← Back to exam page

412-79 EC-Council Certified Security Analyst (ECSA)

Loading demo links...

Showing 10–12 of 15 questions

Question 10

Why is a legal agreement important to have before launching a penetration test?

Select an option, then click Submit answer.

  • Guarantees your consultant fees

  • Allows you to perform a penetration test without the knowledge and consent of the organization's upper management

  • It establishes the legality of the penetration test by documenting the scope of the project and the consent of the company.

  • It is important to ensure that the target organization has implemented mandatory security policies
Question 11

To locate the firewall, SYN packet is crafted using Hping or any other packet crafter and sent to the firewall. If ICMP unreachable type 13 message (which is an admin prohibited packet) with a source IP address of the access control device is received, then it means which of the following type of firewall is in place?

Select an option, then click Submit answer.

  • Circuit level gateway

  • Stateful multilayer inspection firewall

  • Packet filter

  • Application level gateway
Question 12

The objective of social engineering pen testing is to test the strength of human factors in a security chain within the organization. It is often used to raise the level of security awareness among employees.

The tester should demonstrate extreme care and professionalism during a social engineering pen test as it might involve legal issues such as violation of privacy and may result in an embarrassing situation for the organization.

Which of the following methods of attempting social engineering is associated with bribing, handing out gifts, and becoming involved in a personal relationship to befriend someone inside the company?

Select an option, then click Submit answer.

  • Accomplice social engineering technique

  • Identity theft

  • Dumpster diving

  • Phishing social engineering technique