최신 412-79 무료덤프 - EC-COUNCIL EC-Council Certified Security Analyst (ECSA)

문제1

If a web application sends HTTP cookies as its method for transmitting session tokens, it may be vulnerable which of the following attacks?

A. Parameter tampering Attack

B. Sql injection attack

C. Cross-site request attack

D. Session Hijacking

정답: C

문제2

What is a goal of the penetration testing report?

A. The penetration testing report allows you to sleep better at night thinking your organization is protected

B. The penetration testing report helps you comply with local laws and regulations related to environmental conditions in the organization.

C. The pen testing report helps executive management to make decisions on implementing security controls in the organization and helps the security team implement security controls and patch any flaws discovered during testing.

D. The penetration testing report allows you to increase sales performance by effectively communicating with the internal security team.

정답: C

문제3

Which of the following protocols cannot be used to filter VoIP traffic?

A. Session Description Protocol (SDP)

B. Real-Time Publish Subscribe (RTPS)

C. Real-time Transport Control Protocol (RTCP)

D. Media Gateway Control Protocol (MGCP)

정답: B

문제4

Network scanning is used to identify the available network resources. Which one of the following is also known as a half-open scan, because a full TCP connection is never completed and it is used to determine which ports are open and listening on a target device?

A. Null Scan

B. XMAS Scan

C. SYN Scan

D. TCP Connect Scan

정답: C

문제5

Today, most organizations would agree that their most valuable IT assets reside within applications and databases. Most would probably also agree that these are areas that have the weakest levels of security, thus making them the prime target for malicious activity from system administrators, DBAs, contractors, consultants, partners, and customers.

Which of the following flaws refers to an application using poorly written encryption code to securely encrypt and store sensitive data in the database and allows an attacker to steal or modify weakly protected data such as credit card numbers, SSNs, and other authentication credentials?

A. Man-in-the-Middle attack

B. Hidden field manipulation attack

C. Insecure cryptographic storage attack

D. SSI injection attack

정답: C

문제6

In which of the following IDS evasion techniques does IDS reject the packets that an end system accepts?

A. TTL evasion technique

B. IDS evasion technique

C. UDP evasion technique

D. IPS evasion technique

정답: A

문제7

An attacker injects malicious query strings in user input fields to bypass web service authentication mechanisms and to access back-end databases. Which of the following attacks is this?

A. Frame Injection Attack

B. LDAP Injection Attack

C. SOAP Injection Attack

D. XPath Injection Attack

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제8

Identify the correct formula for Return on Investment (ROI).

A. ROI = ((Expected Returns - Cost of Investment) / Cost of Investment) * 100

B. ROI = (Expected Returns Cost of Investment) / Cost of Investment

C. ROI = ((Expected Returns + Cost of Investment) / Cost of Investment) * 100

D. ROI = (Expected Returns + Cost of Investment) / Cost of Investment

정답: B

문제9

A framework is a fundamental structure used to support and resolve complex issues. The framework that delivers an efficient set of technologies in order to develop applications which are more secure in using Internet and Intranet is:

A. Microsoft Internet Security Framework

B. Bell Labs Network Security Framework

C. Information System Security Assessment Framework (ISSAF)

D. The IBM Security Framework

정답: A

문제10

In the TCP/IP model, the transport layer is responsible for reliability and flow control from source to the destination. TCP provides the mechanism for flow control by allowing the sending and receiving hosts to communicate. A flow control mechanism avoids the problem with a transmitting host overflowing the buffers in the receiving host.

Which of the following flow control mechanism guarantees reliable delivery of data?

A. Synchronization

B. Windowing

C. Sliding Windows

D. Positive Acknowledgment with Retransmission (PAR)

정답: D

최신 412-79 무료덤프 - EC-COUNCIL EC-Council Certified Security Analyst (ECSA)

우리와 연락하기

유용한 링크

최신 업데이트