ExamGecko
Search Search Login
Home Home / ECCouncil / ECSS

ECCouncil ECSS Practice Test - Questions Answers, Page 10

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A disk drive has 16.384 cylinders, 80 heads, and 63 sectors per track, and each sector can store 512 bytes of data. What is the total size of the disk?
Peter, a network defender, was instructed to protect the corporate network from unauthorized access. To achieve this, he employed a security solution for wireless communication that uses dragonfly key exchange for authentication, which is the strongest encryption algorithm that protects the network from dictionary and key recovery attacks. Identify the wireless encryption technology implemented in the security solution selected by Peter in the above scenario.
Jay, a network administrator, was monitoring traffic flowing through an IDS. Unexpectedly, he received an event triggered as an alarm, although there is no active attack in progress. Identify the type of IDS alert Jay has received in the above scenario.
Bob, a security professional, was recruited by an organization to ensure that application services are being delivered as expected without any delay. To achieve this. Bob decided to maintain different backup servers for the same resources so that if one backup system fails, another will serve the purpose. Identify the IA principle employed by Bob in the above scenario.
Which of the following MAC forensic data components saves file information and related events using a token with a binary structure?
Identify the backup mechanism that is performed within the organization using external devices such as hard disks and requires human interaction to perform the backup operations, thus, making it suspect able to theft or natural disasters.
Below is an extracted Apache error log entry. '(Wed Aug 28 13:35:38.878945 2020] (core:error] (pid 12356:tid 8689896234] (client 10.0.0.8] File not found: /images/folder/pic.jpg' Identify the element in the Apache error log entry above that represents the IP address from which the request was made.
A system that a cybercriminal was suspected to have used for performing an anti-social activity through the Tor browser. James reviewed the active network connections established using specific ports via Tor. Which of the following port numbers does Tor use for establishing a connection via Tor nodes?
Which of the following environmental controls options saves the hardware from humidity and heat, increases hardware performance, and maintains consistent room temperature?
Below are the various steps involved in forensic readiness planning. l .Keep an incident response team ready to review the incident and preserve the evidence. 2 .Create a process for documenting the procedure. 3.ldentify the potential evidence required for an incident. 4.Determine the sources of evidence. 5.Establish a legal advisory board to guide the investigation process. 6.ldentify if the incident requires full or formal investigation. 7.Establish a policy for securely handling and storing the collected evidence. 8.Define a policy that determines the pathway to legally extract electronic evidence with minimal disruption. Identify the correct sequence of steps involved in forensic readiness planning.

Question 91

Report
Export
Collapse

Clark, a digital forensic expert, was assigned to investigate a malicious activity performed on an organization's network. The organization provided Clark with all the information related to the incident. In this process, he assessed the impact of the incident on the organization, reasons for and source of the incident, steps required to tackle the incident, investigating team required to handle the case, investigative procedures, and possible outcome of the forensic process.

Identify the type of analysis performed by Clark in the above scenario.

A.

Data analysis

A.

Data analysis

Answers
B.

Log analysis

B.

Log analysis

Answers
C.

Traffic analysis

C.

Traffic analysis

Answers
D.

Case analysis

D.

Case analysis

Answers
Suggested answer: D

Explanation:

In the given scenario, Clark performed acase analysis. This involves assessing the impact of the incident, understanding its reasons and source, determining the necessary steps to address it, assembling an investigative team, defining investigative procedures, and considering potential outcomes of the forensic process. Case analysis is crucial in digital forensics to effectively handle incidents and gather relevant evidence.

https://www.eccouncil.org/train-certify/certified-soc-analyst-csa/

Question 92

Report
Export
Collapse

Jacob, a network defender in an organization, was instructed to improve the physical security measures to prevent unauthorized intrusion attempts. In this process, Jacob implemented certain physical security controls by using warning messages and signs that notify legal consequences to discourage hackers from making intrusion attempts.

Which of the following type of physical security controls has Jacob implemented in the above scenario?

A.

Detective control

A.

Detective control

Answers
B.

Preventive controls

B.

Preventive controls

Answers
C.

Deterrent controls

C.

Deterrent controls

Answers
D.

Recovery controls

D.

Recovery controls

Answers
Suggested answer: C

Explanation:

Jacob has implementeddeterrent controlsby using warning messages and signs to discourage hackers from attempting unauthorized intrusions.Deterrent controls aim to deter potential attackers by creating a visible deterrent effect, such as displaying signs indicating legal consequences or security measures1. These controls serve as a preventive measure by discouraging unauthorized access.Reference: EC-Council Certified Security Specialist (E|CSS) documents and course materials.

Question 93

Report
Export
Collapse

Jessica, a user, wanted to access the Internet from her laptop and therefore sends a connection request to the access point. To identify the wireless client, the access point forwarded that request to a RADIUS server. The RADIUS server transmitted authentication keys to both the access point and Jessica's laptop. This key helps the access point identify a particular wireless client.

