A Review Of Actual ECSAv10 Exam Topics

NEW QUESTION 1
Which of the following shields Internet users from artificial DNS data, such as a deceptive or mischievous address instead of the genuine address that was requested?

• A. DNSSEC
• B. Firewall
• C. Packet filtering
• D. IPSec

Answer: A

NEW QUESTION 2
Which of the following external pen testing tests reveals information on price, usernames and passwords, sessions, URL characters, special instructors, encryption used, and web page behaviors?

• A. Check for Directory Consistency and Page Naming Syntax of the Web Pages
• B. Examine Server Side Includes (SSI)
• C. Examine Hidden Fields
• D. Examine E-commerce and Payment Gateways Handled by the Web Server

Answer: C

NEW QUESTION 3
The IP protocol was designed for use on a wide variety of transmission links. Although the maximum length of an IP datagram is 64K, most transmission links enforce a smaller maximum packet length limit, called a MTU.
The value of the MTU depends on the type of the transmission link. The design of IP accommodates MTU differences by allowing routers to fragment IP datagrams as necessary. The receiving station is responsible for reassembling the fragments back into the original full size IP datagram.
IP fragmentation involves breaking a datagram into a number of pieces that can be reassembled later. The IP source, destination, identification, total length, and fragment offset fields in the IP header, are used for IP fragmentation and reassembly.

The fragment offset is 13 bits and indicates where a fragment belongs in the original IP datagram. This value is a:

• A. Multiple of four bytes
• B. Multiple of two bytes
• C. Multiple of eight bytes
• D. Multiple of six bytes

Answer: C

NEW QUESTION 4
In the context of penetration testing, what does blue teaming mean?

• A. A penetration test performed with the knowledge and consent of the organization's IT staff
• B. It is the most expensive and most widely used
• C. It may be conducted with or without warning
• D. A penetration test performed without the knowledge of the organization's IT staff but with permission from upper management

Answer: A

NEW QUESTION 5
An automated electronic mail message from a mail system which indicates that the user does not exist on that server is called as?

• A. SMTP Queue Bouncing
• B. SMTP Message Bouncing
• C. SMTP Server Bouncing
• D. SMTP Mail Bouncing

Answer: D

NEW QUESTION 6
Wireless communication allows networks to extend to places that might otherwise go untouched by the wired networks. When most people say ‘Wireless’ these days, they are referring to one of the 802.11 standards. There are three main 802.11 standards: B, A, and G.
Which one of the following 802.11 types uses DSSS Modulation, splitting the 2.4ghz band into channels?

• A. 802.11b
• B. 802.11g
• C. 802.11-Legacy
• D. 802.11n

Answer: A

NEW QUESTION 7
What are the 6 core concepts in IT security?

• A. Server management, website domains, firewalls, IDS, IPS, and auditing
• B. Authentication, authorization, confidentiality, integrity, availability, and non-repudiation
• C. Passwords, logins, access controls, restricted domains, configurations, and tunnels
• D. Biometrics, cloud security, social engineering, DoS attack, viruses, and Trojans

Answer: B

NEW QUESTION 8
The SnortMain () function begins by associating a set of handlers for the signals, Snort receives. It does this using the signal () function. Which one of the following functions is used as a programspecific signal and the handler for this calls the DropStats() function to output the current Snort statistics?

• A. SIGUSR1
• B. SIGTERM
• C. SIGINT
• D. SIGHUP

Answer: A

NEW QUESTION 9
You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to
sensitive information about the company clients. You have rummaged through their trash and found very little information.
You do not want to set off any alarms on their network, so you plan on performing passive foot printing against their Web servers. What tool should you use?

• A. Nmap
• B. Netcraft
• C. Ping sweep
• D. Dig

Answer: B

NEW QUESTION 10
In Linux, what is the smallest possible shellcode?

• A. 800 bytes
• B. 8 bytes
• C. 80 bytes
• D. 24 bytes

Answer: D

NEW QUESTION 11
In the TCP/IP model, the transport layer is responsible for reliability and flow control from source to the destination. TCP provides the mechanism for flow control by allowing the sending and receiving hosts to communicate.
A flow control mechanism avoids the problem with a transmitting host overflowing the buffers in the receiving host.

• A. Sliding Windows
• B. Windowing
• C. Positive Acknowledgment with Retransmission (PAR)
• D. Synchronization

Answer: C

NEW QUESTION 12
Which Wireshark filter displays all the packets where the IP address of the source host is 10.0.0.7?

• A. ip.dst==10.0.0.7
• B. ip.port==10.0.0.7
• C. ip.src==10.0.0.7
• D. ip.dstport==10.0.0.7

Answer: C

NEW QUESTION 13
An external intrusion test and analysis identify security weaknesses and strengths of the client's systems and networks as they appear from outside the client's security perimeter, usually from the Internet.
The goal of an external intrusion test and analysis is to demonstrate the existence of known vulnerabilities that could be exploited by an external attacker.

During external penetration testing, which of the following scanning techniques allow you to determine a port’s state without making a full connection to the host?

• A. XMAS Scan
• B. SYN scan
• C. FIN Scan
• D. NULL Scan

Answer: B

NEW QUESTION 14
Timing is an element of port-scanning that can catch one unaware. If scans are taking too long to complete or obvious ports are missing from the scan, various time parameters may need to be adjusted.
Which one of the following scanned timing options in NMAP’s scan is useful across slow WAN links or to hide the scan?

• A. Paranoid
• B. Sneaky
• C. Polite
• D. Normal

Answer: C

NEW QUESTION 15
What is kept in the following directory? HKLMSECURITYPolicySecrets

• A. Service account passwords in plain text
• B. Cached password hashes for the past 20 users
• C. IAS account names and passwords
• D. Local store PKI Kerberos certificates

Answer: A

NEW QUESTION 16
Which of the following is the objective of Gramm-Leach-Bliley Act?

