EC-COUNCIL ECSAV10 Online Practice Questions and Exam Preparation

EC-COUNCIL ECSAV10 Online Questions & Answers

• Question 261:

  What is the difference between penetration testing and vulnerability testing?

  

  A. Penetration testing goes one step further than vulnerability testing; while vulnerability tests check for known vulnerabilities, penetration testing adopts the concept of `in-depth ethical hacking'
  B. Penetration testing is based on purely online vulnerability analysis while vulnerability testing engages ethical hackers to find vulnerabilities
  C. Vulnerability testing is more expensive than penetration testing
  D. Penetration testing is conducted purely for meeting compliance standards while vulnerability testing is focused on online scans
  A. Penetration testing goes one step further than vulnerability testing; while vulnerability tests check for known vulnerabilities, penetration testing adopts the concept of `in-depth ethical hacking'

• Question 262:

  What are placeholders (or markers) in an HTML document that the web server will dynamically replace with data just before sending the requested documents to a browser?

  A. Server Side Includes
  B. Sort Server Includes
  C. Server Sort Includes
  D. Slide Server Includes
  A. Server Side Includes

• Question 263:

  What will the following URL produce in an unpatched IIS Web Server?

  

  A. Execute a buffer flow in the C: drive of the web server
  B. Insert a Trojan horse into the C: drive of the web server
  C. Directory listing of the C:\windows\system32 folder on the web server
  D. Directory listing of C: drive on the web server
  D. Directory listing of C: drive on the web server

• Question 264:

  Harold wants to set up a firewall on his network but is not sure which one would be the most appropriate. He knows he needs to allow FTP traffic to one of the servers on his network, but he wants to only allow FTP-PUT. Which firewall would be most appropriate for Harold?

  A. Application-level proxy firewall
  B. Data link layer firewall
  C. Packet filtering firewall
  D. Circuit-level proxy firewall
  A. Application-level proxy firewall

• Question 265:

  Which of the following has an offset field that specifies the length of the header and data?

  A. IP Header
  B. UDP Header
  C. ICMP Header
  D. TCP Header
  D. TCP Header

• Question 266:

  Joe works as an engagement team lead with Xsecurity Inc. His pen testing team follows all the standard pentesting procedures, however, one of the team members inadvertently deletes a document containing the client's sensitive

  information. The client is suing Xsecurity for damages.

  Which part of the Penetration Testing Contract should Joe have written better to avoid this lawsuit?

  A. Objective of the penetration test
  B. Indemnification clause
  C. Fees and project schedule
  D. Non-disclosure clause
  B. Indemnification clause

• Question 267:

  Many security and compliance projects begin with a simple idea: assess the organization's risk, vulnerabilities, and breaches. Implementing an IT security risk assessment is critical to the overall security posture of any organization. An effective security risk assessment can prevent breaches and reduce the impact of realized breaches.

  

  What is the formula to calculate risk?

  A. Risk = Budget x Time
  B. Risk = Goodwill x Reputation
  C. Risk = Loss x Exposure factor
  D. Risk = Threats x Attacks
  C. Risk = Loss x Exposure factor

• Question 268:

  You just passed your ECSA exam and are about to start your first consulting job running security audits for a financial institution in Los Angeles. The IT manager of the company you will be working for tries to see if you remember your ECSA

  class. He asks about the methodology you will be using to test the company's network.

  How would you answer?

  A. IBM Methodology
  B. LPT Methodology
  C. Google Methodology
  D. Microsoft Methodology
  B. LPT Methodology

• Question 269:

  Thomas is an attacker and he skimmed through the HTML source code of an online shopping website for the presence of any vulnerabilities that he can exploit. He already knows that when a user makes any selection of items in the online shopping webpage, the selection is typically stored as form field values and sent to the application as an HTTP request (GET or POST) after clicking the Submit button. He also knows that some fields related to the selected items are modifiable by the user (like quantity, color, etc.) and some are not (like price). While skimming through the HTML code, he identified that the price field values of the items are present in the HTML code. He modified the price field values of certain items from $200 to $2 in the HTML code and submitted the request successfully to the application. Identify the type of attack performed by Thomas on the online shopping website?

  A. Session poisoning attack
  B. Hidden field manipulation attack
  C. HTML embedding attack
  D. XML external entity attack
  C. HTML embedding attack

• Question 270:

  Which of the following roles of Microsoft Windows Active Directory refers to the ability of an active directory to transfer roles to any domain controller (DC) in the enterprise?

  A. Master Browser (MB)
  B. Global Catalog (GC)
  C. Flexible Single Master Operation (FSMO)
  D. Rights Management Services (RMS)
  C. Flexible Single Master Operation (FSMO)