1. Home
  2. EC-COUNCIL
  3. ECSAV10

EC-COUNCIL ECSAV10 Online Practice Questions and Exam Preparation

ECSAV10 Exam Details

  • Exam Code
    :ECSAV10
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA) v10
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :354 Q&As
  • Last Updated
    :Jun 01, 2026

EC-COUNCIL ECSAV10 Online Questions & Answers

  • Question 101:

    Veronica, a penetration tester at a top MNC company, is trying to breach the company's database as a part of SQLi penetration testing. She began to use the SQLi techniques to test the database security level. She inserted new database

    commands into the SQL statement and appended a SQL Server EXECUTE command to the vulnerable SQL statements.

    Which of the following SQLi techniques was used to attack the database?

    A. Function call injection
    B. File inclusion
    C. Buffer Overflow
    D. Code injection

  • Question 102:

    James is an attacker who wants to attack XYZ Inc. He has performed reconnaissance over all the publicly available resources of the company and identified the official company website http://xyz.com. He scanned all the pages of the company website to find for any potential vulnerabilities to exploit. Finally, in the user account login page of the company's website, he found a user login form which consists of several fields that accepts user inputs like username and password. He also found than any non-validated query that is requested can be directly communicated to the active directory and enable unauthorized users to obtain direct access to the databases. Since James knew an employee named Jason from XYZ Inc., he enters a valid username "jason" and injects "jason)(and))" in the username field. In the password field, James enters "blah" and clicks Submit button. Since the complete URL string entered by James becomes "(and (USER=jason)(and))(PASS=blah))," only the first filter is processed by the Microsoft Active Directory, that is, the query "(and(USER=jason)(and))" is processed. Since this query always stands true, James successfully logs into the user account without a valid password of Jason. In the above scenario, identify the type of attack performed by James?

    A. LDAP injection attack
    B. HTML embedding attack
    C. Shell injection attack
    D. File injection attack

  • Question 103:

    ARP spoofing is a technique whereby an attacker sends fake ("spoofed") Address Resolution Protocol (ARP) messages onto a Local Area Network. Generally, the aim is to associate the attacker's MAC address with the IP address of another

    host (such as the default gateway), causing any traffic meant for that IP address to be sent to the attacker instead.

    ARP spoofing attack is used as an opening for other attacks.

    What type of attack would you launch after successfully deploying ARP spoofing?

    A. Parameter Filtering
    B. Social Engineering
    C. Input Validation
    D. Session Hijacking

  • Question 104:

    Transmission Control Protocol (TCP) is a connection-oriented four layer protocol. It is responsible for breaking messages into segments, re-assembling them at the destination station, and re-sending. Which one of the following protocols does not use the TCP?

    A. Reverse Address Resolution Protocol (RARP)
    B. HTTP (Hypertext Transfer Protocol)
    C. SMTP (Simple Mail Transfer Protocol)
    D. Telnet

  • Question 105:

    One of the steps in information gathering is to run searches on a company using complex keywords in Google.

    Which search keywords would you use in the Google search engine to find all the PowerPoint presentations containing information about a target company, ROCHESTON?

    A. ROCHESTON fileformat:+ppt
    B. ROCHESTON ppt:filestring
    C. ROCHESTON filetype:ppt
    D. ROCHESTON +ppt:filesearch

  • Question 106:

    What is the maximum value of a "tinyint" field in most database systems?

    A. 222
    B. 224 or more
    C. 240 or less
    D. 225 or more

  • Question 107:

    An organization deployed Microsoft Azure cloud services for running their business activities. They appointed Jamie, a security analyst for performing cloud penetration testing. Microsoft prohibits certain tests to be carried out on their

    platform.

    Which of the following penetration testing activities Jamie cannot perform on the Microsoft Azure cloud service?

    A. Post scanning
    B. Denial-of-Service
    C. Log monitoring
    D. Load testing

  • Question 108:

    Which of the following statements highlights the difference between a vulnerability assessment and a penetration test?

    A. A vulnerability assessment identifies and ranks the vulnerabilities, and a penetration test exploits the identified vulnerabilities for validation and to determine impact.
    B. A vulnerability assessment focuses on low severity vulnerabilities and pen testing focuses on high severity vulnerabilities.
    C. A vulnerability assessment requires only automated tools to discover the vulnerabilities whereas pen testing also involves manual discovery of vulnerabilities.
    D. A vulnerability assessment is performed only on software components of an information system, whereas pen testing is performed on all hardware and software components of the system.

  • Question 109:

    You setup SNMP in multiple offices of your company. Your SNMP software manager is not receiving data from other offices like it is for your main office. You suspect that firewall changes are to blame. What ports should you open for SNMP

    to work through Firewalls.

    (Select 2)

    A. 162
    B. 160
    C. 161
    D. 163

  • Question 110:

    GenSec Inc, a UK-based company, uses Oracle database to store all its data. The company also uses Oracle DataBase Vault to restrict users access to specific areas of their database. GenSec hired a senior penetration tester and security

    auditor named Victor to check the vulnerabilities of the company's Oracle DataBase Vault. He was asked to find all the possible vulnerabilities that can bypass the company's Oracle DB Vault. Victor tried different kinds of attacks to penetrate

    into the company's Oracle DB Vault and succeeded.

    Which of the following attacks can help Victor to bypass GenSec's Oracle DB Vault?

    A. Man-in-the-Middle Attack
    B. Denial-of-Service Attack
    C. Replay Attack
    D. SQL Injection

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ECSAV10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.