DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Latest EC-Council ECSA Exam Questions for Comprehensive Preparation

Prepare to conquer the EC-Council Certified Security Analyst (ECSA) exam with SPOTO's comprehensive ECSA practice questions. These meticulously crafted exam questions and answers cover all essential topics, providing you with realistic practice questions and mock exams that simulate the actual test environment. Leverage these invaluable exam preparation study materials and exam resources to identify knowledge gaps and reinforce your understanding. SPOTO's ECSA practice questions are designed to equip you with the confidence and skills necessary to pass successfully. With a wide range of expertly curated exam questions, you'll be fully prepared to tackle the analytical challenges of ethical hacking and excel in the ECSA certification.
Take other online exams

Question #1
Identify the type of authentication mechanism represented below:
A. TLMv1
B. TLMv2
C. AN Manager Hash
D. erberos
View answer
Correct Answer: D

View The Updated ECSA Exam Questions

SPOTO Provides 100% Real ECSA Exam Questions for You to Pass Your ECSA Exam!

Question #2
Identify the type of testing that is carried out without giving any information to the employees or administrative head of the organization.
A. Unannounced Testing
B. Double Blind Testing
C. Announced Testing
D. Blind Testing
View answer
Correct Answer: B
Question #3
Which of the following is developed to address security concerns on time and reduce the misuse or threat of attacks in an organization?
A. Vulnerabilities checklists
B. Configuration checklists
C. Action Plan
D. Testing Plan
View answer
Correct Answer: A
Question #4
Packet filtering firewalls are usually a part of a router. In a packet filtering firewall, each packet is compared to a set of criteria before it is forwarded.Depending on the packet and the criteria, the firewall can:i)Drop the packetii)Forward it or send a message to the originator
A. Application layer
B. Physical layer
C. Transport layer
D. Network layer
View answer
Correct Answer: D
Question #5
Which type of security policy applies to the below configuration? i) Provides maximum security while allowing known, but necessary, dangers ii) All services are blocked; nothing is allowediii) Safe and necessary services are enabled individuallyiv) Non-essential services and procedures that cannot be made safe are NOT allowedv)Everything is logged
A. aranoid Policy
B. rudent Policy
C. ermissive Policy
D. romiscuous Policy
View answer
Correct Answer: B
Question #6
A Demilitarized Zone (DMZ) is a computer host or small network inserted as a “neutral zone” between a company’s private network and the outside public network. Usage of a protocol within a DMZ environment is highly variable based on the specific needs of an organization. Privilege escalation, system is compromised when the code runs under root credentials, and DoS attacks are the basic weakness of which one of the following Protocol?
A. ightweight Directory Access Protocol (LDAP)
B. imple Network Management Protocol (SNMP)
C. elnet
D. ecure Shell (SSH)
View answer
Correct Answer: D
Question #7
Which one of the following 802.11 types has WLAN as a network support?
A. 02
B. 02
C. 02
D. 02
View answer
Correct Answer: C
Question #8
Identify the correct formula for Return on Investment (ROI).
A. OI = ((Expected Returns \xad Cost of Investment) / Cost of Investment) * 100
B. OI = (Expected Returns + Cost of Investment) / Cost of Investment
C. OI = (Expected Returns Cost of Investment) / Cost of Investment
D. OI = ((Expected Returns + Cost of Investment) / Cost of Investment) * 100
View answer
Correct Answer: C
Question #9
One of the steps in information gathering is to run searches on a company using complex keywords in Google.Which search keywords would you use in the Google search engine to find all the PowerPoint presentations containing information about a target company, ROCHESTON?
A. OCHESTON fileformat:+ppt
B. OCHESTON ppt:filestring
C. OCHESTON filetype:ppt
D. OCHESTON +ppt:filesearch
View answer
Correct Answer: C
Question #10
Transmission Control Protocol (TCP) is a connection-oriented four layer protocol. It is responsible for breaking messages into segments, re-assembling them at the destination station, and re-sending. Which one of the following protocols does not use the TCP?
A. everse Address Resolution Protocol (RARP)
B. TTP (Hypertext Transfer Protocol)
C. MTP (Simple Mail Transfer Protocol)
D. elnet
View answer
Correct Answer: A
Question #11
During the process of fingerprinting a web application environment, what do you need to do in order to analyze HTTP and HTTPS request headers and the HTML source code?
