EC-Council Certified Security Analyst

Here you have the best ECCouncil ECSAv10 practice exam questions

You have 150 total questions across 30 pages (5 per page)
These questions were last updated on February 13, 2026
This site is not affiliated with or endorsed by ECCouncil.

Question 1 of 150

Irin is a newly joined penetration tester for XYZ Ltd. While joining, as a part of her training, she was instructed about various legal policies and information securities acts by her trainer. During the training, she was informed about a specific information security act related to the conducts and activities like it is illegal to perform DoS attacks on any websites or applications, it is illegal to supply and own hacking tools, it is illegal to access unauthorized computer material, etc.
To which type of information security act does the above conducts and activities best suit?

Police and Justice Act 2006

Data Protection Act 1998

USA Patriot Act 2001

Human Rights Act 1998

Question 2 of 150

Adam is an IT administrator for Syncan Ltd. He is designated to perform various IT tasks like setting up new user accounts, managing backup/restores, security authentications and passwords, etc. Whilst performing his tasks, he was asked to employ the latest and most secure authentication protocol to encrypt the passwords of users that are stored in the Microsoft Windows OS-based systems.
Which of the following authentication protocols should Adam employ in order to achieve the objective?

LANMAN

Kerberos

NTLM

NTLMv2

Question 3 of 150

Michael, a Licensed Penetration Tester, wants to create an exact replica of an original website, so he can browse and spend more time analyzing it.
Which of the following tools will Michael use to perform this task?

VisualRoute

NetInspector

BlackWidow

Zaproxy

Question 4 of 150

A hacker initiates so many invalid requests to a cloud network host that the host uses all its resources responding to invalid requests and ignores the legitimate requests.

Identify the type of attack -

Denial of Service (DoS) attacks

Side Channel attacks

Man-in-the-middle cryptographic attacks

Authentication attacks

Question 5 of 150

Thomas is an attacker and he skimmed through the HTML source code of an online shopping website for the presence of any vulnerabilities that he can exploit.
He already knows that when a user makes any selection of items in the online shopping webpage, the selection is typically stored as form field values and sent to the application as an HTTP request (GET or POST) after clicking the Submit button. He also knows that some fields related to the selected items are modifiable by the user (like quantity, color, etc.) and some are not (like price). While skimming through the HTML code, he identified that the price field values of the items are present in the HTML code. He modified the price field values of certain items from $200 to $2 in the HTML code and submitted the request successfully to the application.
Identify the type of attack performed by Thomas on the online shopping website?

Session poisoning attack

Hidden field manipulation attack

HTML embedding attack

XML external entity attack

About the ECCouncil ECSAv10 Certification Exam

About the Exam

The ECCouncil ECSAv10 (EC-Council Certified Security Analyst) validates your knowledge and skills. Passing demonstrates proficiency and can boost your career prospects in the field.

How to Prepare

Work through all 150 practice questions across 30 pages. Focus on understanding the reasoning behind each answer rather than memorizing responses to be ready for any variation on the real exam.

Why Practice Exams?

Practice exams help you familiarize yourself with the question format, manage your time, and reduce anxiety on the test day. Our ECSAv10 questions are regularly updated to reflect the latest exam objectives.