EC-COUNCIL EC-Council Certified Security Analyst (ECSA) v10 : Penetration Testing - ECSAv10 Exam Practice Test
NO: 72
You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company clients. You have rummaged through their trash and found very little information.
You do not want to set off any alarms on their network, so you plan on performing passive foot printing against their Web servers. What tool should you use?
You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company clients. You have rummaged through their trash and found very little information.
You do not want to set off any alarms on their network, so you plan on performing passive foot printing against their Web servers. What tool should you use?
Correct Answer: D
NO: 35
In which of the following IDS evasion techniques does IDS reject the packets that an end system accepts?
In which of the following IDS evasion techniques does IDS reject the packets that an end system accepts?
Correct Answer: A
Wireshark is a network analyzer. It reads packets from the network, decodes them, and presents them in an easy-to-understand format. Which one of the following is the command-line version of Wireshark, which can be used to capture the live packets from the wire or to read the saved capture files?
Correct Answer: D
Vulnerability assessment is an examination of the ability of a system or application, including the current security procedures and controls, to withstand assault.

What does a vulnerability assessment identify?

What does a vulnerability assessment identify?
Correct Answer: B
Which among the following information is not furnished by the Rules of Engagement (ROE) document?
Correct Answer: B
When setting up a wireless network with multiple access points, why is it important to set each access point on a different channel?
Correct Answer: C
Information gathering is performed to:
i) Collect basic information about the target company and its network
ii) Determine the operating system used, platforms running, web server versions, etc.
iii) Find vulnerabilities and exploits

Which of the following pen testing tests yields information about a company's technology infrastructure?
i) Collect basic information about the target company and its network
ii) Determine the operating system used, platforms running, web server versions, etc.
iii) Find vulnerabilities and exploits

Which of the following pen testing tests yields information about a company's technology infrastructure?
Correct Answer: B
Before performing the penetration testing, there will be a pre-contract discussion with different pen-testers (the team of penetration testers) to gather a quotation to perform pen testing.

Which of the following factors is NOT considered while preparing a price quote to perform pen testing?

Which of the following factors is NOT considered while preparing a price quote to perform pen testing?
Correct Answer: B
Larry is an IT consultant who works for corporations and government agencies. Larry plans on shutting down the city's network using BGP devices and Zombies? What type of Penetration Testing is Larry planning to carry out?
Correct Answer: C