EC-COUNCIL ECSAV10 Online Practice Questions and Exam Preparation

EC-COUNCIL ECSAV10 Online Questions & Answers

• Question 181:

  Identify the correct formula for Return on Investment (ROI).

  A. ROI = ((Expected Returns - Cost of Investment) / Cost of Investment) * 100
  B. ROI = (Expected Returns + Cost of Investment) / Cost of Investment
  C. ROI = (Expected Returns Cost of Investment) / Cost of Investment
  D. ROI = ((Expected Returns + Cost of Investment) / Cost of Investment) * 100
  C. ROI = (Expected Returns Cost of Investment) / Cost of Investment

• Question 182:

  Kyle is performing the final testing of an application he developed for the accounting department. His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following command. What is he testing at this

  point?

  include

  #include

  int main(int argc, char *argv[])

  {

  char buffer[10];

  if (argc < 2)

  {

  fprintf(stderr, "USAGE: %s string\n", argv[0]);

  return 1;

  }

  strcpy(buffer, argv[1]);

  return 0;

  }

  A. Buffer overflow
  B. Format string bug
  C. Kernal injection
  D. SQL injection
  A. Buffer overflow

• Question 183:

  George is a senior security analyst working for a state agency in Florida; His state's congress just passed a bill mandating every state agency to undergo a security audit annually. After learning what will be required, George needs to

  implement an IDS as soon as possible before the first audit occurs.

  The state bill requires that an IDS with a "time-based induction machine" be used. What IDS feature must George implement to meet this requirement?

  A. Pattern matching
  B. Statistical-based anomaly detection
  C. Real-time anomaly detection
  D. Signature-based anomaly detection
  C. Real-time anomaly detection

• Question 184:

  HDC Networks Ltd. is a leading security services company. Matthew works as a penetrating tester with this firm. He was asked to gather information about the target company. Matthew begins with social engineering by following the steps:

  I. Secretly observes the target to gain critical information

  II.

  Looks at employee's password or PIN code with the help of binoculars or a low-power telescope Based on the above description, identify the information gathering technique.

  A. Phishing
  B. Shoulder surfing
  C. Tailgating
  D. Dumpster diving
  I. Secretly observes the target to gain critical information II. Looks at employee's password or PIN code with the help of binoculars or a low-power telescope Based on the above description, identify the information gathering technique.
  B. Shoulder surfing

• Question 185:

  Which of the following contents of a pen testing project plan addresses the strengths, weaknesses, opportunities, and threats involved in the project?

  A. Project Goal
  B. Success Factors
  C. Objectives
  D. Assumptions
  D. Assumptions

• Question 186:

  By default, the TFTP server listens on UDP port 69. Which of the following utility reports the port status of target TCP and UDP ports on a local or a remote computer and is used to troubleshoot TCP/IP connectivity issues?

  A. PortQry
  B. Netstat
  C. Telnet
  D. Tracert
  A. PortQry

• Question 187:

  A framework is a fundamental structure used to support and resolve complex issues. The framework that delivers an efficient set of technologies in order to develop applications which are more secure in using Internet and Intranet is:

  A. Microsoft Internet Security Framework
  B. Information System Security Assessment Framework (ISSAF)
  C. Bell Labs Network Security Framework
  D. The IBM Security Framework
  A. Microsoft Internet Security Framework

• Question 188:

  Nick is a penetration tester in Stanbiz Ltd. As a part of his duty, he was analyzing the network traffic by using various filters in the Wireshark tool. While sniffing the network traffic, he used "tcp.port==1433" Wireshark filter for acquiring a

  specific database related information since port number 1433 is the default port of that specific target database.

  Which of the following databases Nick is targeting in his test?

  A. PostgreSQL
  B. Oracle
  C. MySQL
  D. Microsoft SQL Server
  D. Microsoft SQL Server

• Question 189:

  Terri works for a security consulting firm that is currently performing a penetration test on First National Bank in Tokyo. Terri's duties include bypassing firewalls and switches to gain access to the network. Terri sends an IP packet to one of

  the company's switches with ACK bit and the source address of her machine set.

  What is Terri trying to accomplish by sending this IP packet?

  A. Poison the switch's MAC address table by flooding it with ACK bits
  B. Enable tunneling feature on the switch
  C. Trick the switch into thinking it already has a session with Terri's computer
  D. Crash the switch with a DoS attack since switches cannot send ACK bits
  C. Trick the switch into thinking it already has a session with Terri's computer

• Question 190:

  Jackson, a social media editor for Early Times, identified that there are exploitable zero-day vulnerabilities in many of the open source protocols and common file formats across software used by some of the specific industries. To identify

  vulnerabilities in software, he had sent malformed or random input to the target software and then observed the result. This technique helps in uncovering zero-day vulnerabilities and helps security teams in identifying areas where the quality

  and security of the software need to be improved.

  Identify the technique used by Jackson to uncover zero-day vulnerabilities?

  A. Application fuzz testing
  B. Application black testing
  C. Source code review
  D. Application white testing
  A. Application fuzz testing