ECSA Study Guide and Practice Questions

Free ecsa exam practice questions to pass ecsa v9 exam wample questions. For free online ecsa training sample questions you must go through real exam. For that we provide ecsa exam practice questions real test. We discuss in these EC-Council Security Analyst (ECSA) from different topics like ecsa online course, ecsa review course online .

ecsa exam questions free download

In this test you have to answer ecsa review course individual self study. To get pass ecsa certification exam you must answers correct. So Enjoy these ecsa preparation course to get enough knowledge for ecsa book pdf attempt. You will get mock test answers after click submit button at bottom. If any question wrong just click on go back button to correct it. Easy Na!




Disclaimer:-
EC-Council Certified Security Analyst® (ECSA®) trademarks and/or service marks of EC-Council. EC-Council does not endorse and is not affiliated in any way with Test-Questions.com or its products and services.

ECSA Questions And Answers Download

ecsa sample papers ecsa v9 exam preparation


Q:1-Identify the injection attack represented in the diagram below:
03-01 ec-council ecsa
Mark one answer:

XPath Injection Attack
XML Request Attack
XML Injection Attack
Frame Injection Attack



Q:2-Which of the following protocols cannot be used to filter VoIP traffic?
Mark one answer:

Media Gateway Control Protocol (MGCP)
Real-time Transport Control Protocol (RTCP)
Session Description Protocol (SDP)
Real-Time Publish Subscribe (RTPS)


Q:3-You have compromised a lower-level administrator account on an Active Directory network of a small company in Dallas, Texas. You discover Domain Controllers through enumeration. You connect to one of the Domain Controllers on port 389 using Idp.exe. What are you trying to accomplish here?
Mark one answer:

Poison the DNS records with false records
Enumerate MX and A records from DNS
Establish a remote connection to the Domain Controller
Enumerate domain user accounts and built-in groups


Q:4-Phishing is typically carried out by email spoofing or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
03-04 ec-council ecsa
What characteristics do phishing messages often have that may make them identifiable?

Mark one answer:

Invalid email signatures or contact information
Suspiciously good grammar and capitalization
They trigger warning pop-ups
Suspicious attachments


Q:5-Which one of the following Snort logger mode commands is associated to run a binary log file through Snort in sniffer mode to dump the packets to the screen?
Mark one answer:

./snort -dvr packet.log icmp
./snort -dev -l ./log
./snort -dv -r packet.log
./snort -l ./log –b


test-questions.com

Q:6-Mason is footprinting an organization to gather competitive intelligence. He visits the company's website for contact information and telephone numbers but does not find any. He knows the entire staff directory was listed on their website 12 months. How can he find the directory?
Mark one answer:

Visit Google’s search engine and view the cached copy
Crawl and download the entire website using the Surfoffline tool and save them to his computer
Visit the company's partners’ and customers' website for this information
Use WayBackMachine in Archive.org web site to retrieve the Internet archive


Q:7-Which of the following external pen testing tests reveals information on price, usernames and passwords, sessions, URL characters, special instructors, encryption used, and web page behaviors?
03-07 ec-council ecsa
picture 03-07 Mark one answer:

Check for Directory Consistency and Page Naming Syntax of the Web Pages
Examine Server Side Includes (SSI)
Examine Hidden Fields
Examine E-commerce and Payment Gateways Handled by the Web Server


Q:8-Which of the following is not a characteristic of a firewall?
Mark one answer:

Manages public access to private networked resources
Routes packets between the networks
Examines all traffic routed between the two networks to see if it meets certain criteria
Filters only inbound traffic but not outbound traffic


Q:9-Wireshark is a network analyzer. It reads packets from the network, decodes them, and presents them in an easy-to-understand format. Which one of the following is the command-line version of Wireshark, which can be used to capture the live packets from the wire or to read the saved capture files?
Mark one answer:

Tcpdump
Capinfos
Tshark
Idl2wrs


Q:10-Which one of the following acts related to the information security in the US fix the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting?
Mark one answer:

California SB 1386
Sarbanes-Oxley 2002
Gramm-Leach-Bliley Act (GLBA)
USA Patriot Act 2001



Free        Premium    


ecsa exam practice questions pdf ecsa v9 questions and answers pdf