ECSA Verified Questions & Answer
( 2022/2023)
Your company's network just finished going through a SAS 70 audit. This audit reported that overall, your
network is secure, but there are some areas that needs improvement. The major area was SNMP
security. The audit company recommended turning off SNMP, but that is not an option since you have so
many remote nodes to keep track of. What step could you take to help secure SNMP on your network?
A. Change the default community string names
B. Block all internal MAC address from using SNMP
C. Block access to UDP port 171
D. Block access to TCP port 171 - <answer> -A
At what layer of the OSI model do routers function on?
A. 3
B. 4
C. 5
D. 1 - <answer> -A
An "idle" system is also referred to as what?
A. Zombie
B. PC not being used
C. Bot
D. PC not connected to the Internet - <answer> -A
What operating system would respond to the following command?
A. Mac OS X
,B. Windows XP
C. Windows 95
D. FreeBSD - <answer> -D
Why are Linux/Unix based computers better to use than Windows computers for idle scanning?
A. Windows computers will not respond to idle scans
B. Linux/Unix computers are constantly talking
C. Linux/Unix computers are easier to compromise
D. Windows computers are constantly talking - <answer> -D
How many bits is Source Port Number in TCP Header packet?
A. 48
B. 32
C. 64
D. 16 - <answer> -D
Why are Linux/Unix based computers better to use than Windows computers for idle scanning?
A. Windows computers are constantly talking
B. Linux/Unix computers are constantly talking
C. Linux/Unix computers are easier to compromise
D. Windows computers will not respond to idle scans - <answer> -A
Simon is a former employee of Trinitron XML Inc. He feels he was wrongly terminated and wants to hack
into his former company's network. Since Simon remembers some of the server names, he attempts to
run the axfr and ixfr commands using DIG. What is Simon trying to accomplish here?
A. Enumerate all the users in the domain
B. Perform DNS poisoning
C. Send DOS commands to crash the DNS servers
D. Perform a zone transfer - <answer> -D
,After attending a CEH security seminar, you make a list of changes you would like to perform on your
network to increase its security. One of the first things you change is to switch the RestrictAnonymous
setting from 0 to 1 on your servers. This, as you were told, would prevent anonymous users from
establishing a null session on the server. Using Userinfo tool mentioned at
the seminar, you succeed in establishing a null session with one of the servers. Why is that?
A. RestrictAnonymous must be set to "2" for complete security
B. RestrictAnonymous must be set to "3" for complete security
C. There is no way to always prevent an anonymous null session from establishing
D. RestrictAnonymous must be set to "10" for complete security - <answer> -A
What will the following command accomplish?
A. Test ability of a router to handle over-sized packets
B. Test the ability of a router to handle fragmented packets
C. Test the ability of a WLAN to handle fragmented packets
D. Test the ability of a router to handle under-sized packets - <answer> -A
What are the security risks of running a "repair" installation for Windows XP?
A. There are no security risks when running the "repair" installation for Windows XP
B. Pressing Shift+F1 gives the user administrative rights
C. Pressing Ctrl+F10 gives the user administrative rights
D. Pressing Shift+F10 gives the user administrative rights - <answer> -D
You are the security analyst working for a private company out of France. Your current assignment is to
obtain credit card information from a Swiss bank owned by that company. After initial reconnaissance,
you discover that the bank security defenses are very strong and would take too long to penetrate. You
decide to get the information by monitoring the traffic between the bank and one of its subsidiaries in
London. After monitoring some of the traffic, you see a lot of FTP packets traveling back and forth. You
want to sniff the traffic and extract usernames and passwords. What
tool could you use to get this information?
A. RaidSniff
B. Snort
, C. Ettercap
D. Airsnort - <answer> -C
George is the network administrator of a large Internet company on the west coast. Per corporate policy,
none of the employees in the company are allowed to use FTP or SFTP programs without obtaining
approval from the IT department. Few managers are using SFTP program on their computers. Before
talking to his boss, George wants to have some proof of their activity.
George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network.
What filter should George use in Ethereal?
A. net port 22
B. udp port 22 and host 172.16.28.1/24
C. src port 22 and dst port 22
D. src port 23 and dst port 23 - <answer> -C
You are assisting a Department of Defense contract company to become compliant with the stringent
security policies set by the DoD. One such strict rule is that firewalls must only allow incoming
connections that were first initiated by internal computers. What type of firewall must you implement to
abide by this policy?
A. Circuit-level proxy firewall
B. Packet filtering firewall
C. Application-level proxy firewall
D. Statefull firewall - <answer> -D
You are running known exploits against your network to test for possible vulnerabilities. To test the
strength of your virus software, you load a test network to mimic your production network. Your
software successfully blocks some simple macro and encrypted viruses. You decide to really test the
software by using virus code where the code rewrites itself entirely and the signatures change from child
to child, but the functionality stays the same. What type of virus is this that you are testing?