A. xamine Source of the Available Pages
B. erform Web Spidering
C. erform Banner Grabbing
D. heck the HTTP and HTML Processing by the Browser
View answer
Correct Answer: D
Question #12
Which among the following information is not furnished by the Rules of Engagement (ROE) document?
A. echniques for data collection from systems upon termination of the test
B. echniques for data exclusion from systems upon termination of the test
C. etails on how data should be transmitted during and after the test
D. etails on how organizational data is treated throughout and after the test
View answer
Correct Answer: A
Question #13
In Linux, /etc/shadow file stores the real password in encrypted format for user's account with added properties associated with the user's password.In the example of a /etc/shadow file below, what does the bold letter string indicate? Vivek: $1$fnffc$GteyHdicpGOfffXX40w#5:13064:0:99999:7
A. umber of days the user is warned before the expiration date
B. inimum number of days required between password changes
C. aximum number of days the password is valid
D. ast password changed
View answer
Correct Answer: B
Question #14
You just passed your ECSA exam and are about to start your first consulting job running security audits for a financial institution in Los Angeles. The IT manager of the company you will be working for tries to see if you remember your ECSA class. He asks about the methodology you will be using to test the company's network.How would you answer?
A. BM Methodology
B. PT Methodology
C. oogle Methodology
D. icrosoft Methodology
View answer
Correct Answer: B
Question #15
This is a group of people hired to give details of the vulnerabilities present in the system found after a penetration test. They are elite and extremely competent penetration testers and intrusion analysts. This team prepares a report on the vulnerabilities in the system, attack methods, and how to defend against them.What is this team called?
A. lue team
B. iger team
C. orilla team
D. ion team
View answer
Correct Answer: B
Question #16
Many security and compliance projects begin with a simple idea: assess the organization's risk, vulnerabilities, and breaches. Implementing an IT security risk assessment is critical to the overall security posture of any organization. An effective security risk assessment can prevent breaches and reduce the impact of realized breaches.What is the formula to calculate risk?
A. isk = Budget x Time
B. isk = Goodwill x Reputation
C. isk = Loss x Exposure factor
D. isk = Threats x Attacks
View answer
Correct Answer: C
Question #17
Which one of the following acts makes reputational risk of poor security a reality because it requires public disclosure of any security breach that involves personal information if it is unencrypted or if it is reasonably believed that the information has been acquired by an unauthorized person?
A. alifornia SB 1386
B. arbanes-Oxley 2002
C. ramm-Leach-Bliley Act (GLBA)
D. SA Patriot Act 2001
View answer
Correct Answer: A
Question #18
An antenna is a device that is designed to transmit and receive the electromagnetic waves that are generally called radio waves. Which one of the following types of antenna is developed from waveguide technology?
A. eaky Wave Antennas
B. perture Antennas
C. eflector Antenna
D. irectional Antenna
View answer
Correct Answer: B
Question #19
Which of the following is an application alert returned by a web application that helps an attacker guess a valid username?
A. nvalid username or password
B. ccount username was not found
C. ncorrect password
D. sername or password incorrect
View answer
Correct Answer: C
Question #20
Black-box testing is a method of software testing that examines the functionality of an application (e.g. what the software does) without peering into its internal structures or workings. Black-box testing is used to detect issues in SQL statements and to detect SQL injection vulnerabilities.
A. Send single quotes as the input data to catch instances where the user input is not sanitized
B. Send double quotes as the input data to catch instances where the user input is not sanitized
C. Send long strings of junk data, just as you would send strings to detect buffer overruns
D. Use a right square bracket (the ] character) as the input data to catch instances where the user input is used as part of a SQL identifier without any input sanitization
View answer
Correct Answer: D
Question #21
You are trying to locate Microsoft Outlook Web Access Default Portal using Google search on the Internet. What search string will you use to locate them?
A. ntitle:"exchange server"
B. utlook:"search"
C. ocate:"logon page"
D. llinurl:"exchange/logon
View answer
Correct Answer: D
Question #22
A chipset is a group of integrated circuits that are designed to work together and are usually marketed as a single product." It is generally the motherboard chips or the chips used on the expansion card. Which one of the following is well supported in most wireless applications?
A. rinoco chipsets
B. rism II chipsets
C. theros Chipset
D. isco chipset
View answer
Correct Answer: B
Question #23
You are running through a series of tests on your network to check for any security vulnerabilities. After normal working hours, you initiate a DoS attack against your external firewall. The firewall quickly freezes up and becomes unusable. You then initiate an FTP connection from an external IP into your internal network. The connection is successful even though you have FTP blocked at the external firewall. What has happened?
