CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. ECSAV8

Free ECSAV8 Exam Braindumps (page: 20)

Page 19 of 51
PDF with 200 Questions

Identify the type of authentication mechanism represented below:

  1. NTLMv1
  2. NTLMv2
  3. LAN Manager Hash
  4. Kerberos

Answer(s): D

Explanation:

The client authenticates itself to the Authentication Server (AS) which forwards the username to a key distribution center (KDC). The KDC issues a ticket granting ticket (TGT), which is time stamped, encrypts it using the user's password and returns the encrypted result to the user's workstation. This is done infrequently, typically at user logon; the TGT expires at some point, though may be transparently renewed by the user's session manager while they are logged in.
When the client needs to communicate with another node ("principal" in Kerberos parlance) the client sends the TGT to the ticket granting service (TGS), which usually shares the same host as the KDC. After verifying the TGT is valid and the user is permitted to access the requested service, the TGS issues a ticket and session keys, which are returned to the client. The client then sends the ticket to the service server (SS) along with its service request.


Reference:

http://en.wikipedia.org/wiki/Kerberos_(protocol)



Identify the framework that comprises of five levels to guide agency assessment of their security programs and assist in prioritizing efforts for improvement:

  1. Information System Security Assessment Framework (ISSAF)
  2. Microsoft Internet Security Framework
  3. Nortells Unified Security Framework
  4. Federal Information Technology Security Assessment Framework

Answer(s): D



A man enters a PIN number at an ATM machine, being unaware that the person next to him was watching. Which of the following social engineering techniques refers to this type of information theft?

  1. Shoulder surfing
  2. Phishing
  3. Insider Accomplice
  4. Vishing

Answer(s): A



Passwords protect computer resources and files from unauthorized access by malicious users. Using passwords is the most capable and effective way to protect information and to increase the security level of a company.

Password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system to gain unauthorized access to a system.


Which of the following password cracking attacks tries every combination of characters until the password is broken?

  1. Brute-force attack
  2. Rule-based attack
  3. Hybrid attack
  4. Dictionary attack

Answer(s): A


Reference:

http://books.google.com.pk/books?id=m2qZNW4dcyIC&pg=PA237&lpg=PA237&dq=password+cracking+attacks+tries+every+combination+of+characters+until+the+password+is+broken&source=bl&ots=RKEUUo6LYj&sig=MPEfFBEpoO0yvOwMxYCoPQuqM5g&hl=en&sa=X&ei=ZdwdVJm3CoXSaPXsgPgM&ved=0CCEQ6AEwAQ#v=onepage&q=password%20cracking%20attacks%20tries%20every%20combination%20of%20characters%20until%20th e%20password%20is%20broken&f=false






Post your Comments and Discuss EC-Council ECSAV8 exam with other Community members:

ECSAV8 Discussions & Posts