do not give a response. In what state are these ports?
A. iltered
B. tealth
C. losed
D. pen
View answer
Correct Answer: D
Question #3
The first and foremost step for a penetration test is information gathering. The main objective of this test is to gather information about the target system which can be used in a malicious manner to gain access to the target systems.Which of the following information gathering terminologies refers to gathering information through social engineering on-site visits, face-to-face interviews, and direct questionnaires?
A. ctive Information Gathering
B. seudonymous Information Gathering
C. nonymous Information Gathering
D. pen Source or Passive Information Gathering
View answer
Correct Answer: A
Question #4
Traceroute is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network. It sends a sequence of three Internet Control Message Protocol (ICMP) echo request packets addressed to a destination host.The time-to-live (TTL) value, also known as hop limit, is used in determining the intermediate routers being traversed towards the destination.During routing, each router reduces packets' TTL value by
A.
B.
C.
D.
View answer
Correct Answer: B
Question #5
Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM file on a computer. Where should Harold navigate on the computer to find the file?
A. systemroot%\\LSA
B. systemroot%\\repair
C. systemroot%\\system32\\drivers\\etc
D. systemroot%\\system32\\LSA
View answer
Correct Answer: B
Question #6
John, a penetration tester from a pen test firm, was asked to collect information about the host file in a Windows system directory. Which of the following is the location of the host file in Window system directory?
A. :\\Windows\\System32\\Boot
B. :\\WINNT\\system32\\drivers\\etc
C. :\\WINDOWS\\system32\\cmd
D. :\\Windows\\System32\\restore
View answer
Correct Answer: B
Question #7
Michael, a Licensed Penetration Tester, wants to create an exact replica of an original website, so he can browse and spend more time analyzing it.Which of the following tools will Michael use to perform this task?
A. isualRoute
B. etInspector
C. lackWidow
D. aproxy
View answer
Correct Answer: C
Question #8
What does ICMP Type 3/Code 13 mean?
A. ost Unreachable
B. ort Unreachable
C. rotocol Unreachable
D. dministratively Blocked
View answer
Correct Answer: D
Question #9
Which one of the following commands is used to search one of more files for a specific pattern and it helps in organizing the firewall log files?
A. rpck
B. rep
C. pgv
D. prn
View answer
Correct Answer: B
Question #10
ABC Technologies, a large financial company, hired a penetration tester to do physical penetration testing. On the first day of his assignment, the penetration tester goes to the company posing as a repairman and starts checking trash bins to collect the sensitive information.What is the penetration tester trying to do?
A. Trying to attempt social Engineering using phishing
B. Trying to attempt social engineering by shoulder surfing
C. Trying to attempt social engineering by eavesdropping
D. Trying to attempt social engineering by dumpster diving
View answer
Correct Answer: D
Question #11
The first and foremost step for a penetration test is information gathering. The main objective of this test is to gather information about the target system which can be used in a malicious manner to gain access to the target systems.Which of the following information gathering terminologies refers to gathering information through social engineering on-site visits, face-to-face interviews, and direct questionnaires?
A. ctive Information Gathering
B. seudonymous Information Gathering
C. nonymous Information Gathering
D. pen Source or Passive Information Gathering
View answer
Correct Answer: A
Question #12
Kimberly is studying to be an IT security analyst at a vocational school in her town. The school offers many different programming as well as networking languages. What networking protocol language should she learn that routers utilize?
A. OSPF
B. BPG
C. ATM
D. UDP
View answer
Correct Answer: A
Question #13
Which of the following protocols cannot be used to filter VoIP traffic?
A. Media Gateway Control Protocol (MGCP)
B. Real-time Transport Control Protocol (RTCP)
C. Session Description Protocol (SDP)
D. Real-TimePublish Subscribe (RTPS)
View answer
Correct Answer: D
Question #14
James is a security consultant at Big Frog Software Pvt Ltd. He is an expert in Footprinting and Social engineering tasks. His team lead tasked him to find details about the target through passive reconnaissance. James used websites to check the link popularity of the client?€?s domain name.What information does the link popularity provide?
A. Information about the network resources
B. Information about visitors, their geolocations, etc
C. Information about the server and its infrastructure
D. Information about the partner of the organization
View answer
Correct Answer: D
Question #15
TCP/IP model isa framework for the Internet Protocol suite of computer network protocols that defines the communication in an IP-based network. It provides end-to-end connectivity specifying how data should be formatted, addressed, transmitted, routed and received at the destination. This functionality has been organized into four abstraction layers which are used to sort all related protocols according to the scope of networking involved.
