“Certified Security Analyst ECSAv10 practice exam ” and “ECSA” is a registered trademark of EC-Council and this course is not licensed, endorsed or affiliated with EC-Council in any way.

These practice tests will help you on your final preparation for EC-Council Certified Security Analyst v10 412-79 exam. After successful completion of this tests you will be easily able to pass ECSAv10 exam in 1st attempt.

The EC-Council Certified Security Analyst ECSAv10 certification is one of the most challenging exams. In this practice tests questions for ECSAv10, you will dive into the real world questions to help prepare yourself for the ECSAv10 certification exam.

There is similar MCQs practice questions and you have to understand the questions then answer it accordingly. All the questions have been set to random that will make you feel that you have dived into real ECSAv10 Practice Exam.

ECSAv10 Practice Exam question and answer

Question 1.

Irin is a newly joined penetration tester for XYZ Ltd. While joining, as a part of her training, she was instructed about various legal policies and information securities acts by her trainer.

During the training, she was informed about a specific information security act related to the conducts and activities like it is illegal to perform DoS attacks on any websites or applications, it is illegal to supply and own hacking tools, it is illegal to access unauthorized computer material, etc.

To which type of information security act does the above conducts and activities best suit?

• A. Police and Justice Act 2006
• B. Data Protection Act 1998
• C. USA Patriot Act 2001
• D. Human Rights Act 1998

Answer 1. A

Question 2.

Adam is an IT administrator for Syncan Ltd. He is designated to perform various IT tasks like setting up new user accounts, managing backup/restores, security authentications and passwords, etc.

Whilst performing his tasks, he was asked to employ the latest and most secure authentication protocol to encrypt the passwords of users that are stored in the Microsoft Windows OS-based systems.

Which of the following authentication protocols should Adam employ in order to achieve the objective?

• A. LANMAN
• B. Kerberos
• C. NTLM
• D. NTLMv2

Answer 2. C

Question 3.

Michael, a Licensed Penetration Tester, wants to create an exact replica of an original website, so he can browse and spend more time analyzing it.
Which of the following tools will Michael use to perform this task?

• A. VisualRoute
• B. NetInspector
• C. BlackWidow
• D. Zaproxy

Answer 3. C

Question 4.

A hacker initiates so many invalid requests to a cloud network host that the host uses all its resources responding to invalid requests and ignores the legitimate requests.

Identify the type of attack –

• A. Denial of Service (DoS) attacks
• B. Side Channel attacks
• C. Man-in-the-middle cryptographic attacks
• D. Authentication attacks

Answer 4. A

Question 5.

Thomas is an attacker and he skimmed through the HTML source code of an online shopping website for the presence of any vulnerabilities that he can exploit.
He already knows that when a user makes any selection of items in the online shopping webpage, the selection is typically stored as form field values and sent to the application as an HTTP request (GET or POST) after clicking the Submit button.

He also knows that some fields related to the selected items are modifiable by the user (like quantity, color, etc.) and some are not (like price).

While skimming through the HTML code, he identified that the price field values of the items are present in the HTML code.

He modified the price field values of certain items from $200 to $2 in the HTML code and submitted the request successfully to the application.
Identify the type of attack performed by Thomas on the online shopping website?

• A. Session poisoning attack
• B. Hidden field manipulation attack
• C. HTML embedding attack
• D. XML external entity attack

Answer 5. C

Question 6.

Steven is performing a wireless network audit. As part of the engagement, he is trying to crack a WPA-PSK key. Steven has captured enough packets to run aircrack-ng and discover the key, but aircrack-ng did not yield any result, as there were no authentication packets in the capture.
Which of the following commands should Steven use to generate authentication packets?

• A. aireplay-ng –deauth 11 -a AA:BB:CC:DD:EE:FF
• B. airmon-ng start eth0
• C. airodump-ng –write capture eth0
• D. aircrack-ng.exe -a 2 -w capture.cap

Answer 6. A

Question 7.

Sam was asked to conduct penetration tests on one of the client’s internal networks. As part of the testing process, Sam performed enumeration to gain information about computers belonging to a domain, list of shares on the individual hosts in the network, policies and passwords.
Identify the enumeration technique.

• A. NTP Enumeration
• B. NetBIOS Enumeration
• C. DNS Enumeration
• D. SMTP Enumeration

Answer 7. B

Question 8.

Jason is working on a pen testing assignment. He is sending customized ICMP packets to a host in the target network. However, the ping requests to the target failed with `ICMP Time Exceeded Type = 11` error messages.
What can Jason do to overcome this error?

• A. Set a Fragment Offset
• B. Increase the Window size in the packets
• C. Increase the TTL value in the packets
• D. Increase the ICMP header length

Answer 8. C

Question 9.

Joseph, a penetration tester, was hired by Xsecurity Services. Joseph was asked to perform a pen test on a client’s network. He was not provided with any information about the client organization except the company name.
Identify the type of testing Joseph is going to perform for the client organization?

• A. White-box Penetration Testing
• B. Black-box Penetration Testing
• C. Announced Testing
• D. Grey-box Penetration Testing

Answer 9. B

Question 10.

An organization deployed Microsoft Azure cloud services for running their business activities. They appointed Jamie, a security analyst for performing cloud penetration testing. Microsoft prohibits certain tests to be carried out on their platform.
Which of the following penetration testing activities Jamie cannot perform on the Microsoft Azure cloud service?

• A. Post scanning
• B. Denial-of-Service
• C. Log monitoring
• D. Load testing

Answer 10. B

============================= Please comment if you need more =================

Agile project management Artificial Intelligence aws blockchain cloud computing coding interview coding interviews Collaboration Coursera css cybersecurity cyber threats data analysis data breaches data science data visualization devops django docker excel flask Grafana html It Certification java javascript ketan kk Kubernetes machine learning machine learning engineer Network & Security nodejs online courses online learning Operating Systems Other It & Software pen testing Project Management python Software Engineering Terraform Udemy courses VLAN web development

You won’t be hoping you are ready, you will know you are ready to sit for and pass the exam. After practice these tests and scoring 90% or higher on them, you will be ready to PASS on the first attempt and avoid costly re-take fees, saving you time and money.

This course is frequently updated to ensure it stays current and up-to-date with the latest release of the certification exam and also provides you with a 30-day money-back guarantee if you are not satisfied with the quality of this course for any reason!