EC Council Certified Security Analyst (ECSA) Set 4

The term social engineering is used to describe the various tricks used to fool people (employees, business partners, or customers) into voluntarily giving away information that would not normally be known to the general public. What is the criminal practice of social engineering where an attacker uses the telephone system in an attempt to scam the user into surrendering private information?

Which of the following acts is a proprietary information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e- purse, ATM, and POS cards and applies to all entities involved in payment card processing?

Which among the following information is not furnished by the Rules of Engagement (ROE) document?

An attacker injects malicious query strings in user input fields to bypass web service authentication mechanisms and to access back-end databases. Which of the following attacks is this?

Identify the type of authentication mechanism represented below:

John, a penetration tester from a pen test firm, was asked to collect information about the host file in a Windows system directory. Which of the following is the location of the host file in Window system directory?

Packet filtering firewalls are usually a part of a router. In a packet filtering firewall, each packet is compared to a set of criteria before it is forwarded. Depending on the packet and the criteria, the firewall can: i) Drop the packet ii) Forward it or send a message to the originator At which level of the OSI model do the packet filtering firewalls work?

By default, the TFTP server listens on UDP port 69. Which of the following utility reports the port status of target TCP and UDP ports on a local or a remote computer and is used to troubleshoot TCP/IP connectivity issues?

Vulnerability assessment is an examination of the ability of a system or application, including current security procedures and controls, to withstand assault. It recognizes, measures, and classifies security vulnerabilities in a computer system, network, and communication channels. A vulnerability assessment is used to identify weaknesses that could be exploited and predict the effectiveness of additional security measures in protecting information resources from attack. Which of the following vulnerability assessment technique is used to test the web server infrastructure for any misconfiguration and outdated content?

Which of the following methods is used to perform server discovery?