Identify the attack from the description below:
I. User A sends an ARP request to a switch
II. The switch broadcasts the ARP request in the network
III. An attacker eavesdrops on the ARP request and responds by spoofing as a legitimate user
IV.
The attacker sends his MAC address to User A
A.
MAC spoofing
B.
ARP injection
C.
ARP flooding
D.
ARP poisoning
Nancy Jones is a network admin at Society Technology Ltd. When she is trying to send data packets from
one network (Token-ring) to another network (Ethernet), she receives an error message stating:
'Destination unreachable'
What is the reason behind this?
A. Packet is lost
B. Packet fragmentation is required
C. Packet contains image data
D. Packet transmission is not done properly
Jacob is a penetration tester at TechSoft Inc. based at Singapore. The company assigned him the task of
conducting penetration test on the IoT devices connected to the corporate network. As part of this process,
he captured the network traffic of the devices, their mobile applications, and cloud connections to check
whether any critical data are transmitted in plain text. Also, he tried to check whether SSL/TLS protocols
are properly updated and implemented.
Which of the following IoT security issues Jacob is dealing with?
A. Poor authentication/authorization
B. Lack of transport encryption
C. Privacy concerns
D. Insecure software/firmware
Which of the following acts provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information?
A. PCI-DSS
B. SOX
C. HIPAA
D. GLBA
What is the purpose of a Get-Out-of-Jail-Free card in a pen testing engagement?
A. It indemnifies the tester against any loss or damage that may result from the testing
B. It details standards and penalties imposed by federal, state, or local governments
C. It is a formal approval to start pen test engagement
D. It gives an understanding of the limitations, constraints, liabilities, and indemnification considerations
Watson works as a Penetrating test engineer at Neo security services. The company found its wireless network operating in an unusual manner, with signs that a possible cyber attack might have happened. Watson was asked to resolve this problem. Watson starts a wireless penetrating test, with the first step of
discovering wireless networks by war-driving. After several thorough checks, he identifies that there is
some problem with rogue access points and resolves it. Identifying rogue access points involves a series
of steps.
Which of the following arguments is NOT valid when identifying the rogue access points?
A. If a radio media type used by any discovered AP is not present in the authorized list of media types, it is considered as a rogue AP
B. If any new AP which is not present in the authorized list of APs is detected, it would be considered as a rogue AP
C. If the radio channel used by any discovered AP is not present in the authorized list of channels, it is considered as a rogue AP
D. If the MAC of any discovered AP is present in the authorized list of MAC addresses, it would be considered as a rogue AP
John, a security analyst working for LeoTech organization, was asked to perform penetration testing on the
client organizational network. In this process, he used a method that involves threatening or convincing a
person from the client organization to obtain sensitive information.
Identify the type of penetration testing performed by John on the client organization?
A. Wireless network penetration testing
B. Social engineering penetration testing
C. Mobile device penetration testing
D. Web application penetration testing
Which of the following SQLMAP commands will allow you to test if a parameter in a target URL is vulnerable to SQL injection (injectable)?
A. sqlmap -g "inurl:\".php?id=1\""
B. sqlmap.py -l burp.log --scope="(www)?\.[target]\.(com | net | org)"
C. sqlmap –url [ Target URL ]
D. sqlmap –host [ Target URL ]
Henderson has completed the pen testing tasks. He is now compiling the final report for the client. Henderson needs to include the result of scanning that revealed a SQL injection vulnerability and different SQL queries that he used to bypass web application authentication.
In which section of the pen testing report, should Henderson include this information?
A. General opinion section
B. Methodology section
C. Comprehensive technical report section
D. Executive summary section
Sarah is a pen tester at JK Hopes and Sons based in Las Vegas. As a part of the penetration testing, she
was asked to perform the test without exposing the test to anyone else in the organization. Only a few
people in the organization know about the test. This test covers the organization's security monitoring,
incident identification and its response procedures.
What kind of pen testing is Sarah performing?
A. Double-blind Testing
B. Announced Testing
C. Unannounced Testing
D. Blind Testing
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ECSAV10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.