EC-Council Certified Security Analyst v1.0 (ECSAv10)

Page:    1 / 10   
Total 157 questions

William, a penetration tester in a pen test firm, was asked to get the information about the SMTP server on a target network.
What does William need to do to get the SMTP server information?

  • A. Send an email message to a non-existing user of the target organization and check for bounced mail header
  • B. Examine the session variables
  • C. Examine TCP sequence numbers
  • D. Look for information available in web page source code


Answer : A

James is a security consultant at Big Frog Software Pvt Ltd. He is an expert in Footprinting and Social engineering tasks. His team lead tasked him to find details about the target through passive reconnaissance. James used websites to check the link popularity of the clientג€™s domain name.
What information does the link popularity provide?

  • A. Information about the network resources
  • B. Information about visitors, their geolocations, etc.
  • C. Information about the server and its infrastructure
  • D. Information about the partner of the organization


Answer : D

Nick is a penetration tester in Stanbiz Ltd. As a part of his duty, he was analyzing the network traffic by using various filters in the Wireshark tool. While sniffing the network traffic, he used ג€tcp.port==1433ג€ Wireshark filter for acquiring a specific database related information since port number 1433 is the default port of that specific target database.
Which of the following databases Nick is targeting in his test?

  • A. PostgreSQL
  • B. Oracle
  • C. MySQL
  • D. Microsoft SQL Server


Answer : D

You are enumerating a target system. Which of the following PortQry commands will give a result similar to the screenshot below:


  • A. portqry -n myserver -p udp -e 389
  • B. portqry -n myserver -p udp -e 123
  • C. portqry -n myserver -p TCP -e 389
  • D. portqry -n myserver -p TCP -e 123


Answer : C

Sam is a penetration tester and network admin at McLaren & McLaren, based out of Washington. The company has recently deployed IPv6 in their network. Sam found problems with the protocol implementation and tried to redeploy IPv6 over IPv4. This time, he used the tunneling mechanism while deploying the IPv6 network.
How does the tunneling mechanism work?

  • A. It encapsulates IPv6 packets in IPv4 packets
  • B. It transfers IPv4 first and the IPv6
  • C. It splits the IPv4 packets and provides a way to IPv6
  • D. It replaces IPv4 with IPv6


Answer : A

Dale is a network admin working in Zero Faults Inc. Recently the companyג€™s network was compromised and is experiencing very unusual traffic. Dale checks for the problem that compromised the network. He performed a penetration test on the networkג€™s IDS and identified that an attacker sent spoofed packets to a broadcast address in the network.
Which of the following attacks compromised the network?

  • A. ARP Spoofing
  • B. Amplification attack
  • C. MAC Spoofing
  • D. Session hijacking


Answer : B

What is the objective of the following bash script?


  • A. It gives a list of IP addresses that have an FTP port open
  • B. It tries to connect to FTP port on a target machine
  • C. It checks if a target host has the FTP port open and quits
  • D. It checks if an FTP port on a target machine is vulnerable to arracks


Answer : A

ABC Technologies, a large financial company, hired a penetration tester to do physical penetration testing. On the first day of his assignment, the penetration tester goes to the company posing as a repairman and starts checking trash bins to collect the sensitive information.
What is the penetration tester trying to do?

  • A. Trying to attempt social Engineering using phishing
  • B. Trying to attempt social engineering by shoulder surfing
  • C. Trying to attempt social engineering by eavesdropping
  • D. Trying to attempt social engineering by dumpster diving


Answer : D

An attacker with a malicious intention decided to hack confidential data from the target organization. For acquiring such information, he started testing IoT devices that are connected to the target network. He started monitoring the network traffic passing between the IoT devices and the network to verify whether credentials are being transmitted in clear text. Further, he also tried to crack the passwords using well-known keywords across all the interfaces.
Which of the following IoT threats the attacker is trying to exploit?

  • A. Poor physical security
  • B. Poor authentication
  • C. Privacy concerns
  • D. Insecure firmware


Answer : B

Allen and Greg, after investing in their startup company called Zamtac Ltd., developed a new web application for their company. Before hosting the application, they want to test the robustness and immunity of the developed web application against attacks like buffer overflow, DOS, XSS, and SQL injection.
What is the type of the web application security test Allen and Greg should perform?

  • A. Web fuzzing
  • B. Web crawling
  • C. Web spidering
  • D. Web mirroring


Answer : A

George, an ex-employee of Netabb Ltd. with bruised feelings due to his layoff, tries to take revenge against the company. He randomly tried several attacks against the organization. As some of the employees used weak passwords to their user accounts, George was successful in cracking the user accounts of several employees with the help of a common passwords file.
What type of password cracking attack did George perform?

  • A. Hybrid attack
  • B. Dictionary attack
  • C. Brute forcing attack
  • D. Birthday attack


Answer : B

James, a research scholar, received an email informing that someone is trying to access his Google account from an unknown device. When he opened his email message, it looked like a standard Google notification instructing him to click the link below to take further steps. This link was redirected to a malicious webpage where he was tricked to provide Google account credentials. James observed that the URL began with www.translate.google.com giving a legitimate appearance.
In the above scenario, identify the type of attack being performed on Jamesג€™ email account?

  • A. SMiShing
  • B. Dumpster diving
  • C. Phishing
  • D. Vishing


Answer : C

An employee is trying to access the internal website of his company. When he opened a webpage, he received an error message notifying ג€Proxy Authentication
Required.ג€ He approached the IT department in the company and reported the issue. The IT staff explained him that this is an HTTP error indicating that the server is unable to process the request due to lack of appropriate clientג€™s authentication credentials for a proxy server that is processing the requests between the clients and the server.
Identify the HTTP error code corresponding to the above error message received by the employee?

  • A. 415
  • B. 417
  • C. 407
  • D. 404


Answer : C

Arrange the WEP cracking process in the correct order:
I. aireplay-ng -1 0 -e SECRET_SSID -a 1e:64:51:3b:ff:3e -h a7:71:fe:8e:d8:25 eth1

II. aircrack-ng -s capture.ivs -

III. airmon-ng start eth1 -
IV. airodump-ng --ivs --write capture eth1
V. aireplay-ng -3 -b 1e:64:51:3b:ff:3e -h a7:71:fe:8e:d8:25 eth1

  • A. IV-->I-->V-->III-->II
  • B. III-->IV-->V-->II-->I
  • C. III-->IV-->I-->V-->II
  • D. IV-->I-->V-->III-->II


Answer : C

Recently, Jacob was assigned a project to test the perimeter security of one of a client. As part of the project, Jacob wants to test whether or not a particular port on the firewall is open or closed. He used the hping utility with the following syntax:
#hping ג€"S ג€"c 1 ג€"p <port> <IP Address> -t <TTL>
What response will indicate the particular port is allowed in the firewall?

  • A. Host Unreachable
  • B. TTL Exceeded
  • C. No Response
  • D. ICMP Port Unreachable


Answer : C

Page:    1 / 10   
Total 157 questions