최신 412-79 무료덤프 - EC-COUNCIL EC-Council Certified Security Analyst (ECSA)
What sort of vulnerability assessment approach starts by building an inventory of protocols found on the machine?
정답: C
A security policy is a document or set of documents that describes, at a high level, the security controls that will be implemented by the company. Which one of the following policies forbids everything and restricts usage of company computers, whether it is system usage or network usage?
정답: B
Which of the following policies states that the relevant application owner must authorize requests for additional access to specific business applications in writing to the IT Department/resource?
정답: A
In the process of hacking a web application, attackers manipulate the HTTP requests to subvert the application authorization schemes by modifying input fields that relate to the user ID, username, access group, cost, file names, file identifiers, etc. They first access the web application using a low privileged account and then escalate privileges to access protected resources. What attack has been carried out?
정답: C
A directory traversal (or path traversal) consists in exploiting insufficient security validation/sanitization of user-supplied input file names, so that characters representing "traverse to parent directory" are passed through to the file APIs.
The goal of this attack is to order an application to access a computer file that is not intended to be accessible.
This attack exploits a lack of security (the software is acting exactly as it is supposed to) as opposed to exploiting a bug in the code.
To perform a directory traversal attack, which sequence does a pen tester need to follow to manipulate variables of reference files?
The goal of this attack is to order an application to access a computer file that is not intended to be accessible.
This attack exploits a lack of security (the software is acting exactly as it is supposed to) as opposed to exploiting a bug in the code.
To perform a directory traversal attack, which sequence does a pen tester need to follow to manipulate variables of reference files?
정답: C
Identify the type of testing that is carried out without giving any information to the employees or administrative head of the organization.
정답: D
John, the penetration testing manager in a pen testing firm, needs to prepare a pen testing pricing report for a client.
Which of the following factors does he need to consider while preparing the pen testing pricing report?
Which of the following factors does he need to consider while preparing the pen testing pricing report?
정답: B
Which of the following statement holds true for TCP Operation?
정답: B
Which one of the following is false about Wireshark? (Select all that apply)
정답: A
Rule of Engagement (ROE) is the formal permission to conduct a pen-test. It provides top-level guidance for conducting the penetration testing.
Various factors are considered while preparing the scope of ROE which clearly explain the limits associated with the security test.
Which of the following factors is NOT considered while preparing the scope of the Rules of Engagment (ROE)?
Various factors are considered while preparing the scope of ROE which clearly explain the limits associated with the security test.
Which of the following factors is NOT considered while preparing the scope of the Rules of Engagment (ROE)?
정답: B