A. The firewall failed-open
B. The firewall failed-bypass
C. The firewall failed-closed
D. The firewall ACL has been purged
View answer
Correct Answer: A
Question #24
Which one of the following log analysis tools is used for analyzing the server’s log files?
A. erformance Analysis of Logs tool
B. etwork Sniffer Interface Test tool
C. a Log Analyzer tool
D. vent Log Tracker tool
View answer
Correct Answer: C
Question #25
James, a research scholar, received an email informing that someone is trying to access his Google account from an unknown device. When he opened his email message, it looked like a standard Google notification instructing him to click the link below to take further steps. This link was redirected to a malicious webpage where he was tricked to provide Google account credentials. James observed that the URL began with www.translate.google.com giving a legitimate appearance.In the above scenario, identify the
A. SMiShing
B. Dumpster diving
C. Phishing
D. Vishing
View answer
Correct Answer: C
Question #26
A wireless intrusion detection system (WIDS) monitors the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools. The system monitors the radio spectrum used by wireless LANs, and immediately alerts a systems administrator whenever a rogue access point is detected.Conventionally it is achieved by comparing the MAC address of the participating wireless devices.Which of the following attacks can be detected with the help of wireless intrusion detection system
A. ocial engineering
B. QL injection
C. arameter tampering
D. an-in-the-middle attack
View answer
Correct Answer: D
Question #27
George, an ex-employee of Netabb Ltd. with bruised feelings due to his layoff, tries to take revenge against the company. He randomly tried several attacks against the organization. As some of the employees used weak passwords to their user accounts, George was successful in cracking the user accounts of several employees with the help of a common passwords file.What type of password cracking attack did George perform?
A. Hybrid attack
B. Dictionary attack
C. Brute forcing attack
D. Birthday attack
View answer
Correct Answer: B
Question #28
From where can clues about the underlying application environment can be collected?
A. From the extension of the file
B. From executable file
C. From file types and directories
D. From source code
View answer
Correct Answer: A
Question #29
If a web application sends HTTP cookies as its method for transmitting session tokens, it may be vulnerable which of the following attacks?
A. arameter tampering Attack
B. ql injection attack
C. ession Hijacking
D. ross-site request attack
View answer
Correct Answer: D
Question #30
Port numbers are used to keep track of different conversations crossing the network at the same time. Both TCP and UDP use port (socket) numbers to pass information to the upper layers. Port numbers have the assigned ranges.Port numbers above 1024 are considered which one of the following?
A. ynamically assigned port numbers
B. tatically assigned port numbers
C. ell-known port numbers
D. nregistered port numbers
View answer
Correct Answer: A
Question #31
What sort of vulnerability assessment approach starts by building an inventory of protocols found on the machine?
A. nference-based Assessment
B. ervice-based Assessment Solutions
C. roduct-based Assessment Solutions
D. ree-based Assessment
View answer
Correct Answer: A
Question #32
Which of the following attributes has a LM and NTLMv1 value as 64bit + 64bit + 64bit and NTLMv2 value as 128 bits?
A. ash Key Length
B. /R Value Length
C. /R Key Length
D. ash Value Length
View answer
Correct Answer: B
Question #33
In the process of hacking a web application, attackers manipulate the HTTP requests to subvert the application authorization schemes by modifying input fields that relate to the user ID, username, access group, cost, file names, file identifiers,etc. They first access the web application using a low privileged account and then escalate privileges to access protected resources. What attack has been carried out?
A. XPath Injection Attack
B. Authorization Attack
C. Authentication Attack
D. Frame Injection Attack
View answer
Correct Answer: B
Question #34
John is using Firewalk to test the security of his Cisco PIX firewall. He is also utilizing a sniffer located on a subnet that resides deep inside his network. After analyzing the sniffer log files, he does not see any of the traffic produced by Firewalk. Why is that?
A. Firewalk sets all packets with a TTL of zero
B. Firewalk cannot pass through Cisco firewalls
C. Firewalk sets all packets with a TTL of one
D. Firewalk cannot be detected by network sniffers
View answer
Correct Answer: C
Question #35
Jessica works as systems administrator for a large electronics firm. She wants to scan her network quickly to detect live hosts by using ICMP ECHO Requests. What type of scan isJessica going to perform?
