ECSA Exam Questions

Free ecsa practice questions and answers to pass free ecsa v9 exam questions. For ecsa certification practice questions free you must go through real exam. For that we provide Free ecsa practice exam real test. We discuss in these Free Examination for EC-Council Security Analyst (ECSA) test questions from different topics like ecsa questions, ecsa certification intensive review .

ecsa prep test

In this test you have to answer ecsa practice test free. To get pass ecsa exam practice test you must answers correct. So Enjoy these ecsa certification exam review to get enough knowledge for ecsa practice test attempt. You will get mock test answers after click submit button at bottom. If any question wrong just click on go back button to correct it. Easy Na!




Disclaimer:-
EC-Council Certified Security Analyst® (ECSA®) trademarks and/or service marks of EC-Council. EC-Council does not endorse and is not affiliated in any way with Test-Questions.com or its products and services.

Practice ECSA Exam

sample ecsa questions ecsa v9 exam practice questions


Q:1-Amazon Consulting Corporation provides penetration testing and managed security services to companies. Legality and regulatory compliance is one of the important components in conducting a successful security audit.
Before starting a test, one of the agreements both the parties need to sign relates to limitations, constraints, liabilities, code of conduct, and indemnification considerations between the parties.
05-01 ec-council ecsa
Which agreement requires a signature from both the parties (the penetration tester and the company)?

Mark one answer:

Non-disclosure agreement
Client fees agreement
Rules of engagement agreement
Confidentiality agreement



Q:2-John, a penetration tester from a pen test firm, was asked to collect information about the host file in a Windows system directory. Which of the following is the location of the host file in Window system directory?
Mark one answer:

C:\Windows\System32\Boot
C:\WINNT\system32\drivers\etc
C:\WINDOWS\system32\cmd.exe
C:\Windows\System32\restore


Q:3-Which of the following policies states that the relevant application owner must authorize requests for additional access to specific business applications in writing to the IT Department/resource?
Mark one answer:

Special-Access Policy
User Identification and Password Policy
Personal Computer Acceptable Use Policy
User-Account Policy


Q:4-Which one of the following tools of trade is a commercial shellcode and payload generator written in Python by Dave Aitel?
Mark one answer:

Microsoft Baseline Security Analyzer (MBSA)
CORE Impact
Canvas
Network Security Analysis Tool (NSAT)


Q:5-Identify the type of authentication mechanism represented below:
05-05 ec-council ecsa
Mark one answer:

NTLMv1
NTLMv2
LAN Manager Hash
Kerberos


test-questions.com

Q:6-Network scanning is used to identify the available network resources. Which one of the following is also known as a half-open scan, because a full TCP connection is never completed and it is used to determine which ports are open and listening on a target device?
Mark one answer:

SYN Scan
TCP Connect Scan
XMAS Scan
Null Scan


Q:7-External penetration testing is a traditional approach to penetration testing and is more focused on the servers, infrastructure and the underlying software comprising the target. It involves a comprehensive analysis of publicly available information about the target, such as Web servers, Mail servers, Firewalls, and Routers.
05-07 ec-council ecsa
Which of the following types of penetration testing is performed with no prior knowledge of the site?

Mark one answer:

Blue box testing
White box testing
Grey box testing
Black box testing


Q:8-John, the penetration tester in a pen test firm, was asked to find whether NTP services are opened on the target network (10.0.0.7) using Nmap tool.
05-08 ec-council ecsa
Which one of the following Nmap commands will he use to find it?

Mark one answer:

nmap -sU –p 389 10.0.0.7
nmap -sU –p 123 10.0.0.7
nmap -sU –p 161 10.0.0.7
nmap -sU –p 135 10.0.0.7


Q:9-Which of the following is NOT related to the Internal Security Assessment penetration testing strategy?
Mark one answer:

Testing to provide a more complete view of site security
Testing focused on the servers, infrastructure, and the underlying software, including the target
Testing including tiers and DMZs within the environment, the corporate network, o partner company connections
Testing performed from a number of network access points representing each logical and physical segment


Q:10-A chipset is a group of integrated circuits that are designed to work together and are usually marketed as a single product.” It is generally the motherboard chips or the chips used on the expansion card. Which one of the following is well supported in most wireless applications?
Mark one answer:

Orinoco chipsets
Prism II chipsets
Atheros Chipset
Cisco chipset



Free        Premium    


ecsa practice tests ecsa v9 exam sample questions