ECSAV10 Exam Details

  • Exam Code
    :ECSAV10
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA) v10
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :354 Q&As
  • Last Updated
    :Jul 13, 2026

EC-COUNCIL ECSAV10 Online Questions & Answers

  • Question 291:

    The framework primarily designed to fulfill a methodical and organized way of addressing five threat classes to network and that can be used to access, plan, manage, and maintain secure computers and communication networks is:

    A. Nortells Unified Security Framework
    B. The IBM Security Framework
    C. Bell Labs Network Security Framework
    D. Microsoft Internet Security Framework

  • Question 292:

    Which of the following acts provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information?

    A. PCI-DSS
    B. SOX
    C. HIPAA
    D. GLBA

  • Question 293:

    Michael, a Licensed Penetration Tester, wants to create an exact replica of an original website, so he can browse and spend more time analyzing it. Which of the following tools will Michael use to perform this task?

    A. VisualRoute
    B. NetInspector
    C. BlackWidow
    D. Zaproxy

  • Question 294:

    The Finger service displays information such as currently logged-on users, email address, full name, etc. Which among the following ports would you scan to identify this service during a penetration test?

    A. Port 89
    B. Port 99
    C. Port 69
    D. Port 79

  • Question 295:

    In which of the following IDS evasion techniques does IDS reject the packets that an end system accepts?

    A. IPS evasion technique
    B. IDS evasion technique
    C. UDP evasion technique
    D. TTL evasion technique

  • Question 296:

    A Demilitarized Zone (DMZ) is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network. Usage of a protocol within a DMZ environment is highly variable based on the

    specific needs of an organization.

    Privilege escalation, system is compromised when the code runs under root credentials, and DoS attacks are the basic weakness of which one of the following Protocol?

    A. Lightweight Directory Access Protocol (LDAP)
    B. Simple Network Management Protocol (SNMP)
    C. Telnet
    D. Secure Shell (SSH)

  • Question 297:

    A disgruntled employee Robert targeted to acquire business secrets of the organization he is working in and wants to sell the same to a competing organization for some financial gain. He started gathering information about the organization and somehow came to know that the organization is conducting a meeting to discuss future business plans. To collect the information about the organization's business plans, he had built a listening device housed in his bag and arrived the meeting location wearing a suit and tie. One of the employees of the organization thought he was a senior executive from other branch who came to attend the meeting and readily took him to the meeting room. Robert waited until that employee left the meeting room and planted listening devices at multiple places in the room. Then, he went outside the building and started listening and recorded all the conversations in the meeting. Identify the type of attack being performed by Robert on the target organization?

    A. Vishing
    B. Phishing
    C. Shoulder surfing
    D. Eavesdropping

  • Question 298:

    ABC bank, a UK-based bank hired Anthony, to perform a penetration test for the bank. Anthony began performing lookups on the bank's DNS servers, reading news articles online about the bank, performing competitive intelligence gathering,

    watching what times the bank employees come and go, and searching the bank's job postings.

    What phase of the penetration testing is Anthony currently in?

    A. Attack phase
    B. Post-attack phase
    C. Pre-attack phase
    D. Remediation phase

  • Question 299:

    An attacker injects malicious query strings in user input fields to bypass web service authentication mechanisms and to access back-end databases. Which of the following attacks is this?

    A. Frame Injection Attack
    B. LDAP Injection Attack
    C. XPath Injection Attack
    D. SOAP Injection Attack

  • Question 300:

    Irin is a newly joined penetration tester for XYZ Ltd. While joining, as a part of her training, she was instructed about various legal policies and information securities acts by her trainer. During the training, she was informed about a specific information security act related to the conducts and activities like it is illegal to perform DoS attacks on any websites or applications, it is illegal to supply and own hacking tools, it is illegal to access unauthorized computer material, etc. To which type of information security act does the above conducts and activities best suit?

    A. Police and Justice Act 2006
    B. Data Protection Act 1998
    C. USA Patriot Act 2001
    D. Human Rights Act 1998

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ECSAV10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.