A. Ping trace
B. Tracert
C. Smurf scan
D. ICMP ping sweep
View answer
Correct Answer: D
Question #36
George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP programs without obtaining approval from the IT department. Few managers are usingSFTP program on their computers. Before talking to his boss, George wants to have some proof of their activity.George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network. What filter should George use in Ethereal?
A. src port 22 and dst port 22
B. src port 23 and dst port 23
C. net port 22
D. udp port 22 and host 172
View answer
Correct Answer: A
Question #37
How many possible sequence number combinations are there in TCP/IP protocol?
A. 20 billion
B. 2 million
C. billion
D. billion
View answer
Correct Answer: C
Question #38
Which of the following documents helps in creating a confidential relationship between the pen tester and client to protect critical and confidential information or trade secrets?
A. enetration Testing Agreement
B. ules of Behavior Agreement
C. iability Insurance
D. on-Disclosure Agreement
View answer
Correct Answer: D
Question #39
How many possible sequence number combinations are there in TCP/IP protocol?
A. 320 billion
B. 32 million
C. 4 billion
D. 1 billion
View answer
Correct Answer: C
Question #40
Arrange the WEP cracking process in the correct order:I. aireplay-ng -1 0 -e SECRET_SSID -a 1e:64:51:3b:ff:3e -h a7:71:fe:8e:d8:25 eth1II. aircrack-ng -s capture.ivs -III. airmon-ng start eth1 -IV. airodump-ng --ivs --write capture eth1V. aireplay-ng -3 -b 1e:64:51:3b:ff:3e -h a7:71:fe:8e:d8:25 eth1
A. IV-->I-->V-->III-->II
B. III-->IV-->V-->II-->I
C. III-->IV-->I-->V-->II
D. IV-->I-->V-->III-->II
View answer
Correct Answer: C
Question #41
To locate the firewall, SYN packet is crafted using Hping or any other packet crafter and sent to the firewall. If ICMP unreachable type 13 message (which is an admin prohibited packet) with a source IP address of the access control device is received, then it means which of the following type of firewall is in place?
A. ircuit level gateway
B. tateful multilayer inspection firewall
C. acket filter
D. pplication level gateway
View answer
Correct Answer: C
Question #42
Terri works for a security consulting firm that is currently performing a penetration test on First National Bank in Tokyo. Terri's duties include bypassing firewalls and switches to gain access to the network. Terri sends an IP packet to one of the company's switches with ACK bit and the source address of her machine set.What is Terri trying to accomplish by sending this IP packet?
A. oison the switch's MAC address table by flooding it with ACK bits
B. nable tunneling feature on the switch
C. rick the switch into thinking it already has a session with Terri's computer
D. rash the switch with a DoS attack since switches cannot send ACK bits
View answer
Correct Answer: C
Question #43
What are the scanning techniques that are used to bypass firewall rules and logging mechanisms and disguise themselves as usual network traffic?
A. onnect Scanning Techniques
B. YN Scanning Techniques
C. tealth Scanning Techniques
D. ort Scanning Techniques
View answer
Correct Answer: C
Question #44
You are enumerating a target system. Which of the following PortQry commands will give a result similar to the screenshot below:
A. portqry -n myserver -p udp -e 389
B. portqry -n myserver -p udp -e 123
C. portqry -n myserver -p TCP -e 389
D. portqry -n myserver -p TCP -e 123
View answer
Correct Answer: C
Question #45
A Blind SQL injection is a type of SQL Injection attack that asks the database true or false questions and determines the answer based on the application response. This attack is often used when the web application is configured to show generic error messages, but has not mitigated the code that is vulnerable to SQL injection.It is performed when an error message is not received from application while trying to exploit SQL vulnerabilities. The developer's specific message is displayed instead of an error me
A. XYZ
B. QRS
C. FGH
D. BCD
View answer
Correct Answer: D
Question #46
Software firewalls work at which layer of the OSI model?
A. Transport
B. Application
C. Network
D. Data Link
View answer
Correct Answer: D
Question #47
Traffic on which port is unusual for both the TCP and UDP ports?
A. ort 81
B. ort 443
C. ort 0
D. ort21
View answer
Correct Answer: C
Question #48
Identify the attack represented in the diagram below:
A. nput Validation
B. ession Hijacking
C. QL Injection
D. enial-of-Service
View answer
Correct Answer: B
Question #49
Sam is a penetration tester and network admin at McLaren & McLaren, based out of Washington. The company has recently deployed IPv6 in their network. Sam found problems with the protocol implementation and tried to redeploy IPv6 over IPv4. This time, he used the tunneling mechanism while deploying the IPv6 network.How does the tunneling mechanism work?
