Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil 412-79v10 - EC-Council Certified Security Analyst (ECSA) V10

ECCouncil 412-79v10 Premium Access     Download Demo    
Page: 6 / 6
Total 201 questions

Which one of the following tools of trade is a commercial shellcode and payload generator written in Python by Dave Aitel?

A.

Microsoft Baseline Security Analyzer (MBSA)

B.

CORE Impact

C.

Canvas

D.

Network Security Analysis Tool (NSAT)

The term social engineering is used to describe the various tricks used to fool people (employees, business partners, or customers) into voluntarily giving away information that would not normally be known to the general public.

What is the criminal practice of social engineering where an attacker uses the telephone system in an attempt to scam the user into surrendering private information?

A.

Phishing

B.

Spoofing

C.

Tapping

D.

Vishing

In which of the following firewalls are the incoming or outgoing packets blocked from accessing services for which there is no proxy?

A.

Circuit level firewalls

B.

Packet filters firewalls

C.

Stateful multilayer inspection firewalls

D.

Application level firewalls

Which one of the following acts makes reputational risk of poor security a reality because it requires public disclosure of any security breach that involves personal information if it is unencrypted or if it is reasonably believed that the information has been acquired by an unauthorized person?

A.

California SB 1386

B.

Sarbanes-Oxley 2002

C.

Gramm-Leach-Bliley Act (GLBA)

D.

USA Patriot Act 2001

You work as a penetration tester for Hammond Security Consultants. You are currently working on a contract for the state government of California. Your next step is to initiate a DoS attack on their network. Why would you want to initiate a DoS attack on a system you are testing?

A.

Use attack as a launching point to penetrate deeper into the network

B.

Demonstrate that no system can be protected against DoS attacks

C.

List weak points on their network

D.

Show outdated equipment so it can be replaced

Jessica works as systems administrator for a large electronics firm. She wants to scan her network quickly to detect live hosts by using ICMP ECHO Requests. What type of scan is Jessica going to perform?

A.

Smurf scan

B.

Tracert

C.

Ping trace

D.

ICMP ping sweep

HTTP protocol specifies that arbitrary binary characters can be passed within the URL by using %xx notation, where 'xx' is the

A.

ASCII value of the character

B.

Binary value of the character

C.

Decimal value of the character

D.

Hex value of the character

Which one of the following architectures has the drawback of internally considering the hosted services individually?

A.

Weak Screened Subnet Architecture

B.

"Inside Versus Outside" Architecture

C.

"Three-Homed Firewall" DMZ Architecture

D.

Strong Screened-Subnet Architecture

John, the penetration testing manager in a pen testing firm, needs to prepare a pen testing pricing report for a client. Which of the following factors does he need to consider while preparing the pen testing pricing report?

A.

Number of employees in the client organization

B.

Complete structure of the organization

C.

Number of client computers to be tested and resources required to perform a pen test

D.

Number of servers available in the client organization

To locate the firewall, SYN packet is crafted using Hping or any other packet crafter and sent to the firewall. If ICMP unreachable type 13 message (which is an admin prohibited packet) with a source IP address of the access control device is received, then it means which of the following type of firewall is in place?

A.

Circuit level gateway

B.

Stateful multilayer inspection firewall

C.

Packet filter

D.

Application level gateway