Exam2pass
0 items Sign In or Register
  • Home
  • IT Exams
  • Guarantee
  • FAQs
  • Reviews
  • Contact Us
  • Demo
Exam2pass > EC-COUNCIL > EC-COUNCIL Certifications > ECSAV10 > ECSAV10 Online Practice Questions and Answers

ECSAV10 Online Practice Questions and Answers

Questions 4

Michael, a Licensed Penetration Tester, wants to create an exact replica of an original website, so he can

browse and spend more time analyzing it.

Which of the following tools will Michael use to perform this task?

A. VisualRoute

B. NetInspector

C. BlackWidow

D. Zaproxy

Buy Now

Correct Answer: C

Questions 5

Alisa is a Network Security Manager at Aidos Cyber Security. During a regular network audit, she sent

specially crafted ICMP packet fragments with different offset values into the network, causing a system

crash.

Which attack Alisa is trying to perform?

A. Ping-of-death attack

B. Fraggle attack

C. Session hijacking

D. Smurf attack

Buy Now

Correct Answer: A

Questions 6

Which of the following SQLMAP commands will allow you to test if a parameter in a target URL is vulnerable to SQL injection (injectable)?

A. sqlmap -g "inurl:\".php?id=1\""

B. sqlmap.py -l burp.log --scope="(www)?\.[target]\.(com | net | org)"

C. sqlmap –url [ Target URL ]

D. sqlmap –host [ Target URL ]

Buy Now

Correct Answer: C

Questions 7

Peter is working on a pen testing assignment. During the reconnaissance phase, Peter discovered that the client's SYSLOG systems are taken off for four hours on the second Saturday of every month for maintenance. He wants to analyze the client's web pages for sensitive information without triggering their logging mechanism. There are hundreds of pages on the client's website and it is difficult to analyze all the information in just four hours. What will Peter do to analyze all the web pages in a stealthy manner?

A. Use HTTrack to mirror the complete website

B. Use WayBackMachine

C. Perform reverse DNS lookup

D. Search the Internet, newsgroups, bulletin boards, and negative websites for information about the client

Buy Now

Correct Answer: A

Questions 8

You work as a penetration tester for Hammond Security Consultants. You are currently working on a contract for the state government of California; Your next step is to initiate a DoS attack on their network. Why would you want to initiate a DoS attack on a system you are testing?

A. Use attack as a launching point to penetrate deeper into the network

B. Demonstrate that no system can be protected against DoS attacks

C. List weak points on their network

D. Show outdated equipment so it can be replaced

Buy Now

Correct Answer: C

Questions 9

Identify the type of testing that is carried out without giving any information to the employees or administrative head of the organization.

A. Unannounced Testing

B. Double Blind Testing

C. Announced Testing

D. Blind Testing

Buy Now

Correct Answer: B

Questions 10

Harold wants to set up a firewall on his network but is not sure which one would be the most appropriate.

He knows he needs to allow FTP traffic to one of the servers on his network, but he wants to only allow

FTP-PUT.

Which firewall would be most appropriate for Harold?

A. Application-level proxy firewall

B. Data link layer firewall

C. Packet filtering firewall

D. Circuit-level proxy firewall

Buy Now

Correct Answer: A

Questions 11

After passively scanning the network of Department of Defense (DoD), you switch over to active scanning to identify live hosts on their network. DoD is a large organization and should respond to any number of scans. You start an ICMP ping sweep by sending an IP packet to the broadcast address. Only five hosts responds to your ICMP pings; definitely not the number of hosts you were expecting. Why did this ping sweep only produce a few responses?

A. A switched network will not respond to packets sent to the broadcast address

B. Only IBM AS/400 will reply to this scan

C. Only Unix and Unix-like systems will reply to this scan

D. Only Windows systems will reply to this scan

Buy Now

Correct Answer: C

Questions 12

Attackers create secret accounts and gain illegal access to resources using backdoor while bypassing the authentication procedures. Creating a backdoor is a where an attacker obtains remote access to a computer on a network.

Which of the following techniques do attackers use to create backdoors to covertly gather critical information about a target machine?

A. Internal network mapping to map the internal network of the target machine

B. Port scanning to determine what ports are open or in use on the target machine

C. Sniffing to monitor all the incoming and outgoing network traffic

D. Social engineering and spear phishing attacks to install malicious programs on the target machine

Buy Now

Correct Answer: D

Questions 13

SQL injection attacks are becoming significantly more popular amongst hackers and there has been an

estimated 69 percent increase of this attack type.

This exploit is used to great effect by the hacking community since it is the primary way to steal sensitive

data from web applications. It takes advantage of non-validated input vulnerabilities to pass SQL

commands through a web application for execution by a back-end database.

The below diagram shows how attackers launched SQL injection attacks on web applications.

Which of the following can the attacker use to launch an SQL injection attack?

A. Blah' "2=2 -"

B. Blah' and 2=2 -

C. Blah' and 1=1 -

D. Blah' or 1=1 -

Buy Now

Correct Answer: D

Exam Code: ECSAV10
Exam Name: EC-Council Certified Security Analyst (ECSA) v10
Last Update: Jul 07, 2026
Questions: 354

PDF (Q&A)

$45.99
ADD TO CART

VCE

$49.99
ADD TO CART

PDF + VCE

$59.99
ADD TO CART

Exam2Pass----The Most Reliable Exam Preparation Assistance

There are tens of thousands of certification exam dumps provided on the internet. And how to choose the most reliable one among them is the first problem one certification candidate should face. Exam2Pass provide a shot cut to pass the exam and get the certification. If you need help on any questions or any Exam2Pass exam PDF and VCE simulators, customer support team is ready to help at any time when required.

Home | Guarantee & Policy |  Privacy & Policy |  Terms & Conditions |  How to buy |  FAQs |  About Us |  Contact Us |  Demo |  Reviews

2026 Copyright @ exam2pass.com All trademarks are the property of their respective vendors. We are not associated with any of them.