A. Transport layer
B. Network Access layer
C. Internet layer
D. Application layer
View answer
Correct Answer: C
Question #16
Firewall is an IP packet filter that enforces the filtering and security policies to the flowing network traffic. Using firewalls in IPv6 is still the best way of protection from low level attacks at the network and transport layers. Which one of the following cannot handle routing protocols properly?
A. Internet-router-firewall-net architecture”
B. Internet-firewall-router-net architecture”
C. Internet-firewall/router(edge device)-net architecture”
D. Internet-firewall -net architecture”
View answer
Correct Answer: B
Question #17
If a web application sends HTTP cookies as its method for transmitting session tokens, it may be vulnerable which of the following attacks?
A. Parameter tampering Attack
B. Sql injection attack
C. Session Hijacking
D. Cross-site request attack
View answer
Correct Answer: D
Question #18
Many security and compliance projects begin with a simple idea: assess the organization's risk, vulnerabilities, and breaches. Implementing an IT security risk assessment is critical to the overall security posture of any organization.An effective security risk assessment can prevent breaches and reduce the impact of realized breaches.
A. Risk = Budget x Time
B. Risk = Goodwill x Reputation
C. Risk = Loss x Exposure factor
D. Risk = Threats x Attacks
View answer
Correct Answer: C
Question #19
Windows stores user passwords in the Security Accounts Manager database (SAM), or in the Active Directory database in domains. Passwords are never stored in clear text; passwords are hashed and the results are stored in the SAM. NTLM and LM authentication protocols are used to securely store a user's password in the SAM database using different hashing methods.The SAM file in Windows Server 2008 is located in which of the following locations?
A. :\\windows\\system32\\config\\SAM
B. :\\windows\\system32\\drivers\\SAM
C. :\\windows\\system32\\Setup\\SAM
D. :\\windows\\system32\\Boot\\SAM
View answer
Correct Answer: D
Question #20
Today, most organizations would agree that their most valuable IT assets reside within applications and databases. Most would probably also agree that these are areas that have the weakest levels of security, thus making them the prime target for malicious activity from system administrators, DBAs, contractors, consultants, partners, and customers.Which of the following flaws refers to an application using poorly written encryption code to securely encrypt and store sensitive data in the database and allows
A. SI injection attack
B. nsecure cryptographic storage attack
C. idden field manipulation attack
D. an-in-the-Middle attack
View answer
Correct Answer: B
Question #21
What are the security risks of running a "repair" installation for Windows XP?
A. here are no security risks when running the "repair" installation for Windows XP
B. ressing Shift+F1 gives the user administrative rights
C. ressing Ctrl+F10 gives the user administrative rights
D. ressing Shift+F10 gives the user administrative rights
View answer
Correct Answer: D
Question #22
Which one of the following log analysis tools is a Cisco Router Log Format log analyzer and it parses logs, imports them into a SQL database (or its own built-in database), aggregates them, and generates the dynamically filtered reports, all through a web interface?
A. vent Log Tracker
B. awmill
C. yslog Manager
D. vent Log Explorer
View answer
Correct Answer: B
Question #23
A firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. It examines all traffic routed between the two networks to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped.
A. Appliance based firewalls cannot be upgraded
B. Firewalls implemented on a hardware firewall are highly scalable
C. Hardware appliances does not suffer from security vulnerabilities associated with the underlying operating system
D. Operating system firewalls are highly configured
View answer
Correct Answer: C
Question #24
SQL injection attacks are becoming significantly more popular amongst hackers and there has been an estimated 69 percent increase of this attack type.This exploit is used to great effect by the hacking community since it is the primary way to steal sensitive data from web applications. It takes advantage of non-validated input vulnerabilities to pass SQL commands through a web application for execution by a back-end database.The below diagram shows how attackers launched SQL injection attacks on web applica
A. lah' “2=2 –“
B. lah' and 2=2 --
C. lah' and 1=1 --
D. lah' or 1=1 --
View answer
Correct Answer: D
Question #25
Meyer Electronics Systems just recently had a number of laptops stolen out of their office. On these laptops contained sensitive corporate information regarding patents and company strategies. A month after the laptops were stolen, a competing company was found to have just developed products that almost exactly duplicated products that Meyer produces.What could have prevented this information from being stolen from the laptops?
