EC-COUNCIL ECSAV10 Online Practice Questions and Exam Preparation

EC-COUNCIL ECSAV10 Online Questions & Answers

• Question 191:

  A user unknowingly installed a fake malicious banking app in his Android mobile. This app includes a configuration file that consists of phone numbers of the bank. When the user makes a call to the bank, he is automatically redirected to the

  number being used by the attacker. The attacker impersonates as a banking official. Also, the app allows the attacker to call the user, then the app displays fake caller ID on the user's mobile resembling call from a legitimate bank.

  Identify the attack being performed on the Android mobile user?

  A. Tailgating
  B. SMiShing
  C. Vishing
  D. Eavesdropping
  C. Vishing

• Question 192:

  Wireshark is a network analyzer. It reads packets from the network, decodes them, and presents them in an easy-to- understand format. Which one of the following is the command-line version of Wireshark, which can be used to capture the live packets from the wire or to read the saved capture files?

  A. Tcpdump
  B. Capinfos
  C. Tshark
  D. Idl2wrs
  B. Capinfos

• Question 193:

  Which of the following policy forbids everything with strict restrictions on all usage of the company systems and network?

  A. Information-Protection Po
  B. Paranoid Policy
  C. Promiscuous Policy
  D. Prudent Policy
  B. Paranoid Policy

• Question 194:

  Internet Control Message Protocol (ICMP) messages occur in many situations, such as whenever a datagram cannot reach the destination or the gateway does not have the buffering capacity to forward a datagram. Each ICMP message

  contains three fields: type, code, and checksum.

  Different types of Internet Control Message Protocols (ICMPs) are identified by a type and code field.

  

  Which of the following ICMP messages will be generated if the destination port is not reachable?

  A. ICMP Type 11 code 1
  B. ICMP Type 5 code 3
  C. ICMP Type 3 code 2
  D. ICMP Type 3 code 3
  D. ICMP Type 3 code 3

• Question 195:

  During scanning of a test network, Paul sends TCP probe packets with the ACK flag set to a remote device and then analyzes the header information (TTL and WINDOW field) of the received RST packets to find whether the port is open or

  closed.

  Analyze the scanning result below and identify the open port.

  

  A. Port 22
  B. Port 23
  C. Port 21
  D. Port 20
  B. Port 23

• Question 196:

  Logs are the record of the system and network activities. Syslog protocol is used for delivering log information across an IP network. Syslog messages can be sent via which one of the following?

  A. UDP and TCP
  B. TCP and SMTP
  C. SMTP
  D. UDP and SMTP
  A. UDP and TCP

• Question 197:

  Steven is performing a wireless network audit. As part of the engagement, he is trying to crack a WPA-PSK key. Steven has captured enough packets to run aircrack-ng and discover the key, but aircrack-ng did not yield any result, as there

  were no authentication packets in the capture.

  Which of the following commands should Steven use to generate authentication packets?

  A. aireplay-ng --deauth 11 -a AA:BB:CC:DD:EE:FF
  B. airmon-ng start eth0
  C. airodump-ng --write capture eth0
  D. aircrack-ng.exe -a 2 -w capture.cap
  A. aireplay-ng --deauth 11 -a AA:BB:CC:DD:EE:FF

• Question 198:

  Depp Networks is a leader in providing ethical hacking services. They were tasked to examine the strength of a client network. After using a wide range of tests, they finally zeroed in on ICMP tunneling to bypass the firewall. What factor makes ICMP tunneling appropriate to bypass the firewall?

  A. Deep packet inspection
  B. Firewalls can not inspect ICMP packets
  C. Firewalls can not handle the fragmented packets
  D. The payload portion is arbitrary and not examined by most firewalls
  D. The payload portion is arbitrary and not examined by most firewalls

• Question 199:

  Karen was running port scans on each machine of her network in order to identify suspicious ports on the target machines. She observed the following results during the port scan of a particular machine.

  I. Some of the ports were not being acknowledged, i.e. no acknowledgment from the target machine

  II. Some ports were responding with SYN + ACK packets

  III.

  Some ports were responding with an RST packet

  What should she interpret for the ports that did not return the acknowledgement?

  A. She should that those ports as Closed ports
  B. She should that those ports as Open ports
  C. She should that those ports as Stealth ports
  D. She should that those ports as Half Open ports
  I. Some of the ports were not being acknowledged, i.e. no acknowledgment from the target machine II. Some ports were responding with SYN + ACK packets III. Some ports were responding with an RST packet What should she interpret for the ports that did not return the acknowledgement?
  C. She should that those ports as Stealth ports

• Question 200:

  What is the target host IP in the following command?

  C:\> firewalk -F 80 10.10.150.1 172.16.28.95 -p UDP

  A. Firewalk does not scan target hosts
  B. 172.16.28.95
  C. This command is using FIN packets, which cannot scan target hosts
  D. 10.10.150.1
  A. Firewalk does not scan target hosts