ECSAv10 EC-Council Exam Questions and Free Practice Test

Question 7

In the context of penetration testing, what does blue teaming mean?
ECSAv10 dumps exhibit

A. A penetration test performed with the knowledge and consent of the organization's IT staff

B. It is the most expensive and most widely used

C. It may be conducted with or without warning

D. A penetration test performed without the knowledge of the organization's IT staff but with permission from upper management

Correct Answer:A

Question 8

Today, most organizations would agree that their most valuable IT assets reside within applications and databases. Most would probably also agree that these are areas that have the weakest levels of security, thus making them the prime target for malicious activity from system administrators, DBAs, contractors, consultants, partners, and customers.
ECSAv10 dumps exhibit
Which of the following flaws refers to an application using poorly written encryption code to securely encrypt and store sensitive data in the database and allows an attacker to steal or modify weakly protected data such as credit card numbers, SSNs, and other authentication credentials?

A. SSI injection attack

B. Insecure cryptographic storage attack

C. Hidden field manipulation attack

D. Man-in-the-Middle attack

Correct Answer:B

Question 9

What is kept in the following directory? HKLMSECURITYPolicySecrets

A. Service account passwords in plain text

B. Cached password hashes for the past 20 users

C. IAS account names and passwords

D. Local store PKI Kerberos certificates

Correct Answer:A

Question 10

When setting up a wireless network with multiple access points, why is it important to set each access point on a different channel?

A. Avoid cross talk

B. Avoid over-saturation of wireless signals

C. So that the access points will work on different frequencies

D. Multiple access points can be set up on the same channel without any issues

Correct Answer:A

Question 11

Which of the following pen testing reports provides detailed information about all the tasks performed during penetration testing?
ECSAv10 dumps exhibit

A. Client-Side Test Report

B. Activity Report

C. Host Report

D. Vulnerability Report

Correct Answer:A

Question 12

You are a security analyst performing a penetration tests for a company in the Midwest. After some initial reconnaissance, you discover the IP addresses of some Cisco routers used by the company. You type in the following URL that includes the IP address of one of the routers:
http://172.168.4.131/level/99/exec/show/config
After typing in this URL, you are presented with the entire configuration file for that router. What have you discovered?

A. URL Obfuscation Arbitrary Administrative Access Vulnerability

B. Cisco IOS Arbitrary Administrative Access Online Vulnerability

C. HTTP Configuration Arbitrary Administrative Access Vulnerability

D. HTML Configuration Arbitrary Administrative Access Vulnerability

Correct Answer:C

START ECSAv10 EXAM