Category: EC-COUNCIL

A best online resource to prepare for the EC-COUNCIL ECSAV10 exam: latest ECSAV10 practice test. The latest ECSAV10 exam dumps pdf. Pass4itsure full ECSAV10 dumps https://www.pass4itsure.com/ecsav10.html (Total Questions: 354 Q&A ECSAV10 Dumps Pdf) can help you pass your first exam!

New 2021 EC-COUNCIL ECSAV10 dumps pdf from google drive (Update Questions)

Welcome to download [free questions] EC-COUNCIL ECSAV10 dumps pdf https://drive.google.com/file/d/1Nu1rnMTr6bTRMY948UR9U3FqO7acPamz/view?usp=sharing

EC-COUNCIL ECSAV10 practice test questions from Youtube

New EC-COUNCIL ECSAV10 exam practice questions(q1-q13)

QUESTION 1
John, a security analyst working for the LeoTech organization, was asked to perform penetration testing on the client
organizational network. In this process, he used a method that involves threatening or convincing a person from the
client
organization to obtain sensitive information.
Identify the type of penetration testing performed by John on the client organization?
A. Wireless network penetration testing
B. Social engineering penetration testing
C. Mobile device penetration testing
D. Web application penetration testing
Correct Answer: B


QUESTION 2
Output modules allow Snort to be much more flexible in the formatting and presentation of output to its users. Snort has
9 output plug-ins that push out data in different formats. Which one of the following output plug-ins allows alert data to
be written in a format easily importable to a database?
A. unified
B. csv
C. alert_unixsock
D. alert_fast
Correct Answer: B


QUESTION 3
As a security analyst, you set up a false survey website that will require users to create a username and a strong
password. You send the link to all the employees of the company. What information will you be able to gather?
A. The employees network usernames and passwords
B. The MAC address of the employees\\’ computers
C. The IP address of the employee’s computers
D. Bank account numbers and the corresponding routing numbers
Correct Answer: C

QUESTION 4
Julia is a senior security analyst for Berber Consulting group. She is currently working on a contract for a small
accounting firm in Florida; They have given her permission to perform social engineering attacks on the company to see
if their in-house training did any good. Julia calls the main number for the accounting firm and talks to the receptionist.
Julia says that she is an IT technician from the company\\’s main office in Iowa; She states that she needs the
receptionist\\’s network username and password to troubleshoot a problem they are having. Julia says that Bill
Hammond, the CEO of the company, requested this information. After hearing the name of the CEO, the receptionist
gave Julia all the information she asked for. What principle of social engineering did Julia use?
A. Reciprocation
B. Friendship/Liking
C. Social Validation
D. Scarcity
Correct Answer: A


QUESTION 5
Which of the following acts related to information security in the US establish that the management of an organization is
responsible for establishing and maintaining an adequate internal control structure and procedures for financial
reporting?
A. USA Patriot Act 2001
B. Sarbanes-Oxley 2002
C. Gramm-Leach-Bliley Act (GLBA)
D. California SB 1386
Correct Answer: B


QUESTION 6
Ross performs security tests on his company\\’s network assets and creates a detailed report of all the findings. In his
report, he clearly explains the methodological approach that he has followed in finding the loopholes in the network.
However,
his report does not mention the security gaps that can be exploited or the amount of damage that may result from
the successful exploitation of the loopholes. The report does not even mention the remediation steps that are to
be
taken to secure the network.
What is the type of test that Ross has performed?
A. Penetration testing
B. Vulnerability assessment
C. Risk assessment
D. Security audit
Correct Answer: B


QUESTION 7
While scanning a server, you found RPC, NFS, and mount services running on it. During the investigation, you were told
that NFS Shares were mentioned in the /etc/exports list of the NFS server. Based on this information, which among the
following commands would you issue to view the NFS Shares running on the server?
A. showmount
B. nfsenum
C. mount
D. rpcinfo
Correct Answer: A

QUESTION 8
Which of the following external pen testing tests reveals information on price, usernames and passwords, sessions,
URL characters, special instructors, encryption used, and web page behaviors?

