Halloween Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

ECSAv10 ECCouncil Exam Lab Questions

Page: 2 / 7
Question 8

Many security and compliance projects begin with a simple idea: assess the organization's risk, vulnerabilities, and breaches. Implementing an IT security risk assessment is critical to the overall security posture of any organization.

An effective security risk assessment can prevent breaches and reduce the impact of realized breaches.

What is the formula to calculate risk?

Options:

A.

Risk = Budget x Time

B.

Risk = Goodwill x Reputation

C.

Risk = Loss x Exposure factor

D.

Risk = Threats x Attacks

Question 9

Security auditors determine the use of WAPs on their networks with Nessus vulnerability scanner which identifies the commonly used WAPs.

One of the plug-ins that the Nessus Vulnerability Scanner uses is ID #11026 and is named “Access Point Detection”. This plug-in uses four techniques to identify the presence of a WAP.

Which one of the following techniques is mostly used for uploading new firmware images while upgrading the WAP device?

Options:

A.

NMAP TCP/IP fingerprinting

B.

HTTP fingerprinting

C.

FTP fingerprinting

D.

SNMP fingerprinting

Question 10

Identify the injection attack represented in the diagram below:

Options:

A.

XPath Injection Attack

B.

XML Request Attack

C.

XML Injection Attack

D.

Frame Injection Attack

Question 11

Windows stores user passwords in the Security Accounts Manager database (SAM), or in the Active Directory database in domains. Passwords are never stored in clear text; passwords are hashed and the results are stored in the SAM.

NTLM and LM authentication protocols are used to securely store a user's password in the SAM database using different hashing methods.

The SAM file in Windows Server 2008 is located in which of the following locations?

Options:

A.

c:\windows\system32\config\SAM

B.

c:\windows\system32\drivers\SAM

C.

c:\windows\system32\Setup\SAM

D.

c:\windows\system32\Boot\SAM

Page: 2 / 7
Exam Code: ECSAv10
Exam Name: EC-Council Certified Security Analyst (ECSA) v10 : Penetration Testing
Last Update: Nov 1, 2024
Questions: 201
ECSAv10 pdf

ECSAv10 PDF

$24  $80
ECSAv10 Engine

ECSAv10 Testing Engine

$28.5  $95
ECSAv10 PDF + Engine

ECSAv10 PDF + Testing Engine

$39  $130