Get ready to qualify EC-COUNCIL ECSA V10 exam with the latest and updated ECSAV10 practice exam. Try the ECSAV10 free practice test is here! Best practice (Pass4itSure ECSAV10 exam dumps https://www.pass4itsure.com/ecsav10.html) for your ECSAV10 certification by Pass4itSure.com.
Download EC-COUNCIL ECSAV10 pdf
[free questions] EC-COUNCIL ECSAV10 pdf 100% free from Google Drive https://drive.google.com/file/d/1USnf_05TZ9wzxsT-v8f5pyWvUlBeMVjG/view?usp=sharing
EC-COUNCIL ECSAV10 exam practice questions(q1-q13)
QUESTION 1
Nancy Jones is a network admin at Society Technology Ltd. When she is trying to send data packets from
one network (Token-ring) to another network (Ethernet), she receives an error message stating:
\\’Destination unreachable\\’
What is the reason behind this?
A. Packet is lost
B. Packet fragmentation is required
C. Packet contains image data
D. Packet transmission is not done properly
Correct Answer: D
QUESTION 2
Jessica works as systems administrator for a large electronics firm. She wants to scan her network quickly to detect live
hosts by using ICMP ECHO Requests. What type of scan is Jessica going to perform?
A. Smurf scan
B. Tracert
C. Ping trace
D. ICMP ping sweep
Correct Answer: D
QUESTION 3
Thomas is an attacker and he skimmed through the HTML source code of an online shopping website for the presence
of any vulnerabilities that he can exploit. He already knows that when a user makes any selection of items in the online
shopping webpage, the selection is typically stored as form field values and sent to the application as an HTTP request
(GET or POST) after clicking the Submit button. He also knows that some fields related to the selected items are
modifiable by the user (like quantity, color, etc.) and some are not (like price). While skimming through the HTML code,
he identified that the price field values of the items are present in the HTML code. He modified the price field values of
certain items from $200 to $2 in the HTML code and submitted the request successfully to the application. Identify the
type of attack performed by Thomas on the online shopping website?
A. Session poisoning attack
B. Hidden field manipulation attack
C. HTML embedding attack
D. XML external entity attack
Correct Answer: C
QUESTION 4
SecInfo is a leading cyber security provider who recently hired Andrew, a security analyst. He was assigned the task of
identifying vulnerabilities in the NFC devices by performing an attack on them. In this process, he was present with his
device in the close proximity with the NFC devices that are sharing data so that he can eavesdrop on the data and at
the same time block the transmission to the receiver. He then manipulated the captured data and further relayed the
data to the receiver. Identify the type of attack performed by Andrew on the target NFC devices?
A. Ticket cloning
B. MITM attack
C. DoS attack
D. Virus attack
Correct Answer: B
QUESTION 5
You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive
information about the company clients. You have rummaged through their trash and found very little information. You do
not want to set off any alarms on their network, so you plan on performing passive foot printing against their Web
servers. What tool should you use?
A. Nmap
B. Netcraft
C. Ping sweep
D. Dig
Correct Answer: B
QUESTION 6
A recent study from HyThech Technologies found that three of the most popular websites are having most commonly
exploitable flaw in their web applications. Using this vulnerability, an attacker may inject malicious code that can be
executed on a user\\’s machine. Also, the study revealed that most sensitive target of this vulnerability is stealing
session cookies. This helps attackers to duplicate the user session and access anything the user can perform on a
website like manipulating personal information, creating fake social media posts, stealing credit card information and
performing unauthorized financial transactions, etc. Identify the vulnerability revealed by HyThech Technologies?
A. DoS vulnerability
B. Buffer overflow vulnerability
C. Insecure decentralization vulnerability
D. XSS vulnerability
Correct Answer: D
QUESTION 7
Christen is a renowned SQL penetration testing specialist in the US. A multinational ecommerce company hired him to
check for vulnerabilities in the SQL database. Christen wanted to perform SQL penetration testing on the database by
entering a massive amount of data to crash the web application of the company and discover coding errors that may
lead to a SQL injection attack. Which of the following testing techniques is Christen using?
A. Fuzz Testing
B. Stored Procedure Injection
C. Union Exploitation
D. Automated Exploitation
Correct Answer: A
QUESTION 8
The penetration testers are required to follow predefined standard frameworks in making penetration
testing reporting formats.
Which of the following standards does NOT follow the commonly used methodologies in penetration
testing?
A. National Institute of Standards and Technology (NIST)
B. Information Systems Security Assessment Framework (ISSAF)
C. Open Web Application Security Project (OWASP)
D. American Society for Testing Materials (ASTM)
Correct Answer: D
QUESTION 9
Which of the following pre-engagement documents identifies the systems to be tested, types of tests, and the depth of
the testing?
A. Draft Report
B. Letter of Intent
C. Rule of Engagement
D. Authorization Letter
Correct Answer: C
QUESTION 10
Which of the following is the objective of Gramm-Leach-Bliley Act?
A. To ease the transfer of financial information between institutions and banks
B. To protect the confidentiality, integrity, and availability of data
C. To set a new or enhanced standards for all U.S. public company boards, management and public accounting firms
D. To certify the accuracy of the reported financial statement
Correct Answer: A
QUESTION 11
Which one of the following acts related to the information security in the US fix the responsibility of management for
establishing and maintaining an adequate internal control structure and procedures for financial reporting?
A. California SB 1386
B. Sarbanes-Oxley 2002
C. Gramm-Leach-Bliley Act (GLBA)
D. USA Patriot Act 2001
Correct Answer: B
QUESTION 12
TCP/IP provides a broad range of communication protocols for the various applications on the network. The TCP/IP
model has four layers with major protocols included within each layer. Which one of the following protocols is used to
collect information from all the network devices?
A. Simple Network Management Protocol (SNMP)
B. Network File system (NFS)
C. Internet Control Message Protocol (ICMP)
D. Transmission Control Protocol (TCP)
Correct Answer: A
QUESTION 13
Which port does DHCP use for client connections?
A. UDP port 67
B. UDP port 68
C. UDP port 69
D. UDP port 66
Correct Answer: B
EC-COUNCIL Other Certifications
100% free EC-COUNCIL ECIH 212-89 practice test https://www.certificationvce.com/free-share-best-online-resource-ec-council-212-89-pdf-212-89-practice-test/
100% free EC-COUNCIL 312-50V11 practice test https://www.certificationvce.com/new-free-share-best-online-resource-ec-council-312-50v11-pdf-312-50v11-practice-test/
Pass4itsure EC-COUNCIL dumps discount code 2021
The last sentence:
This blog shares the latest EC-COUNCIL ECSAV10 practice questions! EC-COUNCIL ECSAV10 pdf! Get full Pass4itsure ECSAV10 dumps https://www.pass4itsure.com/ecsav10.html (Updated: Aug 01, 2021).