A. DW Encryption
B. FS Encryption
C. FS Encryption
D. PS Encryption
View answer
Correct Answer: B
Question #26
Which of the following methods is used to perform server discovery?
A. anner Grabbing
B. ho is Lookup
C. QL Injection
D. ession Hijacking
View answer
Correct Answer: B
Question #27
You work as an IT security auditor hired by a law firm in Boston. You have been assigned the responsibility to audit the client for security risks. When assessing the risk to the clients network, what step should you take first?
A. nalyzing, categorizing and prioritizing resources
B. valuating the existing perimeter and internal security
C. hecking for a written security policy
D. nalyzing the use of existing management and control architecture
View answer
Correct Answer: C
Question #28
Identify the type of authentication mechanism represented below:
A. TLMv1
B. TLMv2
C. AN Manager Hash
D. erberos
View answer
Correct Answer: D
Question #29
Which of the following statements is true about Multi-Layer Intrusion Detection Systems (mIDSs)?
A. ecreases consumed employee time and increases system uptime
B. ncreases detection and reaction time
C. ncreases response time
D. oth Decreases consumed employee time and increases system uptime and Increases response time
View answer
Correct Answer: A
Question #30
After attending a CEH security seminar, you make a list of changes you would like to perform on your network to increase its security. One of the first things you change is to switch the Restrict Anonymous setting from 0 to 1 on your servers. This, as you were told, would prevent anonymous users from establishing a null session on the server. Using User info tool mentioned at the seminar, you succeed in establishing a null session with one of the servers. Why is that?
A. estrict Anonymous must be set to "2" for complete security
B. estrict Anonymous must be set to "3" for complete security
C. here is no way to always prevent an anonymous null session from establishing
D. estrict Anonymous must be set to "10" for complete security
View answer
Correct Answer: A
Question #31
A firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. It examines all traffic routed between the two networks to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped. Why is an appliance-based firewall is more secure than those implemented on top of the commercial operating system (Software based)?
A. ppliance based firewalls cannot be upgraded
B. irewalls implemented on a hardware firewall are highly scalable
C. ardware appliances does not suffer from security vulnerabilities associated with the underlying operating system
D. perating system firewalls are highly configured
View answer
Correct Answer: C
Question #32
Kimberly is studying to be an IT security analyst at a vocational school in her town. The school offers many different programming as well as networking languages. What networking protocol language should she learn that routers utilize?
A. OSPF
B. BPG
C. ATM
D. UDP
View answer
Correct Answer: A
Question #33
A pen tester has extracted a database name by using a blind SQL injection. Now he begins to test the table inside the database using the below query and finds the table:http://juggyboy.com/page.aspx?id=1; IF (LEN(SELECT TOP 1 NAME from sysobjects where xtype='U')=3) WAITFOR DELAY '00:00:10'--http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),1,1)))=101) WAITFOR DELAY '00:00:10'--http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring(
A. TS
B. RT
C. MP
D. BC
View answer
Correct Answer: C
Question #34
In the example of a /etc/passwd file below, what does the bold letter string indicate? nomad:HrLNrZ3VS3TF2:501:100: Simple Nomad:/home/nomad:/bin/bash
A. aximum number of days the password is valid
B. roup number
C. ECOS information
D. ser number
View answer
Correct Answer: D
Question #35
What information can be collected by dumpster diving?
A. ensitive documents
B. mail messages
C. ustomer contact information
D. ll the above
View answer
Correct Answer: A
Question #36
Identify the framework that comprises of five levels to guide agency assessment of their security programs and assist in prioritizing efforts for improvement:
A. nformation System Security Assessment Framework (ISSAF)
B. icrosoft Internet Security Framework
C. ortells Unified Security Framework
D. ederal Information Technology Security Assessment Framework
View answer
Correct Answer: D
Question #37
Timing is an element of port-scanning that can catch one unaware. If scans are taking too long to complete or obvious ports are missing from the scan, various time parameters may need to be adjusted. Which one of the following scanned timing options in NMAP’s scan is useful across slow WAN links or to hide the scan?
A. aranoid
B. neaky
C. olite
D. ormal
View answer
Correct Answer: C
Question #38
An "idle" system is also referred to as what?
A. ombie
B. C not being used
C. ot
D. C not connected to the Internet
View answer
Correct Answer: A
Question #39
You have compromised a lower-level administrator account on an Active Directory network of a small company in Dallas, Texas. You discover Domain Controllers through enumeration. You connect to one of the Domain Controllers on port 389 using Idp.exe. What are you trying to accomplish here?