Identify the authentication method demonstrated in the above scenario.

A.

Open system authentication

A.

Open system authentication

Answers
B.

Null authentication

B.

Null authentication

Answers
C.

Shared key authentication

C.

Shared key authentication

Answers
D.

Centralized authentication

D.

Centralized authentication

Answers
Suggested answer: D

Explanation:

The scenario described involves the use of a RADIUS (Remote Authentication Dial-In User Service) server.RADIUS is a client-server protocol that provides centralized network authentication12. In this case, the access point (client) forwards the connection request to the RADIUS server, which then sends authentication keys to both the access point and the user's laptop (supplicant).This process helps the access point identify the wireless client12.

RADIUS servers are also known as AAA (Authentication, Authorization, and Accounting) servers because they provide these three services1. The authentication process begins when a user attempts to log into the network.Their device will request access either through the use of credentials or by presenting an X.509 digital certificate1.The RADIUS server then compares the user's information with a list of users stored in a directory or IDP (Identity Provider)1.

Therefore, the authentication method demonstrated in the scenario iscentralized authentication(Option D), where a central server (in this case, the RADIUS server) handles the authentication of users.


Question 94

Report
Export
Collapse

Mark, an attacker, aims to access an organization's internal server, but the local firewall implementation restricted him from achieving this objective. To overcome this issue, he started sending specially crafted requests to the public server, through which he gained access to the local server.

Identify the type of attack initiated by Mark in the above scenario.

A.

Web cache poisoning attack

A.

Web cache poisoning attack

Answers
B.

SSRF attack

B.

SSRF attack

Answers
C.

TTP response-splitting attack

C.

TTP response-splitting attack

Answers
D.

SSH brute-force attack

D.

SSH brute-force attack

Answers
Suggested answer: B

Explanation:

Mark's actions align with aServer-Side Request Forgery (SSRF)attack. In SSRF, an attacker manipulates the target web server into making requests to unintended locations. In this case, Mark sent specially crafted requests to the public server, which allowed him to access the internal server.SSRF vulnerabilities can lead to sensitive information disclosure, unauthorized access to internal systems, and other dangerous attacks12.

EC-Council Certified Security Specialist (E|CSS) documents and study guide.

EC-Council Certified Security Specialist (E|CSS) course materials34.

Question 95

Report
Export
Collapse

Kalley, a network administrator of an organization, has installed a traffic monitoring system to capture and report suspicious traffic signatures. In this process, she detects traffic containing password cracking, sniffing, and brute-forcing attempts.

Which of the following categories of suspicious traffic signature were identified by Kalley through the installed monitoring system?

A.

Reconnaissance signatures

A.

Reconnaissance signatures

Answers
B.

Informational signatures

B.

Informational signatures

Answers
C.

Unauthorized access signatures

C.

Unauthorized access signatures

Answers
D.

Denial of service (DoS) signatures

D.

Denial of service (DoS) signatures

Answers
Suggested answer: C

Explanation:

Kalley identifiedunauthorized access signaturesthrough the installed traffic monitoring system. These signatures correspond to activities such aspassword cracking,sniffing, andbrute-forcing attempts.Unauthorized access attempts are a critical security concern, as they may indicate potential security breaches or malicious activity.Reference: EC-Council Certified Security Specialist (E|CSS) documents and study guide12.

Question 96

Report
Export
Collapse

Ben, a computer user, applied for a digital certificate. A component of PKI verifies Ben's identity using the credentials provided and passes that request on behalf of Ben to grant the digital certificate.

Which of the following PKI components verified Ben as being legitimate to receive the certificate?

A.

Certificate directory

A.

Certificate directory

Answers
B.

Validation authority (VA)

B.

Validation authority (VA)

Answers
C.

Certificate authority (CA)

C.

Certificate authority (CA)

Answers
D.

Registration authority (RA)

D.

Registration authority (RA)

Answers
Suggested answer: D

Explanation:

In the context of Public Key Infrastructure (PKI), theRegistration Authority (RA)plays a crucial role in verifying the identity of individuals or entities requesting digital certificates. Here's how it works:

Ben, the computer user, applies for a digital certificate.

TheRAverifies Ben's identity using the credentials provided.

Once verified, theRAforwards the request on behalf of Ben to theCertificate Authority (CA).

TheCAthen issues the digital certificate to Ben.

Therefore, theRAis responsible for ensuring that legitimate individuals receive valid digital certificates by verifying their identity.

EC-Council Certified Security Specialist (E|CSS) documents and study guide1.

EC-Council Certified Security Specialist (E|CSS) course materials2.

Question 97

Report
Export
Collapse

Sam is working as a loan agent for a financial institution. He frequently receives a number of emails from clients providing their personal details for loan approval. As these emails contain sensitive data. Sam had set up a feature that directly downloads the emails on his device without storing a copy on the mail server.