• A. To ease the transfer of financial information between institutions and banks
• B. To protect the confidentiality, integrity, and availability of data
• C. To set a new or enhanced standards for all U.
• D. public company boards, management and public accounting firms
• E. To certify the accuracy of the reported financial statement

Answer: A

NEW QUESTION 17
Firewall is an IP packet filter that enforces the filtering and security policies to the flowing network traffic. Using firewalls in IPv6 is still the best way of protection from low level attacks at the network and transport layers.
Which one of the following cannot handle routing protocols properly?

• A. “Internet-router-firewall-net architecture”
• B. “Internet-firewall-router-net architecture”
• C. “Internet-firewall/router(edge device)-net architecture”
• D. “Internet-firewall -net architecture”

Answer: B

NEW QUESTION 18
Larry is an IT consultant who works for corporations and government agencies. Larry plans on shutting down the city's network using BGP devices and Zombies? What type of Penetration Testing is Larry planning to carry out?

• A. Internal Penetration Testing
• B. Firewall Penetration Testing
• C. DoS Penetration Testing
• D. Router Penetration Testing

Answer: C

NEW QUESTION 19
Which of the following is the range for assigned ports managed by the Internet Assigned Numbers Authority (IANA)?

• A. 3001-3100
• B. 5000-5099
• C. 6666-6674
• D. 0 – 1023

Answer: D

NEW QUESTION 20
Identify the type of testing that is carried out without giving any information to the employees or administrative head of the organization.

• A. Unannounced Testing
• B. Double Blind Testing
• C. Announced Testing
• D. Blind Testing

Answer: B

NEW QUESTION 21
Which one of the following acts makes reputational risk of poor security a reality because it requires public disclosure of any security breach that involves personal information if it is unencrypted or if it is reasonably believed that the information has been acquired by an unauthorized person?

• A. California SB 1386
• B. Sarbanes-Oxley 2002
• C. Gramm-Leach-Bliley Act (GLBA)
• D. USA Patriot Act 2001

Answer: A

NEW QUESTION 22
Today, most organizations would agree that their most valuable IT assets reside within applications and databases. Most would probably also agree that these are areas that have the weakest levels of security, thus making them the prime target for malicious activity from system administrators, DBAs, contractors, consultants, partners, and customers.

Which of the following flaws refers to an application using poorly written encryption code to securely encrypt and store sensitive data in the database and allows an attacker to steal or modify weakly protected data such as credit card numbers, SSNs, and other authentication credentials?

• A. SSI injection attack
• B. Insecure cryptographic storage attack
• C. Hidden field manipulation attack
• D. Man-in-the-Middle attack

Answer: B

NEW QUESTION 23
What are placeholders (or markers) in an HTML document that the web server will dynamically replace with data just before sending the requested documents to a browser?

• A. Server Side Includes
• B. Sort Server Includes
• C. Server Sort Includes
• D. Slide Server Includes

Answer: A

NEW QUESTION 24
Vulnerability assessment is an examination of the ability of a system or application, including the current security procedures and controls, to withstand assault.

What does a vulnerability assessment identify?

• A. Disgruntled employees
• B. Weaknesses that could be exploited
• C. Physical security breaches
• D. Organizational structure

Answer: B

NEW QUESTION 25
Vulnerability assessment is an examination of the ability of a system or application, including current security procedures and controls, to withstand assault. It recognizes, measures, and classifies security vulnerabilities in a computer system, network, and communication channels.
A vulnerability assessment is used to identify weaknesses that could be exploited and predict the effectiveness of additional security measures in protecting information resources from attack.

Which of the following vulnerability assessment technique is used to test the web server infrastructure for any misconfiguration and outdated content?

• A. Passive Assessment
• B. Host-based Assessment
• C. External Assessment
• D. Application Assessment

Answer: D

NEW QUESTION 26
Which of the following attributes has a LM and NTLMv1 value as 64bit + 64bit + 64bit and NTLMv2 value as 128 bits?

• A. Hash Key Length
• B. C/R Value Length
• C. C/R Key Length
• D. Hash Value Length

Answer: B

NEW QUESTION 27
Which of the following policies helps secure data and protects the privacy of organizational information?

• A. Special-Access Policy
• B. Document retention Policy
• C. Cryptography Policy
• D. Personal Security Policy

Answer: C

NEW QUESTION 28
Which of the following are the default ports used by NetBIOS service?

• A. A.-135, 136, 139, 445B.134, 135, 136, 137C.137, 138, 139, 140D.133, 134, 139, 142

Answer: A

NEW QUESTION 29
Tyler is setting up a wireless network for his business that he runs out of his home. He has followed all the directions from the ISP as well as the wireless router manual. He does not have any encryption set and the SSID is being broadcast.
On his laptop, he can pick up the wireless signal for short periods of time, but then the connection drops and the signal goes away. Eventually the wireless signal shows back up, but drops intermittently.
What could be Tyler issue with his home wireless network?

• A. 2.4 Ghz Cordless phones
• B. Satellite television
• C. CB radio
• D. Computers on his wired network

Answer: A

NEW QUESTION 30
The Web parameter tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc.
Usually, this information is stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control. This attack takes advantage of the fact that many programmers rely on hidden or fixed fields (such as a hidden tag in a form or a parameter in a URL) as the only security measure for certain operations.
Attackers can easily modify these parameters to bypass the security mechanisms that rely on them.

What is the best way to protect web applications from parameter tampering attacks?

• A. Validating some parameters of the web application
• B. Minimizing the allowable length of parameters
• C. Using an easily guessable hashing algorithm
• D. Applying effective input field filtering parameters

Answer: D

NEW QUESTION 31
......