CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. ECSAV8

Free ECSAV8 Exam Braindumps (page: 6)

Page 5 of 51
PDF with 200 Questions

What is the difference between penetration testing and vulnerability testing?

  1. Penetration testing goes one step further than vulnerability testing; while vulnerability tests check for known vulnerabilities, penetration testing adopts the concept of ‘in-depth ethical hacking’
  2. Penetration testing is based on purely online vulnerability analysis while vulnerability testing engages ethical hackers to find vulnerabilities
  3. Vulnerability testing is more expensive than penetration testing
  4. Penetration testing is conducted purely for meeting compliance standards while vulnerability testing is focused on online scans

Answer(s): A



In Linux, /etc/shadow file stores the real password in encrypted format for user’s account with added properties associated with the user’s password.


In the example of a /etc/shadow file below, what does the bold letter string indicate?
Vivek: $1$fnffc$GteyHdicpGOfffXX40w#5:13064:0:99999:7

  1. Number of days the user is warned before the expiration date
  2. Minimum number of days required between password changes
  3. Maximum number of days the password is valid
  4. Last password changed

Answer(s): B


Reference:

http://www.cyberciti.biz/faq/understanding-etcshadow-file/ (bullet # 4)



The first and foremost step for a penetration test is information gathering. The main objective of this test is to gather information about the target system which can be used in a malicious manner to gain access to the target systems.


Which of the following information gathering terminologies refers to gathering information through social engineering on-site visits, face-to-face interviews, and direct questionnaires?

  1. Active Information Gathering
  2. Pseudonymous Information Gathering
  3. Anonymous Information Gathering
  4. Open Source or Passive Information Gathering

Answer(s): A



DMZ is a network designed to give the public access to the specific internal resources and you might want to do the same thing for guests visiting organizations without compromising the integrity of the internal resources. In general, attacks on the wireless networks fall into four basic categories. Identify the attacks that fall under Passive attacks category.(Select all that apply)

  1. Wardriving
  2. Spoofing
  3. Sniffing
  4. Network Hijacking

Answer(s): A






Post your Comments and Discuss EC-Council ECSAV8 exam with other Community members:

ECSAV8 Discussions & Posts