1. Home
  2. EC-COUNCIL
  3. ECSAV10

EC-COUNCIL ECSAV10 Online Practice Questions and Exam Preparation

ECSAV10 Exam Details

  • Exam Code
    :ECSAV10
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA) v10
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :354 Q&As
  • Last Updated
    :Jun 01, 2026

EC-COUNCIL ECSAV10 Online Questions & Answers

  • Question 131:

    Gibson, a security analyst at MileTech Solutions, is performing cloud penetration testing. As part of this process, he needs to check for any governance and compliance issues against cloud services. Which of the following documents helps Gibson in checking whether the CSP is regularly audited and certified for compliance issues?

    A. Service level agreement
    B. Data use agreement
    C. ROE agreement
    D. Nondisclosure agreement

  • Question 132:

    Which of the following SQLMAP commands will allow you to test if a parameter in a target URL is vulnerable to SQL injection (injectable)?

    A. sqlmap -g "inurl:\".php?id=1\""
    B. sqlmap.py -l burp.log --scope="(www)?\.[target]\.(com | net | org)"
    C. sqlmap –url [ Target URL ]
    D. sqlmap –host [ Target URL ]

  • Question 133:

    Joe, an ECSA certified professional, is working on a pen testing engagement for one of his SME clients. He discovered the host file in one of the Windows machines has the following entry:

    213.65.172.55 microsoft.com

    After performing a Whois lookup, Joe discovered the IP does not refer to Microsoft.com. The network admin denied modifying the host files.

    Which type of attack does this scenario present?

    A. DNS starvation
    B. DNS poisoning
    C. Phishing
    D. MAC spoofing

  • Question 134:

    Jacob is a penetration tester at TechSoft Inc. based at Singapore. The company assigned him the task of conducting penetration test on the IoT devices connected to the corporate network. As part of this process, he captured the network

    traffic of the devices, their mobile applications, and cloud connections to check whether any critical data are transmitted in plain text. Also, he tried to check whether SSL/TLS protocols are properly updated and implemented.

    Which of the following IoT security issues Jacob is dealing with?

    A. Poor authentication/authorization
    B. Lack of transport encryption
    C. Privacy concerns
    D. Insecure software/firmware

  • Question 135:

    Moses, a professional hacker, attempts to overwhelm the target victim computer by transmitting TCP connection requests faster than the computer can process them. He started sending multiple SYN packets of size between 800 and 900

    bytes with spoofed source addresses and port numbers. The main intention of Moses behind this attack is to exhaust the server resources and saturate the network of the target organization.

    Identify the type of attack being performed by Moses?

    A. VTP attack
    B. DoS attack
    C. ARP attack
    D. HSRP attack

  • Question 136:

    Peter, a disgruntled ex-employee of Zapmaky Solutions Ltd., is trying to jeopardize the company's website http://zapmaky.com. He conducted the port scan of the website by using the Nmap tool to extract the information about open ports and

    their corresponding services. While performing the scan, he recognized that some of his requests are being blocked by the firewall deployed by the IT personnel of Zapmaky and he wants to bypass the same. For evading the firewall, he

    wanted to employ the stealth scanning technique which is an incomplete TCP three-way handshake method that can effectively bypass the firewall rules and logging mechanisms.

    Which if the following Nmap commands should Peter execute to perform stealth scanning?

    A. nmap -sT -v zapmaky.com
    B. nmap -T4 -A -v zapmaky.com
    C. nmap -sX -T4 -A -v zapmaky.com
    D. nmap -sN -A zapmaky.com

  • Question 137:

    Martin works as a professional Ethical Hacker and Penetration Tester. He is an ESCA certified professional and was following the LPT methodology to perform the penetration testing. He is assigned a project for information gathering on a

    client's network. He started penetration testing and was trying to find out the company's internal URLs, (mostly by trial and error), looking for any information about the different departments and business units. Martin was unable to find any

    information.

    What should Martin do to get the information he needs?

    A. Martin should use email tracking tools such as eMailTrackerPro to find the company's internal URLs
    B. Martin should use online services such as netcraft.com to find the company's internal URLs
    C. Martin should use WayBackMachine in Archive.org to find the company's internal URLs
    D. Martin should use website mirroring tools such as HTTrack Web Site Copier to find the company's internal URLs

  • Question 138:

    John and Hillary works at the same department in the company. John wants to find out Hillary's network password so he can take a look at her documents on the file server. He enables Lophtcrack program to sniffing mode. John sends Hillary

    an email with a link to Error! Reference source not found.

    What information will he be able to gather from this?

    A. The SID of Hillary's network account
    B. The network shares that Hillary has permissions
    C. The SAM file from Hillary's computer
    D. Hillary's network username and password hash

  • Question 139:

    Information gathering is performed to:

    i) Collect basic information about the target company and its network ii) Determine the operating system used, platforms running, web server versions, etc.

    iii) Find vulnerabilities and exploits

    Which of the following pen testing tests yields information about a company's technology infrastructure?

    A. Searching for web page posting patterns
    B. Analyzing the link popularity of the company's website
    C. Searching for trade association directories
    D. Searching for a company's job postings

  • Question 140:

    How does OS Fingerprinting help you as a pen tester?

    A. It defines exactly what software the target has installed
    B. It doesn't depend on the patches that have been applied to fix existing security holes
    C. It opens a security-delayed window based on the port being scanned
    D. It helps to research vulnerabilities that you can use to exploit on a target system

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ECSAV10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.