Which of the following protocols provides the above-discussed email features?

A.

SHA-1

A.

SHA-1

Answers
B.

ICMP

B.

ICMP

Answers
C.

SNMP

C.

SNMP

Answers
D.

POP3

D.

POP3

Answers
Suggested answer: D

Explanation:

ThePost Office Protocol version 3 (POP3)is a standard email protocol that allows users to retrieve emails from a mail server. Unlike other email protocols (such as IMAP), POP3 downloads emails to the user's device and removes them from the server. In Sam's case, setting up POP3 ensures that emails containing sensitive data are directly downloaded to his device without leaving a copy on the mail server.

Question 98

Report
Export
Collapse

Sam is a hacker who decided to damage the reputation of an organization. He started collecting information about the organization using social engineering techniques. Sam aims to gather critical information such as admin passwords and OS versions to plan for an attack.

Identify the target employee in the organization from whom Sam can gather the required information.

A.

Helpdesk

A.

Helpdesk

Answers
B.

Third-party service provider

B.

Third-party service provider

Answers
C.

System administrators

C.

System administrators

Answers
D.

Customer support learn

D.

Customer support learn

Answers
Suggested answer: C

Explanation:

Social engineering attacks exploit human psychology to manipulate individuals into divulging sensitive information or performing actions that compromise security. In Sam's case, he aims to gather critical information about the organization using social engineering techniques.

System administrators are prime targets for social engineering attacks due to their privileged access and knowledge of the organization's infrastructure. They often have access to admin passwords, OS versions, and other critical information. By targeting system administrators, Sam can gather the required details to plan his attack effectively.

EC-Council Certified Security Specialist (E|CSS) course materials and study guide1.

EC-Council's focus on social engineering concepts and techniques in its training programs2.

Question 99

Report
Export
Collapse

A major fire broke out in the storeroom of CyberSol Inc. It first gutted the equipment in the storeroom and then started spreading to other areas in the company. The officials of the company informed the fire department. The fire rescue team reached the premises and used a distribution piping system to suppress the fire, thereby preventing any human or asset loss.

Identify the type of fire-fighting system used by the rescue team in the above scenario.

A.

Fire extinguisher

A.

Fire extinguisher

Answers
B.

Wet chemical suppressant

B.

Wet chemical suppressant

Answers
C.

Standpipe system

C.

Standpipe system

Answers
D.

Sprinkler system

D.

Sprinkler system

Answers
Suggested answer: D

Explanation:

The fire rescue team used asprinkler systemto suppress the fire in the storeroom. Sprinkler systems are designed to automatically release water when a fire is detected. They are commonly installed in buildings to prevent the spread of fire and protect both human lives and assets. The distribution piping system mentioned in the scenario is a key component of sprinkler systems, allowing water to be distributed to the affected areas.

EC-Council Certified Security Specialist (E|CSS) documents and study guide.

EC-Council Certified Security Specialist (E|CSS) course materials and course content1234567

The scenario indicates a sprinkler system was used for several reasons:

Scale and Location:The fire started in a storage room and began to spread. This suggests a larger, multi-room incident rather than a localized fire. Sprinkler systems are well-suited for this.

Distribution Piping:The question explicitly mentions 'distribution piping' which is a key component of sprinkler systems.

Automatic Suppression:Sprinklers are designed to activate automatically based on heat, helping contain the fire even before the fire department arrives.

Question 100

Report
Export
Collapse

Sarah, a forensic investigator, is working on a criminal case. She was provided with all the suspect devices. Sarah employs an imaging software tool for duplicating the original data from the suspect devices. However, the tool she employed failed to image the data as the suspect version of the drive was very old and incompatible with imaging software. Hence, Sarah used an alternative data acquisition technique and succeeded in imaging the data.

Which of the following types of data acquisition techniques did Sarah employ in the above scenario?

A.

Bit-stream disk-to-disk

A.

Bit-stream disk-to-disk

Answers
B.

Bit-stream disk-to-image file

B.

Bit-stream disk-to-image file

Answers
C.

Sparse acquisition

C.

Sparse acquisition

Answers
D.

Logical acquisition

D.

Logical acquisition

Answers
Suggested answer: D

Explanation:

Sarah employed theLogical acquisitiontechnique in the given scenario. Logical acquisition involves selectively extracting specific files, folders, or data from a device, bypassing the need for a full disk image.It is useful when traditional imaging methods fail due to compatibility issues or other constraints1. In this case, Sarah successfully imaged the data using an alternative approach, focusing on specific data rather than creating a bit-stream image of the entire drive.The logical acquisition method allowed her to work around the limitations posed by the outdated suspect drive version1.

EC-Council Certified Security Specialist (E|CSS) documents and study guide.

EC-Council Certified Security Specialist (E|CSS) course materials.

1:How to Handle Data Acquisition in Digital Forensics

Total 100 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms