IT인증자격증은 여느때보다 강렬한 경쟁율을 보이고 있습니다. EC-COUNCIL ECSAv8시험을 통과하시면 취직 혹은 승진이나 연봉협상에 많은 도움이 되어드릴수 있습니다. EC-COUNCIL ECSAv8시험이 어려워서 통과할 자신이 없다구요? Pass4Test덤프만 있으면 이런 고민은 이제 그만 하지않으셔도 됩니다. Pass4Test에서 출시한 EC-COUNCIL ECSAv8덤프는 시장에서 가장 최신버전입니다.
NO.1 Attackers create secret accounts and gain illegal access to resources using backdoor while
bypassing the authentication procedures. Creating a backdoor is a where an attacker obtains remote
access to a computer on a network.
Which of the following techniques do attackers use to create backdoors to covertly gather critical
information about a target machine?
A. Internal network mapping to map the internal network of the target machine
B. Port scanning to determine what ports are open or in use on the target machine
C. Sniffing to monitor all the incoming and outgoing network traffic
D. Social engineering and spear phishing attacks to install malicious programs on the target machine
Answer: D
NO.2 Application security assessment is one of the activity that a pen tester performs in the attack
phase. It is designed to identify and assess threats to the organization through bespoke, proprietary
applications or systems. It checks the application so that a malicious user cannot access, modify, or
destroy data or services within the system.
Identify the type of application security assessment which analyzes the application-based code to
confirm that it does not contain any sensitive information that an attacker might use to exploit an
application.
A. Web Penetration Testing
B. Functionality Testing
C. Authorization Testing
D. Source Code Review
Answer: D
NO.3 You have compromised a lower-level administrator account on an Active Directory network of a
small company in Dallas, Texas. You discover Domain Controllers through enumeration. You connect
to one of the Domain Controllers on port 389 using Idp.exe. What are you trying to accomplish here?
A. Poison the DNS records with false records
B. Enumerate MX and A records from DNS
C. Establish a remote connection to the Domain Controller
D. Enumerate domain user accounts and built-in groups
Answer: D
NO.4 In which of the following IDS evasion techniques does IDS reject the packets that an end system
accepts?
A. IPS evasion technique
B. IDS evasion technique
C. UDP evasion technique
D. TTL evasion technique
Answer: B
Reference: http://is.muni.cz/th/172999/fi_m/MT_Bukac.pdf (page 24)
NO.5 From where can clues about the underlying application environment can be collected?
A. From the extension of the file
B. From executable file
C. From file types and directories
D. From source code
Answer: D
NO.6 John, the penetration tester in a pen test firm, was asked to find whether NTP services are
opened on the target network (10.0.0.7) using Nmap tool.
Which one of the following Nmap commands will he use to find it?
A. nmap -sU -p 389 10.0.0.7
B. nmap -sU -p 123 10.0.0.7
C. nmap -sU -p 161 10.0.0.7
D. nmap -sU -p 135 10.0.0.7
Answer: D
NO.7 A firewall's decision to forward or reject traffic in network filtering is dependent upon which of
the following?
A. Destination address
B. Port numbers
C. Source address
D. Protocol used
Answer: D
NO.8 Which of the following defines the details of services to be provided for the client's organization
and the list of services required for performing the test in the organization?
A. Draft
B. Report
C. Requirement list
D. Quotation
Answer: D