Exam2pass
0 items Sign In or Register
  • Home
  • IT Exams
  • Guarantee
  • FAQs
  • Reviews
  • Contact Us
  • Demo
Exam2pass > EC-COUNCIL > EC-COUNCIL Certifications > ECSAv8 > ECSAv8 Online Practice Questions and Answers

ECSAv8 Online Practice Questions and Answers

Questions 4

Which of the following is the range for assigned ports managed by the Internet Assigned Numbers Authority (IANA)?

A. 3001-3100

B. 5000-5099

C. 6666-6674

D. 0 ?1023

Buy Now

Correct Answer: D

Reference: https://www.ietf.org/rfc/rfc1700.txt (well known port numbers, 4th para)

Questions 5

Before performing the penetration testing, there will be a pre-contract discussion with different pen-testers (the team of penetration testers) to gather a quotation to perform pen testing.

Which of the following factors is NOT considered while preparing a price quote to perform pen testing?

A. Total number of employees in the client organization

B. Type of testers involved

C. The budget required

D. Expected time required to finish the project

Buy Now

Correct Answer: A

Questions 6

A WHERE clause in SQL specifies that a SQL Data Manipulation Language (DML) statement should only affect rows that meet specified criteria. The criteria are expressed in the form of predicates. WHERE clauses are not mandatory clauses of SQL DML statements, but can be used to limit the number of rows affected by a SQL DML statement or returned by a query.

A pen tester is trying to gain access to a database by inserting exploited query statements with a WHERE clause. The pen tester wants to retrieve all the entries from the database using the WHERE clause from a particular table (e.g. StudentTable).

What query does he need to write to retrieve the information?

A. EXTRACT* FROM StudentTable WHERE roll_number = 1 order by 1000

B. DUMP * FROM StudentTable WHERE roll_number = 1 AND 1=1-

C. SELECT * FROM StudentTable WHERE roll_number = '' or '1' = '1`

D. RETRIVE * FROM StudentTable WHERE roll_number = 1'#

Buy Now

Correct Answer: C

Questions 7

External penetration testing is a traditional approach to penetration testing and is more focused on the servers, infrastructure and the underlying software comprising the target. It involves a comprehensive analysis of publicly available information about the target, such as Web servers, Mail servers, Firewalls, and Routers.

Which of the following types of penetration testing is performed with no prior knowledge of the site?

A. Blue box testing

B. White box testing

C. Grey box testing

D. Black box testing

Buy Now

Correct Answer: D

Reference: http://books.google.com.pk/books?id=5m6ta2fgTswCandpg=SA5-PA4andlpg=SA5PA4anddq=penetration+testing+is+performed+with+no+prior+knowledge+of+the+siteandsourc e=blandots=8GkmyUBH2Uandsig=wdBIboWxrhk5QjlQXs3yWOcuk2Qandhl=enandsa=Xandei=SgfVI2LLc3qaOa5gIgOandved=0CCkQ6AEwAQ#v=onepageandq=penetration%20testing%20i s% 20performed%20with%20no%20prior%20knowledge%20of%20the%20siteandf=false

Questions 8

Why is a legal agreement important to have before launching a penetration test?

A. Guarantees your consultant fees

B. Allows you to perform a penetration test without the knowledge and consent of the organization's upper management

C. It establishes the legality of the penetration test by documenting the scope of the project and the consent of the company.

D. It is important to ensure that the target organization has implemented mandatory security policies

Buy Now

Correct Answer: C

Questions 9

In Linux, /etc/shadow file stores the real password in encrypted format for user's account with added properties associated with the user's password.

In the example of a /etc/shadow file below, what does the bold letter string indicate? Vivek: $1$fnffc$GteyHdicpGOfffXX40w#5:13064:0:99999:7

A. Number of days the user is warned before the expiration date

B. Minimum number of days required between password changes

C. Maximum number of days the password is valid

D. Last password changed

Buy Now

Correct Answer: B

Reference: http://www.cyberciti.biz/faq/understanding-etcshadow-file/ (bullet # 4)

Questions 10

Transmission control protocol accepts data from a data stream, divides it into chunks, and adds a TCP header creating a TCP segment.

The TCP header is the first 24 bytes of a TCP segment that contains the parameters and state of an endto-end TCP socket. It is used to track the state of communication between two TCP endpoints.

For a connection to be established or initialized, the two hosts must synchronize. The synchronization requires each side to send its own initial sequence number and to receive a confirmation of exchange in an acknowledgment (ACK) from the other side

The below diagram shows the TCP Header format: How many bits is a acknowledgement number?

A. 16 bits

B. 32 bits

C. 8 bits

D. 24 bits

Buy Now

Correct Answer: B

Reference: http://en.wikipedia.org/wiki/Transmission_Control_Protocol (acknowledgement number)

Questions 11

Which of the following acts is a proprietary information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards and applies to all entities involved in payment card processing?

A. PIPEDA

B. PCI DSS

C. Human Rights Act 1998

D. Data Protection Act 1998

Buy Now

Correct Answer: B

Reference: http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard

Questions 12

Which of the following policy forbids everything with strict restrictions on all usage of the company systems and network?

A. Information-Protection Policy

B. Paranoid Policy

C. Promiscuous Policy

D. Prudent Policy

Buy Now

Correct Answer: B

Questions 13

DNS information records provide important data about:

A. Phone and Fax Numbers

B. Location and Type of Servers

C. Agents Providing Service to Company Staff

D. New Customer

Buy Now

Correct Answer: B

Exam Code: ECSAv8
Exam Name: EC-Council Certified Security Analyst (ECSA) v8
Last Update: Jul 07, 2026
Questions: 150

PDF (Q&A)

$45.99
ADD TO CART

VCE

$49.99
ADD TO CART

PDF + VCE

$59.99
ADD TO CART

Exam2Pass----The Most Reliable Exam Preparation Assistance

There are tens of thousands of certification exam dumps provided on the internet. And how to choose the most reliable one among them is the first problem one certification candidate should face. Exam2Pass provide a shot cut to pass the exam and get the certification. If you need help on any questions or any Exam2Pass exam PDF and VCE simulators, customer support team is ready to help at any time when required.

Home | Guarantee & Policy |  Privacy & Policy |  Terms & Conditions |  How to buy |  FAQs |  About Us |  Contact Us |  Demo |  Reviews

2026 Copyright @ exam2pass.com All trademarks are the property of their respective vendors. We are not associated with any of them.