EC-Council Certified Security Analyst (ECSA) v10.3 (412-79v8)

Page:    1 / 14   
Total 196 questions

Which one of the following acts related to the information security in the US fix the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting?

  • A. California SB 1386
  • B. Sarbanes-Oxley 2002
  • C. Gramm-Leach-Bliley Act (GLBA)
  • D. USA Patriot Act 2001

Answer : B

TCP/IP model isa framework for the Internet Protocol suite of computer network protocols that defines the communication in an IP-based network. It provides end-to-end connectivity specifying how data should be formatted, addressed, transmitted, routed and received at the destination. This functionality has been organized into four abstraction layers which are used to sort all related protocols according to the scope of networking involved.

Which of the following TCP/IP layers selects the best path through the network for packets to travel?

  • A. Transport layer
  • B. Network Access layer
  • C. Internet layer
  • D. Application layer

Answer : C

A firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. It examines all traffic routed between the two networks to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped.

Why is an appliance-based firewall is more secure than those implemented on top of the commercial operating system (Software based)?

  • A. Appliance based firewalls cannot be upgraded
  • B. Firewalls implemented on a hardware firewall are highly scalable
  • C. Hardware appliances does not suffer from security vulnerabilities associated with the underlying operating system
  • D. Operating system firewalls are highly configured

Answer : C

In the process of hacking a web application, attackers manipulate the HTTP requests to subvert the application authorization schemes by modifying input fields that relate to the user ID, username, access group, cost, file names, file identifiers,etc. They first access the web application using a low privileged account and then escalate privileges to access protected resources. What attack has been carried out?

  • A. XPath Injection Attack
  • B. Authorization Attack
  • C. Authentication Attack
  • D. Frame Injection Attack

Answer : B

Reference: authorization attack)

DMZ is a network designed to give the public access to the specific internal resources and you might want to do the same thing for guests visiting organizations without compromising the integrity of the internal resources. In general, attacks on the wireless networks fall into four basic categories. Identify the attacks that fall under Passive attacks category.(Select all that apply)

  • A. Wardriving
  • B. Spoofing
  • C. Sniffing
  • D. Network Hijacking

Answer : A

Identify the policy that defines the standards for the organizational network connectivity and security standards for computers that are connected in the organizational network.

  • A. Information-Protection Policy
  • B. Special-AccessPolicy
  • C. Remote-Access Policy
  • D. Acceptable-Use Policy

Answer : C

Packet filtering firewalls are usually a part of a router. In a packet filtering firewall, each packet is compared to a set of criteria before it is forwarded.
Depending on the packet and the criteria, the firewall can:
i)Drop the packet
ii)Forward it or send a message to the originator

At which level of the OSI model do the packet filtering firewalls work?

  • A. Application layer
  • B. Physical layer
  • C. Transport layer
  • D. Network layer

Answer : D

Reference: dq=At+which+level+of+the+OSI+model+do+the+packet+filtering+firewalls+work&source=bl
=onepage&q=At%20which%20level%20of%20the%20OSI%20model%20do%20the%20pa cket%20filtering%20firewalls%20work&f=false(packet filters)

Windows stores user passwords in the Security Accounts Manager database (SAM), or in the Active Directory database in domains. Passwords are never stored in clear text; passwords are hashed and the results are stored in the SAM.
NTLM and LM authentication protocols are used to securely store a user's password in the
SAM database using different hashing methods.

The SAM file in Windows Server 2008 is located in which of the following locations?

  • A. c:\windows\system32\config\SAM
  • B. c:\windows\system32\drivers\SAM
  • C. c:\windows\system32\Setup\SAM
  • D. c:\windows\system32\Boot\SAM

Answer : A

During the process of fingerprinting a web application environment, what do you need to do in order to analyze HTTP and HTTPS request headers and the HTML source code?

  • A. Examine Source of the Available Pages
  • B. Perform Web Spidering
  • C. Perform Banner Grabbing
  • D. Check the HTTP and HTML Processing by the Browser

Answer : D

John, a penetration tester, was asked for a document that defines the project, specifies goals, objectives, deadlines, the resources required, and the approach of the project.
Which of the following includes all of these requirements?

  • A. Penetration testing project plan
  • B. Penetration testing software project management plan
  • C. Penetration testing project scope report
  • D. Penetration testing schedule plan

Answer : A

Explanation: Rfere -
PA14&dq=penetration+testing+document+that+defines+the+project,+specifies+goals,+obje ctives,+deadlines,+the+resources+required,+and+the+approach+of+the+project&source=b l&ots=SQCLHNtthN&sig=kRcccmtDtCdZgB7hASShxSRbfOM&hl=en&sa=X&ei=hyMfVOKz
GYvmarvFgaAL&ved=0CB0Q6AEwAA#v=onepage&q=penetration%20testing%20docume nt%20that%20defines%20the%20project%2C%20specifies%20goals%2C%20objectives%
2C%20deadlines%2C%20the%20resources%20required%2C%20and%20the%20approac h%20of%20the%20project&f=false

Black-box testing is a method of software testing that examines the functionality of an application (e.g. what the software does) without peering into its internal structures or workings. Black-box testing is used to detect issues in SQL statements and to detect SQL injection vulnerabilities.

Most commonly, SQL injection vulnerabilities are a result of coding vulnerabilities during the Implementation/Development phaseand will likely require code changes.
Pen testers need to perform this testing during the development phase to find and fix the
SQL injection vulnerability.
What can a pen tester do to detect input sanitization issues?

  • A. Send single quotes as the input data to catch instances where the user input is not sanitized
  • B. Send double quotes as the input data to catch instances where the user input is not sanitized
  • C. Send long strings of junk data, just as you would send strings to detect buffer overruns
  • D. Use a right square bracket (the ] character) as the input data to catch instances where the user input is used as part of a SQL identifier without any input sanitization

Answer : D

Which one of the following Snort logger mode commands is associated to run a binary log file through Snort in sniffer mode to dump the packets to the screen?

  • A. ./snort -dvr packet.log icmp
  • B. ./snort -dev -l ./log
  • C. ./snort -dv -r packet.log
  • D. ./snort -l ./log –b

Answer : C

Which of the following is developed to address security concerns on time and reduce the misuse or threat of attacks in an organization?

  • A. Vulnerabilities checklists
  • B. Configuration checklists
  • C. Action Plan
  • D. Testing Plan

Answer : A

Which of the following protocols cannot be used to filter VoIP traffic?

  • A. Media Gateway Control Protocol (MGCP)
  • B. Real-time Transport Control Protocol (RTCP)
  • C. Session Description Protocol (SDP)
  • D. Real-TimePublish Subscribe (RTPS)

Answer : D

From where can clues about the underlying application environment can be collected?

  • A. From the extension of the file
  • B. From executable file
  • C. From file types and directories
  • D. From source code

Answer : A


Which of the following information gathering techniques collects information from an organizations web-based calendar and email services?
A. Anonymous Information Gathering
B. Private Information Gathering
C. Passive Information Gathering

D. Active Information Gathering -

Answer:D -

Page:    1 / 14   
Total 196 questions