A. oison the DNS records with false records
B. numerate MX and A records from DNS
C. stablish a remote connection to the Domain Controller
D. numerate domain user accounts and built-in groups
View answer
Correct Answer: D
Question #40
As a security analyst you setup a false survey website that will require users to create a username and a strong password. You send the link to all the employees of the company.What information will you be able to gather?
A. The employees network usernames and passwords
B. The MAC address of the employees?computers
C. The IP address of the employees computers
D. Bank account numbers and the corresponding routing numbers
View answer
Correct Answer: A
Question #41
Which of the following protocol’s traffic is captured by using the filter tcp.port==3389 in the Wireshark tool?
A. everse Gossip Transport Protocol (RGTP)
B. eal-time Transport Protocol (RTP)
C. emote Desktop Protocol (RDP)
D. ession Initiation Protocol (SIP)
View answer
Correct Answer: C
Question #42
Which one of the following log analysis tools is a Cisco Router Log Format log analyzer and it parses logs, imports them into a SQL database (or its own built-in database), aggregates them, and generates the dynamically filtered reports, all through a web interface?
A. vent Log Tracker
B. awmill
C. yslog Manager
D. vent Log Explorer
View answer
Correct Answer: B
Question #43
Which of the following policies states that the relevant application owner must authorize requests for additional access to specific business applications in writing to the IT Department/resource?
A. pecial-Access Policy
B. ser Identification and Password Policy
C. ersonal Computer Acceptable Use Policy
D. ser-Account Policy
View answer
Correct Answer: B
Question #44
SQL injection attack consists of insertion or "injection" of either a partial or complete SQL query via the data input or transmitted from the client (browser) to the web application.A successful SQL injection attack can:i) Read sensitive data from the database iii)Modify database data (insert/update/delete)iii) Execute administration operations on the database (such as shutdown the DBMS) iv) Recover the content of a given file existing on the DBMS file system or write files into the file system v) Issue co
A. utomated Testing
B. unction Testing
C. ynamic Testing
D. tatic Testing
View answer
Correct Answer: D
Question #45
George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP programs without obtaining approval from the IT department. Few managers are usingSFTP program on their computers. Before talking to his boss, George wants to have some proof of their activity.George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network. What filter should George use in Ethereal?
A. src port 22 and dst port 22
B. src port 23 and dst port 23
C. net port 22
D. udp port 22 and host 172
View answer
Correct Answer: A
Question #46
A penetration test consists of three phases: pre-attack phase, attack phase, and post-attack phase.Active reconnaissance which includes activities such as network mapping, web profiling, and perimeter mapping is a part which phase(s)?
A. ost-attack phase
B. re-attack phase and attack phase
C. ttack phase
D. re-attack phase
View answer
Correct Answer: D
Question #47
What is the target host IP in the following command?
A. irewalk does not scan target hosts
B. 72
C. his command is using FIN packets, which cannot scan target hosts D
View answer
Correct Answer: A
Question #48
Due to illegal inputs, various types of TCP stacks respond in a different manner. SomeIDSs do not take into account the TCP protocol's urgency feature, which could allow testers to evade the IDS.Penetration tester needs to try different combinations of TCP flags (e.g. none, SYN/FIN, SYN/RST, SYN/FIN/ACK, SYN/RST/ACK, and All Flags) to test the IDS.Which of the following TCP flag combinations combines the problem of initiation, midstream, and termination flags with the PSH and URG?
A. YN/RST/ACK
B. YN/FIN/ACK
C. YN/FIN
D. ll Flags
View answer
Correct Answer: D
Question #49
John, a penetration tester, was asked for a document that defines the project, specifies goals, objectives, deadlines, the resources required, and the approach of the project.Which of the following includes all of these requirements?
A. Penetration testing project plan
B. Penetration testing software project management plan
C. Penetration testing project scope report
D. Penetration testing schedule plan
View answer
Correct Answer: A
Question #50
Which one of the following log analysis tools is used for analyzing the server's log files?
A. erformance Analysis of Logs tool
B. etwork Sniffer Interface Test tool
C. a Log Analyzer tool
D. vent Log Tracker tool
View answer
Correct Answer: C
Question #51
Dale is a network admin working in Zero Faults Inc. Recently the company?€?s network was compromised and is experiencing very unusual traffic. Dale checks for the problem that compromised the network. He performed a penetration test on the network?€?s IDS and identified that an attacker sent spoofed packets to a broadcast address in the network.Which of the following attacks compromised the network?
