ECSAv10 Practice Test

Which one of the following scans starts, but does not complete the TCP handshake sequence for each port selected, and
it works well for direct scanning and often works well through firewalls?

A.

SYN Scan

B.

Connect() scan

C.

XMAS Scan

D.

Null Scan

Which one of the following acts makes reputational risk of poor security a reality because it requires public disclosure of
any security breach that involves personal information if it is unencrypted or if it is reasonably believed that the
information has been acquired by an unauthorized person?

A.

California SB 1386

B.

Sarbanes-Oxley 2002

C.

Gramm-Leach-Bliley Act (GLBA)

D.

USA Patriot Act 2001

DMZ is a network designed to give the public access to the specific internal resources and you might want to do the
same thing for guests visiting organizations without compromising the integrity of the internal resources. In general,
attacks on the wireless networks fall into four basic categories.
Identify the attacks that fall under Passive attacks category.

A.

Wardriving

B.

Spoofing

C.

Sniffing

D.

Network Hijacking

Which of the following attacks does a hacker perform in order to obtain UDDI information such as businessEntity,
businesService, bindingTemplate, and tModel?

A.

Web Services Footprinting Attack

B.

Service Level Configuration Attacks

C.

URL Tampering Attacks

D.

Inside Attacks

Which vulnerability assessment phase describes the scope of the assessment, identifies and ranks the critical assets, and
creates proper information protection procedures such as effective planning, scheduling, coordination, and logistics?

A.

Threat-Assessment Phase

B.

Pre-Assessment Phase

C.

Assessment Phase

D.

Post-Assessment Phase