ECSAv10 EC-Council Exam Questions and Free Practice Test

Question 37

Choose the correct option to define the Prefix Length.
ECSAv10 dumps exhibit

A. Prefix Length = Subnet + Host portions

B. Prefix Length = Network + Host portions

C. Prefix Length = Network + Subnet portions

D. Prefix Length = Network + Subnet + Host portions

Correct Answer:C

Question 38

Logs are the record of the system and network activities. Syslog protocol is used for delivering log information across an IP network. Syslog messages can be sent via which one of the following?

A. UDP and TCP

B. TCP and SMTP

C. SMTP

D. UDP and SMTP

Correct Answer:A

Question 39

Mason is footprinting an organization to gather competitive intelligence. He visits the company's website for contact information and telephone numbers but does not find any. He knows the entire staff directory was listed on their website 12 months. How can he find the directory?

A. Visit Google’s search engine and view the cached copy

B. Crawl and download the entire website using the Surfoffline tool and save them to his computer

C. Visit the company's partners’ and customers' website for this information

D. Use Way Back Machine in Archive.org web site to retrieve the Internet archive

Correct Answer:D

Question 40

When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?

A. Passive IDS

B. Active IDS

C. Progressive IDS

D. NIPS

Correct Answer:B

Question 41

Before performing the penetration testing, there will be a pre-contract discussion with different pen-testers (the team of penetration testers) to gather a quotation to perform pen testing.
ECSAv10 dumps exhibit
Which of the following factors is NOT considered while preparing a price quote to perform pen testing?

A. Total number of employees in the client organization

B. Type of testers involved

C. The budget required

D. Expected time required to finish the project

Correct Answer:A

Question 42

SQL injection attack consists of insertion or "injection" of either a partial or complete SQL query via the data input or transmitted from the client (browser) to the web application. A successful SQL injection attack can:
i) Read sensitive data from the database
iii) Modify database data (insert/update/delete)
iii) Execute administration operations on the database (such as shutdown the DBMS)
iV) Recover the content of a given file existing on the DBMS file system or write files into the file system
v) Issue commands to the operating system
ECSAv10 dumps exhibit
Pen tester needs to perform various tests to detect SQL injection vulnerability. He has to make a list of all input fields whose values could be used in crafting a SQL query, including the hidden fields of POST requests and then test them separately, trying to interfere with the query and to generate an error.
In which of the following tests is the source code of the application tested in a non-runtime environment to detect the SQL injection vulnerabilities?

A. Automated Testing

B. Function Testing

C. Dynamic Testing

D. Static Testing

Correct Answer:D

START ECSAv10 EXAM