A. ARP Spoofing
B. Amplification attack
C. MAC Spoofing
D. Session hijacking
View answer
Correct Answer: B
Question #52
Vulnerability assessment is an examination of the ability of a system or application, including the current security procedures and controls, to withstand assault.What does a vulnerability assessment identify?
A. isgruntled employees
B. eaknesses that could be exploited
C. hysical security breaches
D. rganizational structure
View answer
Correct Answer: B
Question #53
In a virtual test environment, Michael is testing the strength and security of BGP using multiple routers to mimic the backbone of the Internet. This project will help him write his doctoral thesis on "bringing down the Internet". Without sniffing the traffic between the routers, Michael sends millions of RESET packets to the routers in an attempt to shut one or all of them down. After a few hours, one of the routers finally shuts itself down.What will the other routers communicate between themselves?
A. ore RESET packets to the affected router to get it to power back up
B. ESTART packets to the affected router to get it to power back up
C. he change in the routing fabric to bypass the affected router
D. TOP packets to all other routers warning of where the attack originated
View answer
Correct Answer: C
Question #54
Amazon, an IT based company, conducts a survey on the usage of the Internet. They found that company employees spend most of the time at work surfing the web for their personal use and for inappropriate web site viewing.Management decide to block all such web sites using URL filtering software.How can employees continue to see the blocked websites?
A. sing session hijacking
B. sing proxy servers
C. sing authentication
D. sing encryption
View answer
Correct Answer: B
Question #55
What is the difference between penetration testing and vulnerability testing?
A. enetration testing goes one step further than vulnerability testing; while vulnerability tests check for known vulnerabilities, penetration testing adopts the concept of `in-depth ethical hacking'
B. enetration testing is based on purely online vulnerability analysis while vulnerability testing engages ethical hackers to find vulnerabilities
C. ulnerability testing is more expensive than penetration testing
D. enetration testing is conducted purely for meeting compliance standards while vulnerability testing is focused on online scans
View answer
Correct Answer: A
Question #56
You work as a penetration tester for Hammond Security Consultants. You are currently working on a contract for the state government of California. Your next step is to initiate a DoS attack on their network. Why would you want to initiate a DoS attack on a system you are testing?
A. se attack as a launching point to penetrate deeper into the network
B. emonstrate that no system can be protected against DoS attacks
C. ist weak points on their network
D. how outdated equipment so it can be replaced
View answer
Correct Answer: C
Question #57
Jessica works as systems administrator for a large electronics firm. She wants to scan her network quickly to detect live hosts by using ICMP ECHO Requests. What type of scan isJessica going to perform?
A. Ping trace
B. Tracert
C. Smurf scan
D. ICMP ping sweep
View answer
Correct Answer: D
Question #58
The objective of social engineering pen testing is to test the strength of human factors in a security chain within the organization. It is often used to raise the level of security awareness among employees.The tester should demonstrate extreme care and professionalism during a social engineering pen test as it might involve legal issues such as violation of privacy and may result in an embarrassing situation for the organization. Which of the following methods of attempting social engineering is associate
A. ccomplice social engineering technique
B. dentity theft
C. umpster diving
D. hishing social engineering technique
View answer
Correct Answer: A
Question #59
In Linux, what is the smallest possible shellcode?
A. 00 bytes
B. bytes
C. 0 bytes
D. 4 bytes
View answer
Correct Answer: D
Question #60
How many possible sequence number combinations are there in TCP/IP protocol?
A. 320 billion
B. 32 million
C. 4 billion
D. 1 billion
View answer
Correct Answer: C
Question #61
You are running through a series of tests on your network to check for any security vulnerabilities. After normal working hours, you initiate a DoS attack against your external firewall. The firewall quickly freezes up and becomes unusable. You then initiate an FTP connection from an external IP into your internal network. The connection is successful even though you have FTP blocked at the external firewall. What has happened?
A. The firewall failed-open
B. The firewall failed-bypass
C. The firewall failed-closed
D. The firewall ACL has been purged
View answer
Correct Answer: A
Question #62
Identify the type of firewall represented in the diagram below:
A. tateful multilayer inspection firewall
B. pplication level gateway
C. acket filter
D. ircuit level gateway
View answer
Correct Answer: A
Question #63
Which of the following has an offset field that specifies the length of the header and data?
