Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. ECSAv10

EC-Council ECSAv10 Exam Questions
EC-Council Certified Security Analyst (ECSA) v10 : Penetration Testing (Page 6 )

Updated On: 24-Feb-2026
Page 6 of 42
PDF with 203 Questions

The first and foremost step for a penetration test is information gathering. The main objective of this test is to gather information about the target system which can be used in a malicious manner to gain access to the target systems.



Which of the following information gathering terminologies refers to gathering information through social engineering on-site visits, face-to-face interviews, and direct questionnaires?

  1. Active Information Gathering
  2. Pseudonymous Information Gathering
  3. Anonymous Information Gathering
  4. Open Source or Passive Information Gathering

Answer(s): A



Vulnerability assessment is an examination of the ability of a system or application, including current security procedures and controls, to withstand assault. It recognizes, measures, and classifies security vulnerabilities in a computer system, network, and communication channels.
A vulnerability assessment is used to identify weaknesses that could be exploited and predict the effectiveness of additional security measures in protecting information resources from attack.



Which of the following vulnerability assessment technique is used to test the web server infrastructure for any misconfiguration and outdated content?

  1. Passive Assessment
  2. Host-based Assessment
  3. External Assessment
  4. Application Assessment

Answer(s): D



George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP programs without obtaining approval from the IT department.
Few managers are using SFTP program on their computers.
Before talking to his boss, George wants to have some proof of their activity. George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network. What filter should George use in Ethereal?

  1. net port 22
  2. udp port 22 and host 172.16.28.1/24
  3. src port 22 and dst port 22
  4. src port 23 and dst port 23

Answer(s): C



Which of the following acts related to information security in the US establish that the management of an organization is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting?

  1. USA Patriot Act 2001
  2. Sarbanes-Oxley 2002
  3. Gramm-Leach-Bliley Act (GLBA)
  4. California SB 1386

Answer(s): A



John and Hillary works at the same department in the company. John wants to find out Hillary's network password so he can take a look at her documents on the file server. He enables Lophtcrack program to sniffing mode. John sends Hillary an email with a link to Error! Reference source not found.
What information will he be able to gather from this?

  1. The SID of Hillary's network account
  2. The network shares that Hillary has permissions
  3. The SAM file from Hillary's computer
  4. Hillary's network username and password hash

Answer(s): D






Post your Comments and Discuss EC-Council ECSAv10 exam dumps with other Community members:

Join the ECSAv10 Discussion