ECSAV10 Exam Details

  • Exam Code
    :ECSAV10
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA) v10
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :354 Q&As
  • Last Updated
    :Jul 13, 2026

EC-COUNCIL ECSAV10 Online Questions & Answers

  • Question 61:

    George, a freelance Security Auditor and Penetration Tester, was working on a pen testing assignment for Xsecurity. George is an ESCA certified professional and was following the LPT methodology in performing a comprehensive security

    assessment of the company. After the initial reconnaissance, scanning and enumeration phases, he successfully recovered a user password and was able to log on to a Linux machine located on the network. He was also able to access the /

    etc/passwd file; however, the passwords were stored as a single "x" character.

    What will George do to recover the actual encrypted passwords?

    A. George will perform sniffing to capture the actual passwords
    B. George will perform replay attack to collect the actual passwords
    C. George will escalate his privilege to root level and look for /etc/shadow file
    D. George will perform a password attack using the pre-computed hashes also known as a rainbow attack

  • Question 62:

    If a web application sends HTTP cookies as its method for transmitting session tokens, it may be vulnerable which of the following attacks?

    A. Parameter tampering Attack
    B. Sql injection attack
    C. Session Hijacking
    D. Cross-site request attack

  • Question 63:

    Which of the following attacks does a hacker perform in order to obtain UDDI information such as businessEntity, businesService, bindingTemplate, and tModel?

    A. Web Services Footprinting Attack
    B. Service Level Configuration Attacks
    C. URL Tampering Attacks
    D. Inside Attacks

  • Question 64:

    Which one of the following acts makes reputational risk of poor security a reality because it requires public disclosure of any security breach that involves personal information if it is unencrypted or if it is reasonably believed that the information has been acquired by an unauthorized person?

    A. California SB 1386
    B. Sarbanes-Oxley 2002
    C. Gramm-Leach-Bliley Act (GLBA)
    D. USA Patriot Act 2001

  • Question 65:

    Robert is a network admin in XYZ Inc. He deployed a Linux server in his enterprise network and wanted to share some critical and sensitive files that are present in the Linux server with his subordinates. He wants to set the file access

    permissions using chmod command in such a way that his subordinates can only read/view the files but cannot edit or delete the files.

    Which of the following chmod commands can Robert use in order to achieve his objective?

    A. chmod 666
    B. chmod 644
    C. chmod 755
    D. chmod 777

  • Question 66:

    Vulnerability assessment is an examination of the ability of a system or application, including current security procedures and controls, to withstand assault. It recognizes, measures, and classifies security vulnerabilities in a computer system,

    network, and communication channels.

    A vulnerability assessment is used to identify weaknesses that could be exploited and predict the effectiveness of additional security measures in protecting information resources from attack.

    Which of the following vulnerability assessment technique is used to test the web server infrastructure for any misconfiguration and outdated content?

    A. Passive Assessment
    B. Host-based Assessment
    C. External Assessment
    D. Application Assessment

  • Question 67:

    The term social engineering is used to describe the various tricks used to fool people (employees, business partners, or customers) into voluntarily giving away information that would not normally be known to the general public.

    What is the criminal practice of social engineering where an attacker uses the telephone system in an attempt to scam the user into surrendering private information?

    A. Phishing
    B. Spoofing
    C. Tapping
    D. Vishing

  • Question 68:

    Security auditors determine the use of WAPs on their networks with Nessus vulnerability scanner which identifies the commonly used WAPs.

    One of the plug-ins that the Nessus Vulnerability Scanner uses is ID #11026 and is named "Access Point Detection". This plug-in uses four techniques to identify the presence of a WAP. Which one of the following techniques is mostly used

    for uploading new firmware images while upgrading the WAP device?

    A. NMAP TCP/IP fingerprinting
    B. HTTP fingerprinting
    C. FTP fingerprinting
    D. SNMP fingerprinting

  • Question 69:

    Which of the following approaches to vulnerability assessment relies on the administrator providing baseline of system configuration and then scanning continuously without incorporating any information found at the time of scanning?

    A. Service-based Assessment Solutions
    B. Product-based Assessment Solutions
    C. Tree-based Assessment
    D. Inference-based Assessment

  • Question 70:

    What is the following command trying to accomplish?

    A. Verify that NETBIOS is running for the 192.168.0.0 network
    B. Verify that TCP port 445 is open for the 192.168.0.0 network
    C. Verify that UDP port 445 is open for the 192.168.0.0 network
    D. Verify that UDP port 445 is closed for the 192.168.0.0 networks

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ECSAV10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.