ECSAV10 exam questions-q8

A. Check for Directory Consistency and Page Naming Syntax of the Web Pages
B. Examine Server Side Includes (SSI)
C. Examine Hidden Fields
D. Examine E-commerce and Payment Gateways Handled by the Web Server
Correct Answer: C

QUESTION 9
What are the security risks of running a “repair” installation for Windows XP?
A. There are no security risks when running the “repair” installation for Windows XP
B. Pressing Shift+F1 gives the user administrative rights
C. Pressing Ctrl+F10 gives the user administrative rights
D. Pressing Shift+F10 gives the user administrative rights
Correct Answer: D


QUESTION 10
Robert is a network admin in XYZ Inc. He deployed a Linux server in his enterprise network and wanted to share some
critical and sensitive files that are present in the Linux server with his subordinates. He wants to set the file access
permissions using chmod command in such a way that his subordinates can only read/view the files but cannot edit or
delete the files.
Which of the following chmod commands can Robert use in order to achieve his objective?
A. chmod 666
B. chmod 644
C. chmod 755
D. chmod 777
Correct Answer: B


QUESTION 11
A wireless intrusion detection system (WIDS) monitors the radio spectrum for the presence of unauthorized, rogue
access points and the use of wireless attack tools.
The system monitors the radio spectrum used by wireless LANs, and immediately alerts a systems administrator
whenever a rogue access point is detected. Conventionally it is achieved by comparing the MAC address of the
participating
wireless devices.
Which of the following attacks can be detected with the help of a wireless intrusion detection system (WIDS)?

ECSAV10 exam questions-q11

A. Social engineering
B. SQL injection
C. Parameter tampering
D. Man-in-the-middle attack
Correct Answer: D


QUESTION 12
Watson works as a Penetrating test engineer at Neo security services. The company found its wireless network
operating in an unusual manner, with signs that a possible cyber attack might have happened. Watson was asked to
resolve this
problem. Watson starts a wireless penetrating test, with the first step of discovering wireless networks by war-driving.
After several thorough checks, he identifies that there is some problem with rogue access points and resolves it.
Identifying
rogue access points involves a series of steps.
Which of the following arguments is NOT valid when identifying the rogue access points?
A. If a radio media type used by any discovered AP is not present in the authorized list of media types, it is considered
as a rogue AP
B. If any new AP which is not present in the authorized list of APs is detected, it would be considered as a rogue AP
C. If the radio channel used by any discovered AP is not present in the authorized list of channels, it is considered as a
rogue AP
D. If the MAC of any discovered AP is present in the authorized list of MAC addresses, it would be considered as a
rogue AP
Correct Answer: D


QUESTION 13
In which of the following IDS evasion techniques does IDS reject the packets that an end system accepts?
A. IPS evasion technique
B. IDS evasion technique
C. UDP evasion technique
D. TTL evasion technique
Correct Answer: D

Pass4itsure EC-COUNCIL dumps discount code 2021 free share

Pass4itsure EC-COUNCIL dumps discount code 2021

The last sentence:

This blog shares the latest EC-COUNCIL ECSAV10 exam questions, and answers! EC-COUNCIL ECSAV10 pdf, EC-COUNCIL ECSAV10 exam video! Get full Pass4itsure 100% pass & stable EC-COUNCIL ECSAV10 dumps!

ps.

Latest update EC-COUNCIL ECSAV10 exam dumps: https://www.pass4itsure.com/ecsav10.html
[PDF] Free EC-COUNCIL ECSAV10 pdf: https://drive.google.com/file/d/1Nu1rnMTr6bTRMY948UR9U3FqO7acPamz/view?usp=sharing

A best online resource to prepare for the EC-COUNCIL 312-50V11 exam: latest 312-50V11 practice test. The latest 312-50V11 exam dumps pdf. Pass4itsure full 312-50V11 dumps https://www.pass4itsure.com/312-50v11.html (Total Questions: 373 Q&A 312-50V11 Dumps Pdf) can help you pass your first exam!

New 2021 EC-COUNCIL 312-50V11 dumps pdf from google drive (Update Questions)

Welcome to download [free questions] EC-COUNCIL 312-50V11 dumps pdf https://drive.google.com/file/d/1nuiYlaZx9Jihzs2qkX0ViDatSLG6q0QZ/view?usp=sharing

EC-COUNCIL 312-50V11 practice test questions from Youtube

New EC-COUNCIL 312-50V11 exam practice questions(q1-q13)

QUESTION 1
Which regulation defines security and privacy controls for federal information systems and organizations?
A. HIPAA
B. EU Safe Harbor
C. PCI-DSS
D. NIST-800-53
Correct Answer: D


