Pass4Test는 여러분이 ECSA ECSAv8 (EC-Council Certified Security Analyst (ECSA))시험 패스와 추후사업에 모두 도움이 되겠습니다.Pass4Test제품을 선택함으로 여러분은 시간과 돈을 절약하는 일석이조의 득을 얻을수 있습니다. ECSA ECSAv8 (EC-Council Certified Security Analyst (ECSA)) 인증시험패스는 아주 어렵습니다. 자기에 맞는 현명한 학습자료 선택은 성공의 지름길을 내딛는 첫발입니다. 퍼펙트한 자료만이 ECSA ECSAv8 (EC-Council Certified Security Analyst (ECSA))시험에서 성공할수 있습니다. Pass4Test시험문제와 답이야 말로 퍼펙트한 자료이죠. Pass4Test ECSA ECSAv8 (EC-Council Certified Security Analyst (ECSA))인증시험자료는 100% 패스보장을 드립니다.
NO.1 In which of the following IDS evasion techniques does IDS reject the
packets that an end system
packets that an end system
accepts?
A. IPS evasion technique
B. IDS
evasion technique
C. UDP evasion technique
D. TTL evasion
technique
Answer: B
NO.2 Attackers
create secret accounts and gain illegal access to resources using backdoor
while
bypassing the authentication procedures. Creating a backdoor is a where
an attacker obtains remote
access to a computer on a network.
Which of the
following techniques do attackers use to create backdoors to covertly gather
critical
information about a target machine?
A. Internal network mapping
to map the internal network of the target machine
B. Port scanning to
determine what ports are open or in use on the target machine
C. Sniffing to
monitor all the incoming and outgoing network traffic
D. Social engineering
and spear phishing attacks to install malicious programs on the target
machine
Answer: D
NO.3 An external intrusion test and analysis
identify security weaknesses and strengths of the client's
systems and
networks as they appear from outside the client's security perimeter, usually
from the
Internet. The goal of an external intrusion test and analysis is to
demonstrate the existence of known
vulnerabilities that could be exploited by
an external attacker.
During external penetration testing, which of the
following scanning techniques allow you to
determine a port's state without
making a full connection to the host?
A. XMAS Scan
B. SYN scan
C. FIN
Scan
D. NULL Scan
Answer: B
NO.4 What information can be collected
by dumpster diving?
A. Sensitive documents
B. Email messages
C.
Customer contact information
D. All the above
Answer: A
NO.5 From where can clues
about the underlying application environment can be collected?
A. From the
extension of the file
B. From executable file
C. From file types and
directories
D. From source code
Answer: D
NO.6 Which of the
following defines the details of services to be provided for the client's
organization
and the list of services required for performing the test in the
organization?
A. Draft
B. Report
C. Requirement list
D.
Quotation
Answer: D
NO.7 John, the penetration tester in a pen test
firm, was asked to find whether NTP services are
opened on the target network
(10.0.0.7) using Nmap tool.
Which one of the following Nmap commands will he
use to find it?
A. nmap -sU -p 389 10.0.0.7
B. nmap -sU -p 123
10.0.0.7
C. nmap -sU -p 161 10.0.0.7
D. nmap -sU -p 135
10.0.0.7
Answer: D
NO.8 You have compromised a lower-level
administrator account on an Active Directory network of a
small company in
Dallas, Texas. You discover Domain Controllers through enumeration. You
connect
to one of the Domain Controllers on port 389 using Idp.exe. What are
you trying to accomplish here?
A. Poison the DNS records with false
records
B. Enumerate MX and A records from DNS
C. Establish a remote
connection to the Domain Controller
D. Enumerate domain user accounts and
built-in groups
Answer: D
A. IPS evasion technique
B. IDS
evasion technique
C. UDP evasion technique
D. TTL evasion
technique
Answer: B
NO.2 Attackers
create secret accounts and gain illegal access to resources using backdoor
while
bypassing the authentication procedures. Creating a backdoor is a where
an attacker obtains remote
access to a computer on a network.
Which of the
following techniques do attackers use to create backdoors to covertly gather
critical
information about a target machine?
A. Internal network mapping
to map the internal network of the target machine
B. Port scanning to
determine what ports are open or in use on the target machine
C. Sniffing to
monitor all the incoming and outgoing network traffic
D. Social engineering
and spear phishing attacks to install malicious programs on the target
machine
Answer: D
NO.3 An external intrusion test and analysis
identify security weaknesses and strengths of the client's
systems and
networks as they appear from outside the client's security perimeter, usually
from the
Internet. The goal of an external intrusion test and analysis is to
demonstrate the existence of known
vulnerabilities that could be exploited by
an external attacker.
During external penetration testing, which of the
following scanning techniques allow you to
determine a port's state without
making a full connection to the host?
A. XMAS Scan
B. SYN scan
C. FIN
Scan
D. NULL Scan
Answer: B
NO.4 What information can be collected
by dumpster diving?
A. Sensitive documents
B. Email messages
C.
Customer contact information
D. All the above
Answer: A
NO.5 From where can clues
about the underlying application environment can be collected?
A. From the
extension of the file
B. From executable file
C. From file types and
directories
D. From source code
Answer: D
NO.6 Which of the
following defines the details of services to be provided for the client's
organization
and the list of services required for performing the test in the
organization?
A. Draft
B. Report
C. Requirement list
D.
Quotation
Answer: D
NO.7 John, the penetration tester in a pen test
firm, was asked to find whether NTP services are
opened on the target network
(10.0.0.7) using Nmap tool.
Which one of the following Nmap commands will he
use to find it?
A. nmap -sU -p 389 10.0.0.7
B. nmap -sU -p 123
10.0.0.7
C. nmap -sU -p 161 10.0.0.7
D. nmap -sU -p 135
10.0.0.7
Answer: D
NO.8 You have compromised a lower-level
administrator account on an Active Directory network of a
small company in
Dallas, Texas. You discover Domain Controllers through enumeration. You
connect
to one of the Domain Controllers on port 389 using Idp.exe. What are
you trying to accomplish here?
A. Poison the DNS records with false
records
B. Enumerate MX and A records from DNS
C. Establish a remote
connection to the Domain Controller
D. Enumerate domain user accounts and
built-in groups
Answer: D