CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. ECSAV8

Free ECSAV8 Exam Braindumps (page: 8)

Page 7 of 51
PDF with 200 Questions

Which of the following is an application alert returned by a web application that helps an attacker guess a valid username?

  1. Invalid username or password
  2. Account username was not found
  3. Incorrect password
  4. Username or password incorrect

Answer(s): C



Which of the following pen testing reports provides detailed information about all the tasks performed during penetration testing?

  1. Client-Side Test Report
  2. Activity Report
  3. Host Report
  4. Vulnerability Report

Answer(s): A



The IP protocol was designed for use on a wide variety of transmission links. Although the maximum length of an IP datagram is 64K, most transmission links enforce a smaller maximum packet length limit, called a MTU.

The value of the MTU depends on the type of the transmission link. The design of IP accommodates MTU differences by allowing routers to fragment IP datagrams as necessary. The receiving station is responsible for reassembling the fragments back into the original full size IP datagram.
IP fragmentation involves breaking a datagram into a number of pieces that can be reassembled later. The IP source, destination, identification, total length, and fragment offset fields in the IP header, are used for IP fragmentation and reassembly.


The fragment offset is 13 bits and indicates where a fragment belongs in the original IP datagram. This value is a:

  1. Multiple of four bytes
  2. Multiple of two bytes
  3. Multiple of eight bytes
  4. Multiple of six bytes

Answer(s): C


Reference:

http://www.freesoft.org/CIE/Course/Section3/7.htm (fragment offset: 13 bits)



Which of the following approaches to vulnerability assessment relies on the administrator providing baseline of system configuration and then scanning continuously without incorporating any information found at the time of scanning?

  1. Service-based Assessment Solutions
  2. Product-based Assessment Solutions
  3. Tree-based Assessment
  4. Inference-based Assessment

Answer(s): C


Reference:

http://www.netsense.info/downloads/security_wp_mva.pdf (page 12, tree-based assessment technology, second para)






Post your Comments and Discuss EC-Council ECSAV8 exam with other Community members:

ECSAV8 Discussions & Posts