QUESTION 2
The “Gray-box testing” methodology enforces what kind of restriction?
A. Only the external operation of a system is accessible to the tester.
B. The internal operation of a system in only partly accessible to the tester.
C. Only the internal operation of a system is known to the tester.
D. The internal operation of a system is completely known to the tester.
Correct Answer: B


QUESTION 3
By using a smart card and pin, you are using a two-factor authentication that satisfies
A. Something you are and something you remember
B. Something you have and something you know
C. Something you know and something you are
D. Something you have and something you are
Correct Answer: B

QUESTION 4
You need to deploy a new web-based software package for your organization. The package requires three separate
servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?
A. All three servers need to be placed internally
B. A web server facing the Internet, an application server on the internal network, a database server on the internal
network
C. A web server and the database server facing the Internet, an application server on the internal network
D. All three servers need to face the Internet so that they can communicate between themselves
Correct Answer: B


QUESTION 5
Which system consists of a publicly available set of databases that contain domain name registration contact
information?
A. WHOIS
B. CAPTCHA
C. IANA
D. IETF
Correct Answer: A

QUESTION 6
Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?
A. Nikto
B. John the Ripper
C. Dsniff
D. Snort
Correct Answer: A


QUESTION 7
env x=’(){ :;};echo exploit’ bash –c ‘cat/etc/passwd’
What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?
A. Removes the passwd file
B. Changes all passwords in passwd
C. Add new user to the passwd file
D. Display passwd content to prompt
Correct Answer: D


QUESTION 8
To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be
used to randomly generate invalid input in an attempt to crash the program.
What term is commonly used when referring to this type of testing?
A. Randomizing
B. Bounding
C. Mutating
D. Fuzzing
Correct Answer: D


QUESTION 9
A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been
enabled on the system. What is the first step that the bank should take before enabling the audit feature?
A. Perform a vulnerability scan of the system.
B. Determine the impact of enabling the audit feature.
C. Perform a cost/benefit analysis of the audit feature.
D. Allocate funds for staffing of audit log review.
Correct Answer: B

QUESTION 10
Which of the following is the structure designed to verify and authenticate the identity of individuals within the enterprise
taking part in a data exchange?
A. SOA
B. biometrics
C. single sign on
D. PKI
Correct Answer: D


QUESTION 11
What does a firewall check to prevent particular ports and applications from getting packets into an organization?
A. Transport layer port numbers and application layer headers
B. Presentation layer headers and the session layer port numbers
C. Network layer headers and the session layer port numbers
D. Application layer port numbers and the transport layer headers
Correct Answer: A


QUESTION 12
Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen
service call interruptions when they are being run?
A. Macro virus
B. Stealth/Tunneling virus
C. Cavity virus
D. Polymorphic virus
Correct Answer: B

QUESTION 13
If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is
unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get
a response from a host using TCP?
A. Traceroute
B. Hping
C. TCP ping
D. Broadcast ping
Correct Answer: B

Pass4itsure EC-COUNCIL dumps discount code 2021 free share

Pass4itsure EC-COUNCIL dumps discount code 2021

The last sentence:

This blog shares the latest EC-COUNCIL 312-50V11 exam questions, and answers! EC-COUNCIL 312-50V11 pdf, EC-COUNCIL 312-50V11 exam video! Get full Pass4itsure 100% pass & stable EC-COUNCIL 312-50V11 dumps!

ps.

Latest update EC-COUNCIL 312-50V11 exam dumps: https://www.pass4itsure.com/312-50v11.html
[PDF] Free EC-COUNCIL 312-50V11 pdf: https://drive.google.com/file/d/1nuiYlaZx9Jihzs2qkX0ViDatSLG6q0QZ/view?usp=sharing

A best online resource to prepare for the EC-COUNCIL 212-89 exam: latest 212-89 practice test. The latest 212-89 exam dumps pdf. Pass4itsure full 212-89 dumps https://www.pass4itsure.com/212-89.html (Total Questions: 163 Q&A 212-89 Dumps Pdf) can help you pass your first exam!

