Joe works as an engagement team lead with Xsecurity Inc. His pen testing team follows all the standard
pentesting procedures, however, one of the team members inadvertently deletes a document containing
the client's sensitive information. The client is suing Xsecurity for damages.
Which part of the Penetration Testing Contract should Joe have written better to avoid this lawsuit?
A. Objective of the penetration test
B. Indemnification clause
C. Fees and project schedule
D. Non-disclosure clause
A penetration tester at Trinity Ltd. is performing IoT device testing. As part of this process, he is checking
the IoT devices for open ports using port scanners such as Nmap. After identifying the open ports, he
started using automated tools to check each open port for any exploitable vulnerabilities.
Identify the IoT security issues the penetration tester is trying to uncover?
A. Insecure software/firmware
B. Lack of transport encryption
C. Insecure network services
D. Insufficient security configurability
Peter is working on a pen testing assignment. During the reconnaissance phase, Peter discovered that the client's SYSLOG systems are taken off for four hours on the second Saturday of every month for maintenance. He wants to analyze the client's web pages for sensitive information without triggering their logging mechanism. There are hundreds of pages on the client's website and it is difficult to analyze all the information in just four hours. What will Peter do to analyze all the web pages in a stealthy manner?
A. Use HTTrack to mirror the complete website
B. Use WayBackMachine
C. Perform reverse DNS lookup
D. Search the Internet, newsgroups, bulletin boards, and negative websites for information about the client
A security analyst at Techsoft Solutions is performing penetration testing on the critical IT assets of the
company. As part of this process, he is simulating the methodologies and techniques of a real attacker
because he is provided with limited or zero information about the company and its assets.
Identify the type of testing performed by the security analyst?
A. Announced testing
B. Blind testing
C. White-box testing
D. Unannounced testing
John is a newly appointed penetration testing manager in ABC Ltd. He is assigned a task to build a penetration testing team and asked to justify the return on investment (ROI). To assess and predict the ROI of the team by considering the parameters like expected returns from the team and cost of investment, how can John calculate the ROI?
A. ROI = (Cost of investment – Expected returns)/Expected returns
B. ROI = (Expected returns – Cost of investment)/Cost of investment
C. ROI = (Expected returns + Cost of investment)/Cost of investment
D. ROI = (Cost of investment + Expected returns)/Expected returns
Which of the following information security acts enables to ease the transfer of financial information between institutions and banks while making the rights of the individual through security requirements more specific?
A. The Digital Millennium Copyright Act (DMCA)
B. Sarbanes Oxley Act (SOX)
C. Computer Misuse Act 1990
D. Gramm-Leach-Bliley Act (GLBA)
Linson, an employee in Skitac Ltd., notices a USB flash drive on the pavement of the company. Before he
could hand it over to the security guard, he tries to check it out. He connects it with an OTG to his mobile
phone and finds some of his favorite music playlists and games. He tries to download them into his mobile,
but very lately he came to know that he has been attacked and some of his sensitive financial information
was exposed to attackers.
What type of attacks did Linson face?
A. Social engineering attack
B. Phishing attack
C. Wardriving attack
D. Impersonation attack
ABC bank, a UK-based bank hired Anthony, to perform a penetration test for the bank. Anthony began performing lookups on the bank's DNS servers, reading news articles online about the bank, performing competitive intelligence gathering, watching what times the bank employees come and go, and searching the bank's job postings. What phase of the penetration testing is Anthony currently in?
A. Attack phase
B. Post-attack phase
C. Pre-attack phase
D. Remediation phase
James, a penetration tester, found a SQL injection vulnerability in the website http://www.xsecurity.com. He used sqlmap and extracted the website's databases from the sql server, one of them being "offices." Which among the following sqlmap queries does James issue in order to extract the tables related to the database "offices"?
A. sqlmap -u "www.xsecurity.com" --dbs offices -T
B. sqlmap -u "www.xsecurity.com" --dbs offices --T
C. sqlmap -u "www.xsecurity.com" --dbs offices -tables
D. sqlmap -u "www.xsecurity.com" --dbs offices --tables
John is a penetration tester who wants to perform port scan on the DNS Server (IP address: 192.168.0.124) deployed in the perimeter. In his primary research, he identified that the DNS server is configured with default settings. Since he is employing Nmap tool to perform port scanning, which of the following Nmap commands should John execute to port scan the DNS Server?
A. nmap -sS -sU –p 80 192.168.0.124
B. nmap -sS -sU –p 69 192.168.0.124
C. nmap -sS -sU –p 123 192.168.0.124
D. nmap -sS -sU –p 53 192.168.0.124
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ECSAV10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.