[Free] 2018(Jan) EnsurePass Dumpsleader ECCouncil ECSAv8 Dumps with VCE and PDF 1-10

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released ECSAv8
100% Free Download! 100% Pass Guaranteed!

EC-Council Certified Security Analyst (ECSA)

Question No: 1

Which one of the following is a supporting tool for 802.11 (wireless) packet injections, it spoofs 802.11 packets to verify whether the access point is valid or not?

  1. Airsnort

  2. Aircrack

  3. Airpwn

  4. WEPCrack

Answer: C

Question No: 2

During the process of fingerprinting a web application environment, what do you need to do in order to analyze HTTP and HTTPS request headers and the HTML source code?

  1. Examine Source of the Available Pages

  2. Perform Web Spidering

  3. Perform Banner Grabbing

  4. Check the HTTP and HTML Processing by the Browser

Answer: D

Question No: 3

The Web parameter tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. Usually, this information is stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control.

This attack takes advantage of the fact that many programmers rely on hidden or fixed fields (such as a hidden tag in a form or a parameter in a URL) as the only security measure for certain operations. Attackers can easily modify these parameters to bypass the security mechanisms that rely on them.

Ensurepass 2018 PDF and VCE

What is the best way to protect web applications from parameter tampering attacks?

  1. Validating some parameters of the web application

  2. Minimizing the allowable length of parameters

  3. Using an easily guessable hashing algorithm

  4. Applying effective input field filtering parameters

Answer: D

Question No: 4

In the process of hacking a web application, attackers manipulate the HTTP requests to subvert the application authorization schemes by modifying input fields that relate to the user ID, username, access group, cost, file names, file identifiers, etc. They first access the web application using a low privileged account and then escalate privileges to access protected resources. What attack has been carried out?

  1. XPath Injection Attack

  2. Authorization Attack

  3. Authentication Attack

  4. Frame Injection Attack

Answer: B

Reference: http://luizfirmino.blogspot.com/2011_09_01_archive.html (see authorization attack)

Question No: 5

Metasploit framework in an open source platform for vulnerability research, development, and penetration testing. Which one of the following metasploit options is used to exploit

multiple systems at once?

  1. NinjaDontKill

  2. NinjaHost

  3. RandomNops

  4. EnablePython

Answer: A

Question No: 6

A firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. It examines all traffic routed between the two networks to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped.

Ensurepass 2018 PDF and VCE

Why is an appliance-based firewall is more secure than those implemented on top of the commercial operating system (Software based)?

  1. Appliance based firewalls cannot be upgraded

  2. Firewalls implemented on a hardware firewall are highly scalable

  3. Hardware appliances does not suffer from security vulnerabilities associated with the underlying operating system

  4. Operating system firewalls are highly configured

Answer: C

Question No: 7

In the context of penetration testing, what does blue teaming mean?

Ensurepass 2018 PDF and VCE

  1. A penetration test performed with the knowledge and consent of the organization#39;s IT staff

  2. It is the most expensive and most widely used

  3. It may be conducted with or without warning

  4. A penetration test performed without the knowledge of the organization#39;s IT staff but with permission from upper management

Answer: A

Reference: https://www.sypriselectronics.com/information-security/cyber-security- solutions/computer-network-defense/

Question No: 8

Which of the following will not handle routing protocols properly?

  1. “Internet-router-firewall-net architecture”

  2. “Internet-firewall-router-net architecture”

  3. “Internet-firewall -net architecture”

  4. “Internet-firewall/router(edge device)-net architecture”

Answer: B

Question No: 9

Vulnerability assessment is an examination of the ability of a system or application, including current security procedures and controls, to withstand assault. It recognizes, measures, and classifies security vulnerabilities in a computer system, network, and communication channels.

A vulnerability assessment is used to identify weaknesses that could be exploited and predict the effectiveness of additional security measures in protecting information resources from attack.

Ensurepass 2018 PDF and VCE

Which of the following vulnerability assessment technique is used to test the web server infrastructure for any misconfiguration and outdated content?

  1. Passive Assessment

  2. Host-based Assessment

  3. External Assessment

  4. Application Assessment

Answer: D

Question No: 10

Which of the following password hashing algorithms is used in the NTLMv2 authentication mechanism?

  1. AES

  2. DES (ECB mode)

  3. MD5

  4. RC5

Answer: C

100% Ensurepass Free Download!
Download Free Demo:ECSAv8 Demo PDF
100% Ensurepass Free Guaranteed!
ECSAv8 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.