New 2021 EC-COUNCIL 212-89 dumps pdf from google drive (Update Questions)

Welcome to download [free questions] EC-COUNCIL 212-89 dumps pdf https://drive.google.com/file/d/1Pa2Mz5YTpmHWw7RtD_lXMgR51lOtY85h/view?usp=sharing

EC-COUNCIL 212-89 practice test questions from Youtube

New EC-COUNCIL 212-89 exam practice questions(q1-q13)

QUESTION 1
___________________ record(s) user\\’s typing.
A. Spyware
B. adware
C. Virus
D. Malware
Correct Answer: A


QUESTION 2
The role that applies appropriate technology and tries to eradicate and recover from the incident is known as:
A. Incident Manager
B. Incident Analyst
C. Incident Handler
D. Incident coordinator
Correct Answer: B


QUESTION 3
Risk management consists of three processes, risk assessment, mitigation, and evaluation. The risk assessment determines
the extent of the potential threat and the risk associated with an IT system through its SDLC. How many primary steps
does NIST\\’s risk assessment methodology involve?
A. Twelve
B. Four
C. Six
D. Nine
Correct Answer: D

QUESTION 4
The steps followed to recover computer systems after an incident are:
A. System restoration, validation, operation and monitoring
B. System restoration, operation, validation, and monitoring
C. System monitoring, validation, operation and restoration
D. System validation, restoration, operation and monitoring
Correct Answer: A


QUESTION 5
CERT members can provide critical support services to first responders such as:
A. Immediate assistance to victims
B. Consolidated automated service process management platform
C. Organizing spontaneous volunteers at a disaster site
D. A + C
Correct Answer: D


QUESTION 6
Computer Forensics is the branch of forensic science in which legal evidence is found in any computer or any digital
media device. Of the following, who is responsible for examining the evidence acquired and separating the useful
evidence?
A. Evidence Supervisor
B. Evidence Documenter
C. Evidence Manager
D. Evidence Examiner/ Investigator
Correct Answer: D

QUESTION 7
An incident is analyzed for its nature, intensity and its effects on the network and systems. Which stage of the incident
response and handling process involves auditing the system and network log files?
A. Incident recording
B. Reporting
C. Containment
D. Identification
Correct Answer: D


QUESTION 8
An audit trail policy collects all audit trails such as series of records of computer events, about an operating system,
application or user activities. Which of the following statements is NOT true for an audit trail policy:
A. It helps calculating intangible losses to the organization due to incident
B. It helps tracking individual actions and allows users to be personally accountable for their actions
C. It helps in compliance to various regulatory laws, rules,and guidelines
D. It helps in reconstructing the events after a problem has occurred
Correct Answer: A


QUESTION 9
Which of the following is NOT one of the techniques used to respond to insider threats:
A. Placing malicious users in quarantine network, so that attack cannot be spread
B. Preventing malicious users from accessing unclassified information
C. Disabling the computer systems from network connection
D. Blocking malicious user accounts
Correct Answer: B

QUESTION 10
Which of the following is NOT one of the common techniques used to detect Insider threats:
A. Spotting an increase in their performance
B. Observing employee tardiness and unexplained absenteeism
C. Observing employee sick leaves
D. Spotting conflicts with supervisors and coworkers
Correct Answer: A


QUESTION 11
The USB tool (depicted below) that is connected to a male USB Keyboard cable and not detected by anti-spyware tools
is most likely called:

212-89 exam questions-q11

A. Software Key Grabber
B. Hardware Keylogger
C. USB adapter
D. Anti-Keylogger
Correct Answer: B

QUESTION 12
In which of the steps of NIST\\’s risk assessment methodology are the boundary of the IT system, along with the
resources and the information that constitute the system identified?
A. Likelihood Determination
B. Control recommendation
C. System characterization
D. Control analysis
Correct Answer: C


QUESTION 13
The service organization that provides 24×7 computer security incident response services to any user, company,
the government agency or organization is known as:
A. Computer Security Incident Response Team CSIRT
B. Security Operations Center SOC
C. Digital Forensics Examiner
D. Vulnerability Assessor
Correct Answer: A

 

Pass4itsure EC-COUNCIL dumps discount code 2021 free share

Pass4itsure EC-COUNCIL dumps discount code 2021

The last sentence:

This blog shares the latest EC-COUNCIL 212-89 exam questions, and answers! EC-COUNCIL 212-89 pdf, EC-COUNCIL 212-89 exam video! Get full Pass4itsure 100% pass & stable EC-COUNCIL 212-89 dumps!

ps.

Latest update EC-COUNCIL 212-89 exam dumps: https://www.pass4itsure.com/212-89.html
[PDF] Free EC-COUNCIL 212-89 pdf: https://drive.google.com/file/d/1Pa2Mz5YTpmHWw7RtD_lXMgR51lOtY85h/view?usp=sharing