EC-COUNCIL EC-Council Certified Security Analyst (ECSA) - ECSAv8 Exam Practice Test

What threat categories should you use to prioritize vulnerabilities detected in the pen testing report?

Assessing a network from a hacker's point of view to discover the exploits and vulnerabilities that are accessible to the outside world is which sort of vulnerability assessment?

Identify the type of firewall represented in the diagram below:

Amazon Consulting Corporation provides penetration testing and managed security services to companies. Legality and regulatory compliance is one of the important components in conducting a successful security audit.
Before starting a test, one of the agreements both the parties need to sign relates to limitations, constraints, liabilities, code of conduct, and indemnification considerations between the parties.

Which agreement requires a signature from both the parties (the penetration tester and the company)?

Which of the following policies states that the relevant application owner must authorize requests for additional access to specific business applications in writing to the IT Department/resource?

A penetration test will show you the vulnerabilities in the target system and the risks associated with it. An educated valuation of the risk will be performed so that the vulnerabilities can be reported as High/Medium/Low risk issues.

What are the two types of 'white-box' penetration testing?

Passwords protect computer resources and files from unauthorized access by malicious users. Using passwords is the most capable and effective way to protect information and to increase the security level of a company.
Password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system to gain unauthorized access to a system.

Which of the following password cracking attacks tries every combination of characters until the password is broken?

Which of the following is NOT generally included in a quote for penetration testing services?

Which type of vulnerability assessment tool provides security to the IT system by testing for vulnerabilities in the applications and operation system?

Which of the following protocol's traffic is captured by using the filter tcp.port==3389 in the Wireshark tool?