Pass4Test에서 출시한  ECSA ECSAv8 (EC-Council Certified Security Analyst (ECSA)) 시험덤프는 Pass4Test의 엘리트한 IT전문가들이 IT인증실제시험문제를 연구하여 제작한 최신버전 덤프입니다. ECSA ECSAv8 (EC-Council Certified Security Analyst (ECSA)) 덤프는 실제시험의 모든 범위를 커버하고 있어 시험통과율이 거의 100%에 달합니다. 제일 빠른 시간내에 덤프에 있는 문제만 잘 이해하고 기억하신다면 시험패스는 문제없습니다.

NO.1 John, the penetration tester in a pen test firm, was asked to find whether NTP services are
opened on the target network (10.0.0.7) using Nmap tool.
Which one of the following Nmap commands will he use to find it?
A. nmap -sU -p 389 10.0.0.7
B. nmap -sU -p 123 10.0.0.7
C. nmap -sU -p 161 10.0.0.7
D. nmap -sU -p 135 10.0.0.7
Answer: D

NO.2 You have compromised a lower-level administrator account on an Active Directory network of a
small company in Dallas, Texas. You discover Domain Controllers through enumeration. You connect
to one of the Domain Controllers on port 389 using Idp.exe. What are you trying to accomplish here?
A. Poison the DNS records with false records
B. Enumerate MX and A records from DNS
C. Establish a remote connection to the Domain Controller
D. Enumerate domain user accounts and built-in groups
Answer: D

NO.3 Which of the following defines the details of services to be provided for the client's organization
and the list of services required for performing the test in the organization?
A. Draft
B. Report
C. Requirement list
D. Quotation
Answer: D

NO.4 Which of the following attacks does a hacker perform in order to obtain UDDI information
such as businessEntity, businesService, bindingTemplate, and tModel?
A. Web Services Footprinting Attack
B. Service Level Configuration Attacks
C. URL Tampering Attacks
D. Inside Attacks
Answer: A

NO.5 The term social engineering is used to describe the various tricks used to fool people
(employees, business partners, or customers) into voluntarily giving away information that would not
normally be known to the general public.
What is the criminal practice of social engineering where an attacker uses the telephone system in an
attempt to scam the user into surrendering private information?
A. Phishing
B. Spoofing
C. Tapping
D. Vishing
Answer: A

NO.6 Attackers create secret accounts and gain illegal access to resources using backdoor while
bypassing the authentication procedures. Creating a backdoor is a where an attacker obtains remote
access to a computer on a network.
Which of the following techniques do attackers use to create backdoors to covertly gather critical
information about a target machine?
A. Internal network mapping to map the internal network of the target machine
B. Port scanning to determine what ports are open or in use on the target machine
C. Sniffing to monitor all the incoming and outgoing network traffic
D. Social engineering and spear phishing attacks to install malicious programs on the target machine
Answer: D

NO.7 An external intrusion test and analysis identify security weaknesses and strengths of the client's
systems and networks as they appear from outside the client's security perimeter, usually from the
Internet. The goal of an external intrusion test and analysis is to demonstrate the existence of known
vulnerabilities that could be exploited by an external attacker.
During external penetration testing, which of the following scanning techniques allow you to
determine a port's state without making a full connection to the host?
A. XMAS Scan
B. SYN scan
C. FIN Scan
D. NULL Scan
Answer: B

NO.8 In which of the following IDS evasion techniques does IDS reject the packets that an end system
accepts?
A. IPS evasion technique
B. IDS evasion technique
C. UDP evasion technique
D. TTL evasion technique
Answer: B