EC-COUNCIL ECSAV10 Online Practice Questions and Exam Preparation

EC-COUNCIL ECSAV10 Online Questions & Answers

• Question 211:

  Transmission control protocol accepts data from a data stream, divides it into chunks, and adds a TCP header creating a TCP segment. The TCP header is the first 24 bytes of a TCP segment that contains the parameters and state of an end-to- end TCP socket. It is used to track the state of communication between two TCP endpoints. For a connection to be established or initialized, the two hosts must synchronize. The synchronization requires each side to send its own initial sequence number and to receive a confirmation of exchange in an acknowledgment (ACK) from the other side The below diagram shows the TCP Header format:

  

  A. 16 bits
  B. 32 bits
  C. 8 bits
  D. 24 bits
  B. 32 bits

• Question 212:

  Rules of Engagement (ROE) document provides certain rights and restriction to the test team for performing the test and helps testers to overcome legal, federal, and policy-related restrictions to use different penetration testing tools and techniques.

  

  What is the last step in preparing a Rules of Engagement (ROE) document?

  A. Conduct a brainstorming session with top management and technical teams
  B. Decide the desired depth for penetration testing
  C. Conduct a brainstorming session with top management and technical teams
  D. Have pre-contract discussions with different pen-testers
  C. Conduct a brainstorming session with top management and technical teams

• Question 213:

  You are working on a thesis for your doctorate degree in Computer Science. Your thesis is based on HTML, DHTML, and other web-based languages and how they have evolved over the years. You navigate to archive.org and view the

  HTML code of news.com. You then navigate to the current news.com website and copy over the source code. While searching through the code, you come across something abnormal:

  

  What have you found?

  A. Trojan.downloader
  B. Blind bug
  C. Web bug
  D. CGI code
  C. Web bug

• Question 214:

  The first phase of the penetration testing plan is to develop the scope of the project in consultation with the client. Pen testing test components depend on the client's operating environment, threat perception, security and compliance

  requirements, ROE, and budget.

  Various components need to be considered for testing while developing the scope of the project.

  

  Which of the following is NOT a pen testing component to be tested?

  A. System Software Security
  B. Intrusion Detection
  C. Outside Accomplices
  D. Inside Accomplices
  C. Outside Accomplices

• Question 215:

  AB Cloud services provide virtual platform services for the users in addition to storage. The company offers users with APIs, core connectivity and delivery, abstraction and hardware as part of the service. What is the name of the service AB Cloud services offer?

  A. Web Application Services
  B. Platform as a service (PaaS)
  C. Infrastructure as a service (IaaS)
  D. Software as a service (SaaS)
  C. Infrastructure as a service (IaaS)

• Question 216:

  You are a security analyst performing a penetration tests for a company in the Midwest. After some initial reconnaissance, you discover the IP addresses of some Cisco routers used by the company. You type in the following URL that

  includes the IP address of one of the routers:

  http://172.168.4.131/level/99/exec/show/config

  After typing in this URL, you are presented with the entire configuration file for that router. What have you discovered?

  A. URL Obfuscation Arbitrary Administrative Access Vulnerability
  B. Cisco IOS Arbitrary Administrative Access Online Vulnerability
  C. HTTP Configuration Arbitrary Administrative Access Vulnerability
  D. HTML Configuration Arbitrary Administrative Access Vulnerability
  C. HTTP Configuration Arbitrary Administrative Access Vulnerability

• Question 217:

  Analyze the ICMP packet below and mark the correct statement.

  

  A. It is a ping packet that requires fragmentation, but the Don't Fragment flag is set
  B. It is a ping request, but the destination port is unreachable
  C. It is a ping response, when the destination host is unknown
  D. It is a ping request, but the destination network is unreachable
  D. It is a ping request, but the destination network is unreachable

• Question 218:

  Which of the following information security acts enables to ease the transfer of financial information between institutions and banks while making the rights of the individual through security requirements more specific?

  A. The Digital Millennium Copyright Act (DMCA)
  B. Sarbanes Oxley Act (SOX)
  C. Computer Misuse Act 1990
  D. Gramm-Leach-Bliley Act (GLBA)
  D. Gramm-Leach-Bliley Act (GLBA)

• Question 219:

  Which one of the following scans starts, but does not complete the TCP handshake sequence for each port selected, and it works well for direct scanning and often works well through firewalls?

  A. SYN Scan
  B. Connect() scan
  C. XMAS Scan
  D. Null Scan
  A. SYN Scan

• Question 220:

  Michael, a penetration tester of Rolatac Pvt. Ltd., has completed his initial penetration testing and now he needs to create a penetration testing report for company's client, management, and top officials for their reference. For this, he created

  a report providing a detailed summary of the complete penetration testing process of the project that he has undergone, its outcomes, and recommendations for future testing and exploitation.

  In the above scenario, which type of penetration testing report has Michael prepared?

  A. Host report
  B. Activity report
  C. User report
  D. Executive report
  D. Executive report