Cyber Monday Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

ECCouncil ECSAv10 - EC-Council Certified Security Analyst (ECSA) v10 : Penetration Testing

ECCouncil ECSAv10 Premium Access     Download Demo    
Page: 3 / 6
Total 201 questions

Which of the following attacks does a hacker perform in order to obtain UDDI information such as businessEntity, businesService, bindingTemplate, and tModel?

A.

Web Services Footprinting Attack

B.

Service Level Configuration Attacks

C.

URL Tampering Attacks

D.

Inside Attacks

Which one of the following scans starts, but does not complete the TCP handshake sequence for each port selected, and it works well for direct scanning and often works well through firewalls?

A.

SYN Scan

B.

Connect() scan

C.

XMAS Scan

D.

Null Scan

Which Wireshark filter displays all the packets where the IP address of the source host is 10.0.0.7?

A.

ip.dst==10.0.0.7

B.

ip.port==10.0.0.7

C.

ip.src==10.0.0.7

D.

ip.dstport==10.0.0.7

What are placeholders (or markers) in an HTML document that the web server will dynamically replace with data just before sending the requested documents to a browser?

A.

Server Side Includes

B.

Sort Server Includes

C.

Server Sort Includes

D.

Slide Server Includes

Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM file on a computer. Where should Harold navigate on the computer to find the file?

A.

%systemroot%\LSA

B.

%systemroot%\repair

C.

%systemroot%\system32\drivers\etc

D.

%systemroot%\system32\LSA

The first and foremost step for a penetration test is information gathering. The main objective of this test is to gather information about the target system which can be used in a malicious manner to gain access to the target systems.

Which of the following information gathering terminologies refers to gathering information through social engineering on-site visits, face-to-face interviews, and direct questionnaires?

A.

Active Information Gathering

B.

Pseudonymous Information Gathering

C.

Anonymous Information Gathering

D.

Open Source or Passive Information Gathering

Which of the following policies states that the relevant application owner must authorize requests for additional access to specific business applications in writing to the IT Department/resource?

A.

Special-Access Policy

B.

User Identification and Password Policy

C.

Personal Computer Acceptable Use Policy

D.

User-Account Policy

Which of the following acts is a proprietary information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards and applies to all entities involved in payment card processing?

A.

PIPEDA

B.

PCI DSS

C.

Human Rights Act 1998

D.

Data Protection Act 1998

Simon is a former employee of Trinitron XML Inc. He feels he was wrongly terminated and wants to hack into his former company's network. Since Simon remembers some of the server names, he attempts to run the AXFR and IXFR commands using DIG.

What is Simon trying to accomplish here?

A.

Enumerate all the users in the domain

B.

Perform DNS poisoning

C.

Send DOS commands to crash the DNS servers

D.

Perform a zone transfer

Identify the type of testing that is carried out without giving any information to the employees or administrative head of the organization.

A.

Unannounced Testing

B.

Double Blind Testing

C.

Announced Testing

D.

Blind Testing