Eccouncil ecsav10 practice test
Certified Security Analyst (ECSA) v10 Exam
Last exam update: Dec 02 ,2023
Question 1
Windows stores user passwords in the Security Accounts Manager database (SAM), or in the Active
Directory database in domains. Passwords are never stored in clear text; passwords are hashed and
the results are stored in the SAM.
NTLM and LM authentication protocols are used to securely store a user's password in the SAM
database using different hashing methods.
The SAM file in Windows Server 2008 is located in which of the following locations?
- A. c:\windows\system32\config\SAM
- B. c:\windows\system32\drivers\SAM
- C. c:\windows\system32\Setup\SAM
- D. c:\windows\system32\Boot\SAM
Answer:
D
Question 2
Output modules allow Snort to be much more flexible in the formatting and presentation of output
to its users. Snort has 9 output plug-ins that push out data in different formats. Which one of the
following output plug-ins allows alert data to be written in a format easily importable to a database?
- A. unified
- B. csv
- C. alert_unixsock
- D. alert_fast
Answer:
B
Question 3
DMZ is a network designed to give the public access to the specific internal resources and you might
want to do the same thing for guests visiting organizations without compromising the integrity of the
internal resources. In general, attacks on the wireless networks fall into four basic categories.
Identify the attacks that fall under Passive attacks category.
- A. Wardriving
- B. Spoofing
- C. Sniffing
- D. Network Hijacking
Answer:
A
Question 4
Identify the attack represented in the diagram below:
- A. Input Validation
- B. Session Hijacking
- C. SQL Injection
- D. Denial-of-Service
Answer:
B
Question 5
Which among the following information is not furnished by the Rules of Engagement (ROE)
document?
- A. Techniques for data collection from systems upon termination of the test
- B. Techniques for data exclusion from systems upon termination of the test
- C. Details on how data should be transmitted during and after the test
- D. Details on how organizational data is treated throughout and after the test
Answer:
A
Question 6
In a virtual test environment, Michael is testing the strength and security of BGP using multiple
routers to mimic the backbone of the Internet. This project will help him write his doctoral thesis on
"bringing down the Internet".
Without sniffing the traffic between the routers, Michael sends millions of RESET packets to the
routers in an attempt to shut one or all of them down. After a few hours, one of the routers finally
shuts itself down.
What will the other routers communicate between themselves?
- A. More RESET packets to the affected router to get it to power back up
- B. RESTART packets to the affected router to get it to power back up
- C. The change in the routing fabric to bypass the affected router
- D. STOP packets to all other routers warning of where the attack originated
Answer:
C
Question 7
An external intrusion test and analysis identify security weaknesses and strengths of the client's
systems and networks as they appear from outside the client's security perimeter, usually from the
Internet.
The goal of an external intrusion test and analysis is to demonstrate the existence of known
vulnerabilities that could be exploited by an external attacker.
During external penetration testing, which of the following scanning techniques allow you to
determine a ports state without making a full connection to the host?
- A. XMAS Scan
- B. SYN scan
- C. FIN Scan
- D. NULL Scan
Answer:
B
Question 8
Today, most organizations would agree that their most valuable IT assets reside within applications
and databases. Most would probably also agree that these are areas that have the weakest levels of
security, thus making them the prime target for malicious activity from system administrators, DBAs,
contractors, consultants, partners, and customers.
Which of the following flaws refers to an application using poorly written encryption code to securely
encrypt and store sensitive data in the database and allows an attacker to steal or modify weakly
protected data such as credit card numbers, SSNs, and other authentication credentials?
- A. SSI injection attack
- B. Insecure cryptographic storage attack
- C. Hidden field manipulation attack
- D. Man-in-the-Middle attack
Answer:
B
Question 9
A firewall protects networked computers from intentional hostile intrusion that could compromise
confidentiality or result in data corruption or denial of service. It examines all traffic routed between
the two networks to see if it meets certain criteri
a. If it does, it is routed between the networks, otherwise it is stopped.
Why is an appliance-based firewall is more secure than those implemented on top of the commercial
operating system (Software based)?
- A. Appliance based firewalls cannot be upgraded
- B. Firewalls implemented on a hardware firewall are highly scalable
- C. Hardware appliances does not suffer from security vulnerabilities associated with the underlying operating system
- D. Operating system firewalls are highly configured
Answer:
A
Question 10
Which Wireshark filter displays all the packets where the IP address of the source host is 10.0.0.7?
- A. ip.dst==10.0.0.7
- B. ip.port==10.0.0.7
- C. ip.src==10.0.0.7
- D. ip.dstport==10.0.0.7
Answer:
C
Question 11
Which one of the following is a useful formatting token that takes an int * as an argument, and writes
the number of bytes already written, to that location?
- A. “%n”
- B. “%s”
- C. “%p”
- D. “%w”
Answer:
A
Question 12
In Linux, what is the smallest possible shellcode?
- A. 800 bytes
- B. 8 bytes
- C. 80 bytes
- D. 24 bytes
Answer:
D
Question 13
Before performing the penetration testing, there will be a pre-contract discussion with different pen-
testers (the team of penetration testers) to gather a quotation to perform pen testing.
Which of the following factors is NOT considered while preparing a price quote to perform pen
testing?
- A. Total number of employees in the client organization
- B. Type of testers involved
- C. The budget required
- D. Expected time required to finish the project
Answer:
A
Question 14
Kyle is performing the final testing of an application he developed for the accounting department.
His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following
command. What is he testing at this point?
include <stdio.h>
#include <string.h>
int main(int argc, char *argv[])
{
char buffer[10];
if (argc < 2)
{
fprintf(stderr, "USAGE: %s string\n", argv[0]);
return 1;
}
strcpy(buffer, argv[1]);
return 0;
}
- A. Buffer overflow
- B. Format string bug
- C. Kernal injection
- D. SQL injection
Answer:
A
Question 15
DNS information records provide important data about:
- A. Phone and Fax Numbers
- B. Location and Type of Servers
- C. Agents Providing Service to Company Staff
- D. New Customer
Answer:
B