EC-COUNCIL ECSAV10 Online Practice Questions and Exam Preparation

EC-COUNCIL ECSAV10 Online Questions & Answers

• Question 151:

  In Linux, what is the smallest possible shellcode?

  A. 800 bytes
  B. 8 bytes
  C. 80 bytes
  D. 24 bytes
  D. 24 bytes

• Question 152:

  Which one of the following acts related to the information security in the US fix the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting?

  A. California SB 1386
  B. Sarbanes-Oxley 2002
  C. Gramm-Leach-Bliley Act (GLBA)
  D. USA Patriot Act 2001
  B. Sarbanes-Oxley 2002

• Question 153:

  Which vulnerability assessment phase describes the scope of the assessment, identifies and ranks the critical assets, and creates proper information protection procedures such as effective planning, scheduling, coordination, and logistics?

  A. Threat-Assessment Phase
  B. Pre-Assessment Phase
  C. Assessment Phase
  D. Post-Assessment Phase
  B. Pre-Assessment Phase

• Question 154:

  Dale is a network admin working in Zero Faults Inc. Recently the company's network was compromised and is experiencing very unusual traffic. Dale checks for the problem that compromised the network. He performed a penetration test on

  the network's IDS and identified that an attacker sent spoofed packets to a broadcast address in the network.

  Which of the following attacks compromised the network?

  A. ARP Spoofing
  B. Amplification attack
  C. MAC Spoofing
  D. Session hijacking
  B. Amplification attack

• Question 155:

  The penetration testers are required to follow predefined standard frameworks in making penetration testing reporting formats. Which of the following standards does NOT follow the commonly used methodologies in penetration testing?

  A. National Institute of Standards and Technology (NIST)
  B. Information Systems Security Assessment Framework (ISSAF)
  C. Open Web Application Security Project (OWASP)
  D. American Society for Testing Materials (ASTM)
  D. American Society for Testing Materials (ASTM)

• Question 156:

  Paulette works for an IT security consulting company that is currently performing an audit for the firm ACE Unlimited. Paulette's duties include logging on to all the company's network equipment to ensure IOS versions are up-to-date and all

  the other security settings are as stringent as possible.

  Paulette presents the following screenshot to her boss so he can inform the clients about necessary changes need to be made. From the screenshot, what changes should the client company make? Exhibit:

  

  A. The banner should not state "only authorized IT personnel may proceed"
  B. Remove any identifying numbers, names, or version information
  C. The banner should include the Cisco tech support contact information as well
  D. The banner should have more detail on the version numbers for the network equipment
  B. Remove any identifying numbers, names, or version information

• Question 157:

  In the process of hacking a web application, attackers manipulate the HTTP requests to subvert the application authorization schemes by modifying input fields that relate to the user ID, username, access group, cost, file names, file

  identifiers, etc.

  They first access the web application using a low privileged account and then escalate privileges to access protected resources. What attack has been carried out?

  A. XPath Injection Attack
  B. Authorization Attack
  C. Authentication Attack
  D. Frame Injection Attack
  B. Authorization Attack

• Question 158:

  Which of the following is the objective of Gramm-Leach-Bliley Act?

  A. To ease the transfer of financial information between institutions and banks
  B. To protect the confidentiality, integrity, and availability of data
  C. To set a new or enhanced standards for all U.S. public company boards, management and public accounting firms
  D. To certify the accuracy of the reported financial statement
  A. To ease the transfer of financial information between institutions and banks

• Question 159:

  Which of the following is a framework of open standards developed by the Internet Engineering Task Force (IETF) that provides secure transmission of the sensitive data over an unprotected medium, such as the Internet?

  A. DNSSEC
  B. Netsec
  C. IKE
  D. IPsec
  D. IPsec

• Question 160:

  Peter works as a lead penetration tester in a security service firm named Xsecurity. Recently, Peter was assigned a white-box pen test assignment testing the security of an IDS system deployed by a client. During the preliminary information

  gathering, Peter discovered the TTL to reach the IDS system from his end is 30. Peter created a Trojan and fragmented it in to 1-character packets using the Colasoft packet builder tool. He then used a packet flooding utility to bombard the

  IDS with these fragmented packets with the destination address of a target host behind the IDS whose TTL is 35.

  What is Peter trying to achieve?

  A. Peter is trying to bypass the IDS system using a Trojan
  B. Peter is trying to bypass the IDS system using the broadcast address
  C. Peter is trying to bypass the IDS system using the insertion attack
  D. Peter is trying to bypass the IDS system using inconsistent packets
  D. Peter is trying to bypass the IDS system using inconsistent packets