ECSAv10 Practice Test Questions - EC-Council Certified Security Analyst

  Edina  09-16-2019

Eccouncil ECSAv10 is the most famous and the most challenging IT certification exam. It is also much harder to achieve this exam. Here are the tips to prepare and pass EC-Council ECSAv10 exam at the first attempt. Passquestion new released EC-Council ECSAv10 Practice Test Questions to help you write your test and you are guaranteed to pass your ECSA V10 EC-Council Certified Security Analyst exam easily in your first time.

Content Updates For ECSA V10

The ECSA content updates reflect larger trends that focus on preparing and testing modern cyber security professionals for the most pressing cyber security challenges facing organizations.

The core of the content covered in the certification maps to government and industry frameworks. Version 10 content maps to the NICE 2.0 Framework, specifically the NICE Framework Analyze (AN) and Collect and Operate (CO) specialty area.

EC-Council Certified Security Analyst ECSA v10 Exam info:

Credit Towards Certification: ECSA v10
Number of Questions: 150
Passing Score: 70%
Test Duration: 4 Hours
Test Format: Multiple Choice

ECSA v10 Exam Outline

Module 00: Penetration Testing Essential Concepts (Self-Study)
Module 01: Introduction to Penetration Testing and Methodologies
Module 02: Penetration Testing Scoping and Engagement Methodology
Module 03: Open-Source Intelligence (OSINT) Methodology
Module 04: Social Engineering Penetration Testing Methodology
Module 05: Network Penetration Testing Methodology – External
Module 06: Network Penetration Testing Methodology – Internal
Module 07: Network Penetration Testing Methodology – Perimeter Devices
Module 08: Web Application Penetration Testing Methodology
Module 09: Database Penetration Testing Methodology
Module 10: Wireless Penetration Testing Methodology
Module 11: Cloud Penetration Testing Methodology
Module 12: Report Writing and Post Testing Actions

Download EC-Council ECSAv10 Practice Test Questions:

1.Irin is a newly joined penetration tester for XYZ Ltd. While joining, as a part of her training, she was instructed about various legal policies and information securities acts by her trainer. During the training, she was informed about a specific information security act related to the conducts and activities like it is illegal to perform DoS attacks on any websites or applications, it is illegal to supply and own hacking tools, it is illegal to access unauthorized computer material, etc. 
To which type of information security act does the above conducts and activities best suit?
A. Police and Justice Act 2006
B. Data Protection Act 1998
C. USA Patriot Act 2001
D. Human Rights Act 1998
Answer: B

2.Adam is an IT administrator for Syncan Ltd. He is designated to perform various IT tasks like setting up new user accounts, managing backup/restores, security authentications and passwords, etc. Whilst performing his tasks, he was asked to employ the latest and most secure authentication protocol to encrypt the passwords of users that are stored in the Microsoft Windows OS-based systems.
Which of the following authentication protocols should Adam employ in order to achieve the objective?
A. LANMAN
B. Kerberos
C. NTLM
D. NTLMv2
Answer: C

3.Michael, a Licensed Penetration Tester, wants to create an exact replica of an original website, so he can browse and spend more time analyzing it.
Which of the following tools will Michael use to perform this task?
A. VisualRoute
B. NetInspector
C. BlackWidow
D. Zaproxy
Answer: C

4.A hacker initiates so many invalid requests to a cloud network host that the host uses all its resources responding to invalid requests and ignores the legitimate requests. Identify the type of attack
A. Denial of Service (DoS) attacks
B. Side Channel attacks
C. Man-in-the-middle cryptographic attacks
D. Authentication attacks
Answer: A

5.Thomas is an attacker and he skimmed through the HTML source code of an online shopping website for the presence of any vulnerabilities that he can exploit. He already knows that when a user makes any selection of items in the online shopping webpage, the selection is typically stored as form field values and sent to the application as an HTTP request (GET or POST) after clicking the Submit button. He also knows that some fields related to the selected items are modifiable by the user (like quantity, color, etc.) and some are not (like price). While skimming through the HTML code, he identified that the price field values of the items are present in the HTML code. He modified the price field values of certain items from $200 to $2 in the HTML code and submitted the request successfully to the application. 
Identify the type of attack performed by Thomas on the online shopping website?
A. Session poisoning attack
B. Hidden field manipulation attack
C. HTML embedding attack
D. XML external entity attack
Answer: C

Leave And reply:

  TOP 50 Exam Questions
Exam