1. Home
  2. EC-COUNCIL
  3. ECSAv8

EC-Council Certified Security Analyst (ECSA)

Exam Details

  • Exam Code
    :ECSAv8
  • Exam Name
    :EC-Council Certified Security Analyst (ECSA)
  • Certification
    :ECSA
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :200 Q&As
  • Last Updated
    :May 08, 2024

EC-COUNCIL ECSA ECSAv8 Questions & Answers

  • Question 141:

    Which of the following is a framework of open standards developed by the Internet Engineering Task Force (IETF) that provides secure transmission of the sensitive data over an unprotected medium, such as the Internet?

    A. DNSSEC

    B. Netsec

    C. IKE

    D. IPsec

  • Question 142:

    Mason is footprinting an organization to gather competitive intelligence. He visits the company's website for contact information and telephone numbers but does not find any. He knows the entire staff directory was listed on their website 12 months. How can he find the directory?

    A. Visit Google's search engine and view the cached copy

    B. Crawl and download the entire website using the Surfoffline tool and save them to his computer

    C. Visit the company's partners' and customers' website for this information

    D. Use WayBackMachine in Archive.org web site to retrieve the Internet archive

  • Question 143:

    Which of the following appendices gives detailed lists of all the technical terms used in the report?

    A. Required Work Efforts

    B. References

    C. Research

    D. Glossary

  • Question 144:

    An external intrusion test and analysis identify security weaknesses and strengths of the client's systems and networks as they appear from outside the client's security perimeter, usually from the Internet. The goal of an external intrusion test and analysis is to demonstrate the existence of known vulnerabilities that could be exploited by an external attacker.

    During external penetration testing, which of the following scanning techniques allow you to determine a port's state without making a full connection to the host?

    A. XMAS Scan

    B. SYN scan

    C. FIN Scan

    D. NULL Scan

  • Question 145:

    Passwords protect computer resources and files from unauthorized access by malicious users. Using passwords is the most capable and effective way to protect information and to increase the security level of a company.

    Password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system to gain unauthorized access to a system.

    Which of the following password cracking attacks tries every combination of characters until the password is broken?

    A. Brute-force attack

    B. Rule-based attack

    C. Hybrid attack D. Dictionary attack

  • Question 146:

    A pen tester has extracted a database name by using a blind SQL injection. Now he begins to test the table inside the database using the below query and finds the table:

    http://juggyboy.com/page.aspx?id=1; IF (LEN(SELECT TOP 1 NAME from sysobjects where xtype='U')=3) WAITFOR DELAY '00:00:10'-

    http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),1,1)))=101) WAITFOR DELAY '00:00:10'-

    http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),2,1)))=109) WAITFOR DELAY '00:00:10'-

    http://juggyboy.com/page.aspx?id=1; IF (ASCII(lower(substring((SELECT TOP 1 NAME from sysobjects where xtype=char(85)),3,1)))=112) WAITFOR DELAY '00:00:10'-

    What is the table name?

    A. CTS

    B. QRT

    C. EMP

    D. ABC

  • Question 147:

    When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?

    A. Passive IDS

    B. Active IDS

    C. Progressive IDS

    D. NIPS

  • Question 148:

    HTTP protocol specifies that arbitrary binary characters can be passed within the URL by using %xx notation, where 'xx' is the

    A. ASCII value of the character

    B. Binary value of the character

    C. Decimal value of the character

    D. Hex value of the character

  • Question 149:

    Which of the following password cracking techniques is used when the attacker has some information about the password?

    A. Hybrid Attack

    B. Dictionary Attack

    C. Syllable Attack

    D. Rule-based Attack

  • Question 150:

    Which of the following is an application alert returned by a web application that helps an attacker guess a valid username?

    A. Invalid username or password

    B. Account username was not found

    C. Incorrect password

    D. Username or password incorrect

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ECSAv8 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.