A. It encapsulates IPv6 packets in IPv4 packets
B. It transfers IPv4 first and the IPv6
C. It splits the IPv4 packets and provides a way to IPv6
D. It replaces IPv4 with IPv6
View answer
Correct Answer: A
Question #50
One of the steps in information gathering is to run searches on a company using complex keywords in Google.Which search keywords would you use in the Google search engine to find all the PowerPoint presentations containing information about a target company, ROCHESTON?
A. OCHESTON fileformat:+ppt
B. OCHESTON ppt:filestring
C. OCHESTON filetype:ppt
D. OCHESTON +ppt:filesearch
View answer
Correct Answer: C
Question #51
Which one of the following scans starts, but does not complete the TCP handshake sequence for each port selected, and it works well for direct scanning and often works well through firewalls?
A. YN Scan
B. onnect() scan
C. MAS Scan
D. ull Scan
View answer
Correct Answer: A
Question #52
Kimberly is studying to be an IT security analyst at a vocational school in her town. The school offers many different programming as well as networking languages. What networking protocol language should she learn that routers utilize?
A. SPF
B. PG
C. TM
D. DP
View answer
Correct Answer: A
Question #53
Which of the following policy forbids everything with strict restrictions on all usage of the company systems and network?
A. nformation-Protection Policy
B. aranoid Policy
C. romiscuous Policy
D. rudent Policy
View answer
Correct Answer: B
Question #54
To locate the firewall, SYN packet is crafted using Hping or any other packet crafter and sent to the firewall. If ICMP unreachable type 13 message (which is an admin prohibited packet) with a source IP address of the access control device is received, then it means which of the following type of firewall is in place?
A. ircuit level gateway
B. tateful multilayer inspection firewall
C. acket filter
D. pplication level gateway
View answer
Correct Answer: C
Question #55
John, a penetration tester from a pen test firm, was asked to collect information about the host file in a Windows system directory. Which of the following is the location of the host file in Window system directory?
A. :\\Windows\\System32\\Boot
B. :\\WINNT\\system32\\drivers\\etc
C. :\\WINDOWS\\system32\\cmd
D. :\\Windows\\System32\\restore
View answer
Correct Answer: B
Question #56
An external intrusion test and analysis identify security weaknesses and strengths of the client's systems and networks as they appear from outside the client's security perimeter, usually from the Internet. The goal of an external intrusion test and analysis is to demonstrate the existence of known vulnerabilities that could be exploited by an external attacker.During external penetration testing, which of the following scanning techniques allow you to determine a port's state without making a full connect
A. MAS Scan
B. YN scan
C. IN Scan
D. ULL Scan
View answer
Correct Answer: B
Question #57
A penetration test consists of three phases: pre-attack phase, attack phase, and post-attack phase.Active reconnaissance which includes activities such as network mapping, web profiling, and perimeter mapping is a part which phase(s)?
A. ost-attack phase
B. re-attack phase and attack phase
C. ttack phase
D. re-attack phase
View answer
Correct Answer: D
Question #58
When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?
A. assive IDS
B. ctive IDS
C. rogressive IDS
D. IPS
View answer
Correct Answer: B
Question #59
The amount of data stored in organizational databases has increased rapidly in recent years due to the rapid advancement of information technologies. A high percentage of these data is sensitive, private and critical to the organizations, their clients and partners.Therefore, databases are usually installed behind internal firewalls, protected with intrusion detection mechanisms and accessed only by applications. To access a database, users have to connect to one of these applications and submit queries thr
A. rame Injection Attack
B. DAP Injection Attack
C. Path Injection Attack
D. OAP Injection Attack
View answer
Correct Answer: B
Question #60
TCP/IP model is a framework for the Internet Protocol suite of computer network protocols that defines the communication in an IP-based network. It provides end-to-end connectivity specifying how data should be formatted, addressed, transmitted, routed and received at the destination. This functionality has been organized into four abstraction layers which are used to sort all related protocols according to the scope of networking involved. Which of the following TCP/IP layers selects the best path through
A. ransport layer
B. etwork Access layer
C. nternet layer
D. pplication layer
View answer
Correct Answer: C
Question #61
Which of the following pen testing reports provides detailed information about all the tasks performed during penetration testing?
