1. Home
  2. EC-COUNCIL
  3. ECSAV10

EC-COUNCIL ECSAV10 Online Practice Questions and Exam Preparation

ECSAV10 Exam Details

  • Exam Code
    :ECSAV10
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA) v10
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :354 Q&As
  • Last Updated
    :Jun 01, 2026

EC-COUNCIL ECSAV10 Online Questions & Answers

  • Question 51:

    A security analyst at Techsoft Solutions is performing penetration testing on the critical IT assets of the company. As part of this process, he is simulating the methodologies and techniques of a real attacker because he is provided with limited

    or zero information about the company and its assets.

    Identify the type of testing performed by the security analyst?

    A. Announced testing
    B. Blind testing
    C. White-box testing
    D. Unannounced testing

  • Question 52:

    Which of the following pen testing reports provides detailed information about all the tasks performed during penetration testing?

    A. Client-Side Test Report
    B. Activity Report
    C. Host Report
    D. Vulnerability Report

  • Question 53:

    DMZ is a network designed to give the public access to the specific internal resources and you might want to do the same thing for guests visiting organizations without compromising the integrity of the internal resources. In general, attacks on the wireless networks fall into four basic categories. Identify the attacks that fall under Passive attacks category.

    A. Wardriving
    B. Spoofing
    C. Sniffing
    D. Network Hijacking

  • Question 54:

    Amazon, an IT based company, conducts a survey on the usage of the Internet. They found that company employees spend most of the time at work surfing the web for their personal use and for inappropriate web site viewing. Management decide to block all such web sites using URL filtering software.

    How can employees continue to see the blocked websites?

    A. Using session hijacking
    B. Using proxy servers
    C. Using authentication
    D. Using encryption

  • Question 55:

    Richard, a penetration tester was asked to assess a web application. During the assessment, he discovered a file upload field where users can upload their profile pictures. While scanning the page for vulnerabilities, Richard found a file

    upload exploit on the website. Richard wants to test the web application by uploading a malicious PHP shell, but the web page denied the file upload. Trying to get around the security, Richard added the `jpg' extension to the end of the file.

    The new file name ended with `.php.jpg'. He then used the Burp suite tool and removed the `jpg'' extension from the request while uploading the file. This enabled him to successfully upload the PHP shell.

    Which of the following techniques has Richard implemented to upload the PHP shell?

    A. Session stealing
    B. Cookie tampering
    C. Cross site scripting
    D. Parameter tampering

  • Question 56:

    Allen and Greg, after investing in their startup company called Zamtac Ltd., developed a new web application for their company. Before hosting the application, they want to test the robustness and immunity of the developed web application

    against attacks like buffer overflow, DOS, XSS, and SQL injection.

    What is the type of the web application security test Allen and Greg should perform?

    A. Web fuzzing
    B. Web crawling
    C. Web spidering
    D. Web mirroring

  • Question 57:

    Vulnerability assessment is an examination of the ability of a system or application, including the current security procedures and controls, to withstand assault.

    What does a vulnerability assessment identify?

    A. Disgruntled employees
    B. Weaknesses that could be exploited
    C. Physical security breaches
    D. Organizational structure

  • Question 58:

    John, the penetration testing manager in a pen testing firm, needs to prepare a pen testing pricing report for a client. Which of the following factors does he need to consider while preparing the pen testing pricing report?

    A. Number of employees in the client organization
    B. Complete structure of the organization
    C. Number of client computers to be tested and resources required to perform a pen test
    D. Number of servers available in the client organization

  • Question 59:

    Which of the following statements is true about the LM hash?

    A. Disabled in Windows Vista and 7 OSs
    B. Separated into two 8-character strings
    C. Letters are converted to the lowercase
    D. Padded with NULL to 16 characters

  • Question 60:

    SecInfo is a leading cyber security provider who recently hired Andrew, a security analyst. He was assigned the task of identifying vulnerabilities in the NFC devices by performing an attack on them. In this process, he was present with his

    device in the close proximity with the NFC devices that are sharing data so that he can eavesdrop on the data and at the same time block the transmission to the receiver. He then manipulated the captured data and further relayed the data to

    the receiver.

    Identify the type of attack performed by Andrew on the target NFC devices?

    A. Ticket cloning
    B. MITM attack
    C. DoS attack
    D. Virus attack

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ECSAV10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.