EC-Council Certified Security Analyst (ECSA) V10 (412-79v10) Free Practice Test

Question 1

You work as an IT security auditor hired by a law firm in Boston. You have been assigned the responsibility to audit the client for security risks. When assessing the risk to the clients network, what step should you take first?

A. Analyzing the use of existing management and control architecture

B. Analyzing, categorizing and prioritizing resources

C. Checking for a written security policy

D. Evaluating the existing perimeter and internal security

Correct Answer: C

Question 2

Identify the correct formula for Return on Investment (ROI).

A. ROI = (Expected Returns Cost of Investment) / Cost of Investment

B. ROI = ((Expected Returns + Cost of Investment) / Cost of Investment) * 100

C. ROI = (Expected Returns + Cost of Investment) / Cost of Investment

D. ROI = ((Expected Returns - Cost of Investment) / Cost of Investment) * 100

Correct Answer: A

Question 3

Which one of the following scans starts, but does not complete the TCP handshake sequence for each port selected, and it works well for direct scanning and often works well through firewalls?

A. Connect() scan

B. XMAS Scan

C. SYN Scan

D. Null Scan

Correct Answer: C

Question 4

Kimberly is studying to be an IT security analyst at a vocational school in her town. The school offers many different programming as well as networking languages. What networking protocol language should she learn that routers utilize?

A. OSPF

B. BPG

C. ATM

D. UDP

Correct Answer: A

Question 5

Which one of the following architectures has the drawback of internally considering the hosted services individually?

A. Weak Screened Subnet Architecture

B. Strong Screened-Subnet Architecture

C. "Three-Homed Firewall" DMZ Architecture

D. "Inside Versus Outside" Architecture

Correct Answer: C

Question 6

Simon is a former employee of Trinitron XML Inc. He feels he was wrongly terminated and wants to hack into his former company's network. Since Simon remembers some of the server names, he attempts to run the AXFR and IXFR commands using DIG.
What is Simon trying to accomplish here?

A. Enumerate all the users in the domain

B. Send DOS commands to crash the DNS servers

C. Perform DNS poisoning

D. Perform a zone transfer

Correct Answer: D

Question 7

Mason is footprinting an organization to gather competitive intelligence. He visits the company's website for contact information and telephone numbers but does not find any. He knows the entire staff directory was listed on their website 12 months. How can he find the directory?

A. Visit the company's partners' and customers' website for this information

B. Use Way Back Machine in Archive.org web site to retrieve the Internet archive

C. Crawl and download the entire website using the Surfoffline tool and save them to his computer

D. Visit Google's search engine and view the cached copy

Correct Answer: B

Question 8

Which of the following defines the details of services to be provided for the client's organization and the list of services required for performing the test in the organization?

A. Draft

B. Report

C. Quotation

D. Requirement list

Correct Answer: C

Question 9

A penetration test will show you the vulnerabilities in the target system and the risks associated with it. An educated valuation of the risk will be performed so that the vulnerabilities can be reported as High/Medium/Low risk issues.

What are the two types of 'white-box' penetration testing?

A. Blind testing and unannounced testing

B. Announced testing and unannounced testing

C. Announced testing and blind testing

D. Blind testing and double blind testing

Correct Answer: B

Welcome to TestSimulate

EC-COUNCIL EC-Council Certified Security Analyst (ECSA) V10 (412-79v10) Free Practice Test