Sam is a penetration tester and network admin at McLaren and McLaren, based out of Washington. The company has recently deployed IPv6 in their network. Sam found problems with the protocol implementation and tried to redeploy IPv6 over IPv4. This time, he used the tunneling mechanism while deploying the IPv6 network. How does the tunneling mechanism work?
A. It encapsulates IPv6 packets in IPv4 packets
B. It transfers IPv4 first and the IPv6
C. It splits the IPv4 packets and provides a way to IPv6
D. It replaces IPv4 with IPv6
James is a security consultant at Big Frog Software Pvt Ltd. He is an expert in Footprinting and Social engineering tasks. His team lead tasked him to find details about the target through passive reconnaissance. James used websites to check the link popularity of the client's domain name. What information does the link popularity provide?
A. Information about the network resources
B. Information about visitors, their geolocations, etc.
C. Information about the server and its infrastructure
D. Information about the partner of the organization
Nick is a penetration tester in Stanbiz Ltd. As a part of his duty, he was analyzing the network traffic by
using various filters in the Wireshark tool. While sniffing the network traffic, he used "tcp.port==1433"
Wireshark filter for acquiring a specific database related information since port number 1433 is the default
port of that specific target database.
Which of the following databases Nick is targeting in his test?
A. PostgreSQL
B. Oracle
C. MySQL
D. Microsoft SQL Server
Frank is a senior security analyst at Roger Data Systems Inc. The company asked him to perform a
database penetration test on its client network to determine whether the database is vulnerable to attacks
or not. The client did not reveal any information about the database they are using.
As a pen tester Frank knows that each database runs on its own default port. So he started database port
scanning using the Nmap tool and tried different commands using default port numbers and succeeded
with the following command.
nmap -sU –p 1521
Identify the database used by the company?
A. MySQL
B. Microsoft SQL Server
C. SQLite
D. Oracle
William, a penetration tester in a pen test firm, was asked to get the information about the SMTP server on
a target network.
What does William need to do to get the SMTP server information?
A. Send an email message to a non-existing user of the target organization and check for bounced mail header
B. Examine the session variables
C. Examine TCP sequence numbers
D. Look for information available in web page source code
Ross performs security test on his company's network assets and creates a detailed report of all the findings. In his report, he clearly explains the methodological approach that he has followed in finding the loopholes in the network. However, his report does not mention about the security gaps that can be exploited or the amount of damage that may result from the successful exploitation of the loopholes. The report does not even mention about the remediation steps that are to be taken to secure the network. What is the type of test that Ross has performed?
A. Penetration testing
B. Vulnerability assessment
C. Risk assessment
D. Security audit
JUA Networking Solutions is a group of certified ethical hacking professionals with a large client base.
Stanley works as a penetrating tester at this firm. Future group approached JUA for an internal pen test.
Stanley performs various penetration testing test sequences and gains information about the network
resources and shares, routing tables, audit and service settings, SNMP and DNS details, machine names,
users and groups, applications and banners.
Identify the technique that gave Stanley this information.
A. Enumeration
B. Sniffing
C. Ping sweeps
D. Port scanning
Jason is a penetration tester, and after completing the initial penetration test, he wanted to create a final penetration test report that consists of all activities performed throughout the penetration testing process. Before creating the final penetration testing report, which of the following reports should Jason prepare in order to verify if any crucial information is missed from the report?
A. Activity report
B. Host report
C. User report
D. Draft report
The penetration testers are required to follow predefined standard frameworks in making penetration
testing reporting formats.
Which of the following standards does NOT follow the commonly used methodologies in penetration
testing?
A. National Institute of Standards and Technology (NIST)
B. Information Systems Security Assessment Framework (ISSAF)
C. Open Web Application Security Project (OWASP)
D. American Society for Testing Materials (ASTM)
You have implemented DNSSEC on your primary internal DNS server to protect it from various DNS
attacks. Network users complained they are not able to resolve domain names to IP addresses at certain
times.
What could be the probable reason?
A. DNSSEC does not provide protection against Denial of Service (DoS) attacks
B. DNSSEC does not guarantee authenticity of a DNS response during an attack
C. DNSSEC does not protect the integrity of a DNS response
D. DNSSEC does not guarantee the non-existence of a domain name or type
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ECSAV10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.