A. Metamorphic
B. Oligomorhic
C. Polymorphic
D. Transmorphic - <answer> -A
( 2022/2023)
Your company's network just finished going through a SAS 70 audit. This audit reported that overall, your
network is secure, but there are some areas that needs improvement. The major area was SNMP
security. The audit company recommended turning off SNMP, but that is not an option since you have so
many remote nodes to keep track of. What step could you take to help secure SNMP on your network?
A. Change the default community string names
B. Block all internal MAC address from using SNMP
C. Block access to UDP port 171
D. Block access to TCP port 171 - <answer> -A
At what layer of the OSI model do routers function on?
A. 3
B. 4
C. 5
D. 1 - <answer> -A
An "idle" system is also referred to as what?
A. Zombie
B. PC not being used
C. Bot
D. PC not connected to the Internet - <answer> -A
What operating system would respond to the following command?
A. Mac OS X
,B. Windows XP
C. Windows 95
D. FreeBSD - <answer> -D
Why are Linux/Unix based computers better to use than Windows computers for idle scanning?
A. Windows computers will not respond to idle scans
B. Linux/Unix computers are constantly talking
C. Linux/Unix computers are easier to compromise
D. Windows computers are constantly talking - <answer> -D
How many bits is Source Port Number in TCP Header packet?
A. 48
B. 32
C. 64
D. 16 - <answer> -D
Why are Linux/Unix based computers better to use than Windows computers for idle scanning?
A. Windows computers are constantly talking
B. Linux/Unix computers are constantly talking
C. Linux/Unix computers are easier to compromise
D. Windows computers will not respond to idle scans - <answer> -A
Simon is a former employee of Trinitron XML Inc. He feels he was wrongly terminated and wants to hack
into his former company's network. Since Simon remembers some of the server names, he attempts to
run the axfr and ixfr commands using DIG. What is Simon trying to accomplish here?
A. Enumerate all the users in the domain
B. Perform DNS poisoning
C. Send DOS commands to crash the DNS servers
D. Perform a zone transfer - <answer> -D
,After attending a CEH security seminar, you make a list of changes you would like to perform on your
network to increase its security. One of the first things you change is to switch the RestrictAnonymous
setting from 0 to 1 on your servers. This, as you were told, would prevent anonymous users from
establishing a null session on the server. Using Userinfo tool mentioned at
the seminar, you succeed in establishing a null session with one of the servers. Why is that?
A. RestrictAnonymous must be set to "2" for complete security
B. RestrictAnonymous must be set to "3" for complete security
C. There is no way to always prevent an anonymous null session from establishing
D. RestrictAnonymous must be set to "10" for complete security - <answer> -A
What will the following command accomplish?
A. Test ability of a router to handle over-sized packets
B. Test the ability of a router to handle fragmented packets
C. Test the ability of a WLAN to handle fragmented packets
D. Test the ability of a router to handle under-sized packets - <answer> -A
What are the security risks of running a "repair" installation for Windows XP?
A. There are no security risks when running the "repair" installation for Windows XP
B. Pressing Shift+F1 gives the user administrative rights
C. Pressing Ctrl+F10 gives the user administrative rights
D. Pressing Shift+F10 gives the user administrative rights - <answer> -D
You are the security analyst working for a private company out of France. Your current assignment is to
obtain credit card information from a Swiss bank owned by that company. After initial reconnaissance,
you discover that the bank security defenses are very strong and would take too long to penetrate. You
decide to get the information by monitoring the traffic between the bank and one of its subsidiaries in
London. After monitoring some of the traffic, you see a lot of FTP packets traveling back and forth. You
want to sniff the traffic and extract usernames and passwords. What
tool could you use to get this information?
A. RaidSniff
B. Snort
, C. Ettercap
D. Airsnort - <answer> -C
George is the network administrator of a large Internet company on the west coast. Per corporate policy,
none of the employees in the company are allowed to use FTP or SFTP programs without obtaining
approval from the IT department. Few managers are using SFTP program on their computers. Before
talking to his boss, George wants to have some proof of their activity.
George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network.
What filter should George use in Ethereal?
A. net port 22
B. udp port 22 and host 172.16.28.1/24
C. src port 22 and dst port 22
D. src port 23 and dst port 23 - <answer> -C
You are assisting a Department of Defense contract company to become compliant with the stringent
security policies set by the DoD. One such strict rule is that firewalls must only allow incoming
connections that were first initiated by internal computers. What type of firewall must you implement to
abide by this policy?
A. Circuit-level proxy firewall
B. Packet filtering firewall
C. Application-level proxy firewall
D. Statefull firewall - <answer> -D
You are running known exploits against your network to test for possible vulnerabilities. To test the
strength of your virus software, you load a test network to mimic your production network. Your
software successfully blocks some simple macro and encrypted viruses. You decide to really test the
software by using virus code where the code rewrites itself entirely and the signatures change from child
to child, but the functionality stays the same. What type of virus is this that you are testing?
A. Metamorphic
B. Oligomorhic
C. Polymorphic
D. Transmorphic - <answer> -A