A. lient-Side Test Report
B. ctivity Report
C. ost Report
D. ulnerability Report
View answer
Correct Answer: A
Question #62
Larry is an IT consultant who works for corporations and government agencies. Larry plans on shutting down the city's network using BGP devices and Zombies? What type of Penetration Testing is Larry planning to carry out?
A. nternal Penetration Testing
B. irewall Penetration Testing
C. oS Penetration Testing
D. outer Penetration Testing
View answer
Correct Answer: C
Question #63
Assessing a network from a hacker's point of view to discover the exploits and vulnerabilities that are accessible to the outside world is which sort of vulnerability assessment?
A. etwork Assessments
B. pplication Assessments
C. ireless Network Assessments
D. xternal Assessment
View answer
Correct Answer: D
Question #64
Nessus can test a server or a network for DoS vulnerabilities. Which one of the following script tries to kill a service?
A. CT_DENIAL
B. CT_FLOOD
C. CT_KILL_HOST
D. CT_ATTACK
View answer
Correct Answer: A
Question #65
Which of the following protocols cannot be used to filter VoIP traffic?
A. edia Gateway Control Protocol (MGCP)
B. eal-time Transport Control Protocol (RTCP)
C. ession Description Protocol (SDP)
D. eal-Time Publish Subscribe (RTPS)
View answer
Correct Answer: D
Question #66
Transmission Control Protocol (TCP) is a connection-oriented four layer protocol. It is responsible for breaking messages into segments, re-assembling them at the destination station, and re-sending. Which one of the following protocols does not use the TCP?
A. everse Address Resolution Protocol (RARP)
B. TTP (Hypertext Transfer Protocol)
C. MTP (Simple Mail Transfer Protocol)
D. elnet
View answer
Correct Answer: A
Question #67
The IP protocol was designed for use on a wide variety of transmission links. Although the maximum length of an IP datagram is 64K, most transmission links enforce a smaller maximum packet length limit, called a MTU. The value of the MTU depends on the type of the transmission link. The design of IP accommodates MTU differences by allowing routers to fragment IP datagrams as necessary. The receiving station is responsible for reassembling the fragments back into the original full size IP datagram.IP fragmen
A. ultiple of four bytes
B. ultiple of two bytes
C. ultiple of eight bytes
D. ultiple of six bytes
View answer
Correct Answer: C
Question #68
Which of the following will not handle routing protocols properly?
A. Internet-router-firewall-net architecture"
B. Internet-firewall-router-net architecture"
C. Internet-firewall -net architecture"
D. Internet-firewall/router(edge device)-net architecture"
View answer
Correct Answer: B
Question #69
Wireless communication allows networks to extend to places that might otherwise go untouched by the wired networks. When most people say `Wireless' these days, they are referring to one of the 802.11 standards. There are three main 802.11 standards: B, A, and G.Which one of the following 802.11 types uses DSSS Modulation, splitting the 2.4ghz band into channels?
A. 02
B. 02
C. 02
D. 02
View answer
Correct Answer: A
Question #70
Which Wireshark filter displays all the packets where the IP address of the source host is 10.0.0.7?
A. p
B. p
C. p
D. p
View answer
Correct Answer: C
Question #71
Port numbers are used to keep track of different conversations crossing the network at the same time. Both TCP and UDP use port (socket) numbers to pass information to the upper layers. Port numbers have the assigned ranges. The port numbers above 1024 are considered as which one of the following? (Select all that apply)
A. ell-known port numbers
B. ynamically assigned port numbers
C. nregistered port numbers
D. tatically assigned port numbers
View answer
Correct Answer: B
Question #72
John and Hillary works at the same department in the company. John wants to find out Hillary's network password so he can take a look at her documents on the file server. He enables Lophtcrack program to sniffing mode. John sends Hillary an email with a link to Error! Reference source not found.What information will he be able to gather from this?
A. he SID of Hillary's network account
B. he network shares that Hillary has permissions
C. he SAM file from Hillary's computer
D. illary's network username and password hash
View answer
Correct Answer: D
Question #73
NTP protocol is used to synchronize the system clocks of computers with a remote time server or time source over a network. Which one of the following ports is used by NTP as its transport layer?
A. CP port 152
B. DP port 177
C. DP port 123
D. CP port 113
View answer
Correct Answer: C

View The Updated EC-Council Exam Questions

SPOTO Provides 100% Real EC-Council Exam Questions for You to Pass Your EC-Council Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: