ECSAV10 Exam Details

  • Exam Code
    :ECSAV10
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA) v10
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :354 Q&As
  • Last Updated
    :Jul 13, 2026

EC-COUNCIL ECSAV10 Online Questions & Answers

  • Question 31:

    SecGlobal Corporation hired Michael, a penetration tester. Management asked Michael to perform cloud penetration testing on the company's cloud infrastructure. As a part of his task, he started checking all the agreements with cloud

    service provider and came to a conclusion that it is not possible to perform penetration testing on the cloud services that are being used by the organization due to the level of responsibilities between company and the Cloud Service Provider

    (CSP).

    Identify the type of cloud service deployed by the organization?

    A. Platform as a service (PaaS)
    B. Software as a service (SaaS)
    C. Anything as a service (XaaS)
    D. Infrastructure as a service (IaaS)

  • Question 32:

    You have implemented DNSSEC on your primary internal DNS server to protect it from various DNS attacks. Network users complained they are not able to resolve domain names to IP addresses at certain times. What could be the probable reason?

    A. DNSSEC does not provide protection against Denial of Service (DoS) attacks
    B. DNSSEC does not guarantee authenticity of a DNS response during an attack
    C. DNSSEC does not protect the integrity of a DNS response
    D. DNSSEC does not guarantee the non-existence of a domain name or type

  • Question 33:

    Stuart is a database penetration tester working with Regional Server Technologies. He was asked by the company to identify the vulnerabilities in its SQL database. Stuart wanted to perform a SQL penetration by passing some SQL

    commands through a web application for execution and succeeded with a command using a wildcard attribute indicator.

    Which of the following strings is a wildcard attribute indicator?

    A. ?Param1=fooandParam2=bar
    B. %
    C. @variable
    D. @@variable

  • Question 34:

    You work as an IT security auditor hired by a law firm in Boston. You have been assigned the responsibility to audit the client for security risks. When assessing the risk to the clients network, what step should you take first?

    A. Analyzing, categorizing and prioritizing resources
    B. Evaluating the existing perimeter and internal security
    C. Checking for a written security policy
    D. Analyzing the use of existing management and control architecture

  • Question 35:

    Which type of penetration testing will require you to send the Internal Control Questionnaires (ICQ) to the client?

    A. White-box testing
    B. Black-box testing
    C. Blind testing
    D. Unannounced testing

  • Question 36:

    Which of the following is not the SQL injection attack character?

    A. $
    B. PRINT
    C. #
    D. @@variable

  • Question 37:

    Internet Control Message Protocol (ICMP) messages occur in many situations, such as whenever a datagram cannot reach the destination or the gateway does not have the buffering capacity to forward a datagram. Each ICMP message

    contains three fields: type, code, and checksum. Different types of Internet Control Message Protocols (ICMPs) are identified by a TYPE field.

    If the destination is not reachable, which one of the following are generated?

    A. Type 8 ICMP codes
    B. Type 12 ICMP codes
    C. Type 3 ICMP codes
    D. Type 7 ICMP codes

  • Question 38:

    You are running through a series of tests on your network to check for any security vulnerabilities. After normal working hours, you initiate a DoS attack against your external firewall. The firewall quickly freezes up and becomes unusable. You then initiate an FTP connection from an external IP into your internal network. The connection is successful even though you have FTP blocked at the external firewall. What has happened?

    A. The firewall failed-open
    B. The firewall failed-bypass
    C. The firewall failed-closed
    D. The firewall ACL has been purged

  • Question 39:

    Which of the following is not a characteristic of a firewall?

    A. Manages public access to private networked resources
    B. Routes packets between the networks
    C. Examines all traffic routed between the two networks to see if it meets certain criteria
    D. Filters only inbound traffic but not outbound traffic

  • Question 40:

    Which of the following external pen testing tests reveals information on price, usernames and passwords, sessions, URL characters, special instructors, encryption used, and web page behaviors?

    A. Check for Directory Consistency and Page Naming Syntax of the Web Pages
    B. Examine Server Side Includes (SSI)
    C. Examine Hidden Fields
    D. Examine E-commerce and Payment Gateways Handled by the Web Server

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ECSAV10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.