인재도 많고 경쟁도 치열한 이 사회에서 IT업계 인재들은 인기가 아주 많습니다.하지만 팽팽한 경쟁률도 무시할 수 없습니다.많은 IT인재들도 어려운 인증시험을 패스하여 자기만의 자리를 지켜야만 합니다.우리 Pass4Test에서는 마침 전문적으로 이러한 IT인사들에게 편리하게 시험을 패스할수 있도록 유용한 자료들을 제공하고 있습니다.EC-COUNCIL ECSAv8인증은 아주 중요한 인증시험중의 하나입니다. Pass4Test의 EC-COUNCIL ECSAv8로 시험을 한방에 정복하세요.
NO.1 What information can be collected by dumpster diving?
A. Sensitive
documents
B. Email messages
C. Customer contact information
D. All the
above
Answer: A
NO.2 John, the penetration
tester in a pen test firm, was asked to find whether NTP services are
opened
on the target network (10.0.0.7) using Nmap tool.
Which one of the following
Nmap commands will he use to find it?
A. nmap -sU -p 389 10.0.0.7
B. nmap
-sU -p 123 10.0.0.7
C. nmap -sU -p 161 10.0.0.7
D. nmap -sU -p 135
10.0.0.7
Answer: D
NO.3 An external intrusion test and analysis
identify security weaknesses and strengths of the client's
systems and
networks as they appear from outside the client's security perimeter, usually
from the
Internet. The goal of an external intrusion test and analysis is to
demonstrate the existence of known
vulnerabilities that could be exploited by
an external attacker.
During external penetration testing, which of the
following scanning techniques allow you to
determine a port's state without
making a full connection to the host?
A. XMAS Scan
B. SYN scan
C. FIN
Scan
D. NULL Scan
Answer: B
NO.4 You have compromised a lower-level
administrator account on an Active Directory network of a
small company in
Dallas, Texas. You discover Domain Controllers through enumeration. You
connect
to one of the Domain Controllers on port 389 using Idp.exe. What are
you trying to accomplish here?
A. Poison the DNS records with false
records
B. Enumerate MX and A records from DNS
C. Establish a remote
connection to the Domain Controller
D. Enumerate domain user accounts and
built-in groups
Answer: D
NO.5 From where can clues about the
underlying application environment can be collected?
A. From the extension of
the file
B. From executable file
C. From file types and directories
D.
From source code
Answer: D
NO.6 Which of the following attacks does a
hacker perform in order to obtain UDDI information
such as businessEntity,
businesService, bindingTemplate, and tModel?
A. Web Services Footprinting
Attack
B. Service Level Configuration Attacks
C. URL Tampering
Attacks
D. Inside Attacks
Answer: A
NO.7 The term social engineering is used to describe the
various tricks used to fool people
(employees, business partners, or
customers) into voluntarily giving away information that would not
normally
be known to the general public.
What is the criminal practice of social
engineering where an attacker uses the telephone system in an
attempt to scam
the user into surrendering private information?
A. Phishing
B.
Spoofing
C. Tapping
D. Vishing
Answer: A
NO.8 Which of the following
defines the details of services to be provided for the client's
organization
and the list of services required for performing the test in the
organization?
A. Draft
B. Report
C. Requirement list
D.
Quotation
Answer: D
A. Sensitive
documents
B. Email messages
C. Customer contact information
D. All the
above
Answer: A
NO.2 John, the penetration
tester in a pen test firm, was asked to find whether NTP services are
opened
on the target network (10.0.0.7) using Nmap tool.
Which one of the following
Nmap commands will he use to find it?
A. nmap -sU -p 389 10.0.0.7
B. nmap
-sU -p 123 10.0.0.7
C. nmap -sU -p 161 10.0.0.7
D. nmap -sU -p 135
10.0.0.7
Answer: D
NO.3 An external intrusion test and analysis
identify security weaknesses and strengths of the client's
systems and
networks as they appear from outside the client's security perimeter, usually
from the
Internet. The goal of an external intrusion test and analysis is to
demonstrate the existence of known
vulnerabilities that could be exploited by
an external attacker.
During external penetration testing, which of the
following scanning techniques allow you to
determine a port's state without
making a full connection to the host?
A. XMAS Scan
B. SYN scan
C. FIN
Scan
D. NULL Scan
Answer: B
NO.4 You have compromised a lower-level
administrator account on an Active Directory network of a
small company in
Dallas, Texas. You discover Domain Controllers through enumeration. You
connect
to one of the Domain Controllers on port 389 using Idp.exe. What are
you trying to accomplish here?
A. Poison the DNS records with false
records
B. Enumerate MX and A records from DNS
C. Establish a remote
connection to the Domain Controller
D. Enumerate domain user accounts and
built-in groups
Answer: D
NO.5 From where can clues about the
underlying application environment can be collected?
A. From the extension of
the file
B. From executable file
C. From file types and directories
D.
From source code
Answer: D
NO.6 Which of the following attacks does a
hacker perform in order to obtain UDDI information
such as businessEntity,
businesService, bindingTemplate, and tModel?
A. Web Services Footprinting
Attack
B. Service Level Configuration Attacks
C. URL Tampering
Attacks
D. Inside Attacks
Answer: A
NO.7 The term social engineering is used to describe the
various tricks used to fool people
(employees, business partners, or
customers) into voluntarily giving away information that would not
normally
be known to the general public.
What is the criminal practice of social
engineering where an attacker uses the telephone system in an
attempt to scam
the user into surrendering private information?
A. Phishing
B.
Spoofing
C. Tapping
D. Vishing
Answer: A
NO.8 Which of the following
defines the details of services to be provided for the client's
organization
and the list of services required for performing the test in the
organization?
A. Draft
B. Report
C. Requirement list
D.
Quotation
Answer: D