A. IP Header
B. UDP Header
C. ICMP Header
D. TCP Header
View answer
Correct Answer: D
Question #64
As a security analyst you setup a false survey website that will require users to create a username and a strong password. You send the link to all the employees of the company.What information will you be able to gather?
A. The employees network usernames and passwords
B. The MAC address of the employees?computers
C. The IP address of the employees computers
D. Bank account numbers and the corresponding routing numbers
View answer
Correct Answer: A
Question #65
Security auditors determine the use of WAPs on their networks with Nessus vulnerability scanner which identifies the commonly used WAPs.One of the plug-ins that the Nessus Vulnerability Scanner uses is ID #11026 and is named "Access Point Detection". This plug-in uses four techniques to identify the presence of a WAP. Which one of the following techniques is mostly used for uploading new firmware images while upgrading the WAP device?
A. MAP TCP/IP fingerprinting
B. TTP fingerprinting
C. TP fingerprinting
D. NMP fingerprinting
View answer
Correct Answer: C
Question #66
John is using Firewalk to test the security of his Cisco PIX firewall. He is also utilizing a sniffer located on a subnet that resides deep inside his network. After analyzing the sniffer log files, he does not see any of the traffic produced by Firewalk. Why is that?
A. Firewalk sets all packets with a TTL of zero
B. Firewalk cannot pass through Cisco firewalls
C. Firewalk sets all packets with a TTL of one
D. Firewalk cannot be detected by network sniffers
View answer
Correct Answer: C
Question #67
Which of the following is NOT generally included in a quote for penetration testing services?
A. ype of testing carried out
B. ype of testers involved
C. udget required
D. xpected timescale required to finish the project
View answer
Correct Answer: B
Question #68
You work as an IT security auditor hired by a law firm in Boston. You have been assigned the responsibility to audit the client for security risks. When assessing the risk to the clients network, what step should you take first?
A. nalyzing, categorizing and prioritizing resources
B. valuating the existing perimeter and internal security
C. hecking for a written security policy
D. nalyzing the use of existing management and control architecture
View answer
Correct Answer: C
Question #69
Output modules allow Snort to be much more flexible in the formatting and presentation of output to its users. Snort has 9 output plug-ins that push out data in different formats. Which one of the following output plug-ins allows alert data to be written in a format easily importable to a database?
A. nified
B. sv
C. lert_unixsock
D. lert_fast
View answer
Correct Answer: B
Question #70
Application security assessment is one of the activity that a pen tester performs in the attack phase. It is designed to identify and assess threats to the organization through bespoke, proprietary applications or systems. It checks the application so that a malicious user cannot access, modify, or destroy data or services within the system.Identify the type of application security assessment which analyzes the application-based code to confirm that it does not contain any sensitive information that an atta
A. eb Penetration Testing
B. unctionality Testing
C. uthorization Testing
D. ource Code Review
View answer
Correct Answer: D
Question #71
Julia is a senior security analyst for Berber Consulting group. She is currently working on a contract for a small accounting firm in Florida. They have given her permission to perform social engineering attacks on the company to see if their in-house training did any good.Julia calls the main number for the accounting firm and talks to the receptionist. Julia says that she is an IT technician from the company's main office in Iowa. She states that she needs the receptionist's network username and password
A. Reciprocation
B. Friendship/Liking
C. Social Validation
D. Scarcity
View answer
Correct Answer: A
Question #72
Which of the following attributes has a LM and NTLMv1 value as 64bit + 64bit + 64bit and NTLMv2 value as 128 bits?
A. ash Key Length
B. /R Value Length
C. /R Key Length
D. ash Value Length
View answer
Correct Answer: B
Question #73
SQL injection attack consists of insertion or "injection" of either a partial or complete SQL query via the data input or transmitted from the client (browser) to the web application.A successful SQL injection attack can:i)Read sensitive data from the databaseiii)Modify database data (insert/update/delete)iii)Execute administration operations on the database (such as shutdown the DBMS) iV)Recover the content of a given file existing on the DBMS file system or write files into the file system v)Issue command
A. Automated Testing
B. Function Testing
C. Dynamic Testing
D. Static Testing
View answer
Correct Answer: D
Question #74
In the context of penetration testing, what does blue teaming mean?
A. penetration test performed with the knowledge and consent of the organization's IT staff
B. t is the most expensive and most widely used
C. t may be conducted with or without warning
D. penetration test performed without the knowledge of the organization's IT staff but with permission from upper management
View answer
Correct Answer: A

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: