[Free] 2018(Jan) EnsurePass Dumpsleader ECCouncil ECSAv8 Dumps with VCE and PDF 41-50

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released ECSAv8
100% Free Download! 100% Pass Guaranteed!

EC-Council Certified Security Analyst (ECSA)

Question No: 41

Black-box testing is a method of software testing that examines the functionality of an application (e.g. what the software does) without peering into its internal structures or workings. Black-box testing is used to detect issues in SQL statements and to detect SQL injection vulnerabilities.

Ensurepass 2018 PDF and VCE

Most commonly, SQL injection vulnerabilities are a result of coding vulnerabilities during the Implementation/Development phase and will likely require code changes.

Pen testers need to perform this testing during the development phase to find and fix the SQL injection vulnerability.

What can a pen tester do to detect input sanitization issues?

  1. Send single quotes as the input data to catch instances where the user input is not sanitized

  2. Send double quotes as the input data to catch instances where the user input is not sanitized

  3. Send long strings of junk data, just as you would send strings to detect buffer overruns

  4. Use a right square bracket (the “]” character) as the input data to catch instances where the user input is used as part of a SQL identifier without any input sanitization

Answer: D

Question No: 42

Traceroute is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network. It sends a sequence of three Internet Control Message Protocol (ICMP) echo request packets addressed to a destination host.

The time-to-live (TTL) value, also known as hop limit, is used in determining the intermediate routers being traversed towards the destination.

Ensurepass 2018 PDF and VCE

During routing, each router reduces packets#39; TTL value by

  1. 3

  2. 1

  3. 4

  4. 2

Answer: B

Reference: http://www.packetu.com/2009/10/09/traceroute-through-the-asa/

Question No: 43

Network scanning is used to identify the available network resources. Which one of the following is also known as a half-open scan, because a full TCP connection is never completed and it is used to determine which ports are open and listening on a target device?

  1. SYN Scan

  2. TCP Connect Scan

  3. XMAS Scan

  4. Null Scan

Answer: A

Question No: 44

Identify the person who will lead the penetration-testing project and be the client point of contact.

  1. Database Penetration Tester

  2. Policy Penetration Tester

  3. Chief Penetration Tester

  4. Application Penetration Tester

Answer: C

Reference: http://www.scribd.com/doc/133635286/LPTv4-Module-15-Pre-Penetration- Testing-Checklist-NoRestriction (page 15)

Question No: 45

An antenna is a device that is designed to transmit and receive the electromagnetic waves that are generally called radio waves. Which one of the following types of antenna is developed from waveguide technology?

  1. Leaky Wave Antennas

  2. Aperture Antennas

  3. Reflector Antenna

  4. Directional Antenna

Answer: B

Question No: 46

The first phase of the penetration testing plan is to develop the scope of the project in consultation with the client. Pen testing test components depend on the client’s operating environment, threat perception, security and compliance requirements, ROE, and budget. Various components need to be considered for testing while developing the scope of the


Ensurepass 2018 PDF and VCE

Which of the following is NOT a pen testing component to be tested?

  1. System Software Security

  2. Intrusion Detection

  3. Outside Accomplices

  4. Inside Accomplices

Answer: C

Question No: 47

Which of the following scan option is able to identify the SSL services?

  1. -sS

  2. -sV

  3. -sU

  4. -sT

Answer: B

Reference: https://www.owasp.org/index.php/Testing_for_SSL-TLS_(OWASP-CM-001) (blackbox test and example, second para)

Question No: 48

Transmission Control Protocol (TCP) is a connection-oriented four layer protocol. It is responsible for breaking messages into segments, re-assembling them at the destination station, and re-sending. Which one of the following protocols does not use the TCP?

  1. Reverse Address Resolution Protocol (RARP)

  2. HTTP (Hypertext Transfer Protocol)

  3. SMTP (Simple Mail Transfer Protocol)

  4. Telnet

Answer: A

Question No: 49

Identify the policy that defines the standards for the organizational network connectivity and security standards for computers that are connected in the organizational network.

  1. Information-Protection Policy

  2. Special-Access Policy

  3. Remote-Access Policy

  4. Acceptable-Use Policy

Answer: C

Question No: 50

Which of the following documents helps in creating a confidential relationship between the pen tester and client to protect critical and confidential information or trade secrets?

  1. Penetration Testing Agreement

  2. Rules of Behavior Agreement

  3. Liability Insurance

  4. Non-Disclosure Agreement

Answer: D

100% Ensurepass Free Download!
Download Free Demo:ECSAv8 Demo PDF
100% Ensurepass Free Guaranteed!
ECSAv8 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.