ExamGecko
Search Search Login
Home Home / ECCouncil / ECSS

ECCouncil ECSS Practice Test - Questions Answers, Page 3

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A disk drive has 16.384 cylinders, 80 heads, and 63 sectors per track, and each sector can store 512 bytes of data. What is the total size of the disk?
Peter, a network defender, was instructed to protect the corporate network from unauthorized access. To achieve this, he employed a security solution for wireless communication that uses dragonfly key exchange for authentication, which is the strongest encryption algorithm that protects the network from dictionary and key recovery attacks. Identify the wireless encryption technology implemented in the security solution selected by Peter in the above scenario.
Jay, a network administrator, was monitoring traffic flowing through an IDS. Unexpectedly, he received an event triggered as an alarm, although there is no active attack in progress. Identify the type of IDS alert Jay has received in the above scenario.
Bob, a security professional, was recruited by an organization to ensure that application services are being delivered as expected without any delay. To achieve this. Bob decided to maintain different backup servers for the same resources so that if one backup system fails, another will serve the purpose. Identify the IA principle employed by Bob in the above scenario.
Identify the backup mechanism that is performed within the organization using external devices such as hard disks and requires human interaction to perform the backup operations, thus, making it suspect able to theft or natural disasters.
Below is an extracted Apache error log entry. '(Wed Aug 28 13:35:38.878945 2020] (core:error] (pid 12356:tid 8689896234] (client 10.0.0.8] File not found: /images/folder/pic.jpg' Identify the element in the Apache error log entry above that represents the IP address from which the request was made.
A system that a cybercriminal was suspected to have used for performing an anti-social activity through the Tor browser. James reviewed the active network connections established using specific ports via Tor. Which of the following port numbers does Tor use for establishing a connection via Tor nodes?
Which of the following MAC forensic data components saves file information and related events using a token with a binary structure?
Kevin, an attacker, is attempting to compromise a cloud server. In this process, Kevin intercepted the SOAP messages transmitted between a user and the server, manipulated the body of the message, and then redirected it to the server as a legitimate user to gain access and run malicious code on the cloud server. Identify the attack initiated by Kevin on the target cloud server.
Which of the following environmental controls options saves the hardware from humidity and heat, increases hardware performance, and maintains consistent room temperature?

Question 21

Report
Export
Collapse

Which of the following practices makes web applications vulnerable to SQL injection attacks?

A.

Use the most restrictive SQL account types for applications

A.

Use the most restrictive SQL account types for applications

Answers
B.

Never build Transact SQL statements directly from user input

B.

Never build Transact SQL statements directly from user input

Answers
C.

Avoid constructing dynamic SQL with concatenated input values

C.

Avoid constructing dynamic SQL with concatenated input values

Answers
D.

A Accept entries that contain binary data, escape sequences, and comment characters

D.

A Accept entries that contain binary data, escape sequences, and comment characters

Answers
Suggested answer: C

Explanation:

SQL Injection (SQLi) is a prevalent vulnerability in web applications that occurs when an attacker can insert or manipulate SQL queries using untrusted user input. This vulnerability is exploited by constructing dynamic SQL statements that include user-provided data without proper validation or sanitization. When applications concatenate user input values directly into SQL queries, they become susceptible to SQLi, as attackers can craft input that alters the intended SQL command structure, leading to unauthorized access or manipulation of the database.

To mitigate SQL injection risks, it's crucial to avoid creating dynamic SQL queries by concatenating input values. Instead, best practices such as using prepared statements with parameterized queries, employing stored procedures, and implementing proper input validation and sanitization should be followed. These measures help ensure that user input is treated as data rather than part of the SQL code, thus preserving the integrity of the SQL statement and preventing injection attacks.

SQL Injection (SQLi): This common web application vulnerability arises when untrusted user input is directly used to construct SQL queries. Attackers can manipulate the input to alter the structure of the query, leading to data exposure, modification, or even deletion.

Dynamic SQL and Concatenation: Dynamically constructing SQL statements by concatenating user input is highly dangerous. Consider this example:

SQL

SELECT * FROM users WHERE username = userInput ;

An attacker can provide input like: ' OR '1'='1'-- resulting in this query:

SQL

SELECT * FROM users WHERE username = '' OR '1'='1' -- ;

This query will always return true due to the OR condition and the comment (--) effectively bypassing authentication.

Question 22

Report
Export
Collapse

Melanie, a professional hacker, is attempting to break into a target network through an application server. In this process, she identified a logic flaw in the target web application that provided visibility into the source code. She exploited this vulnerability to launch further attacks on the target web application.

Which of the web application vulnerabilities was identified by Melanie in the above scenario?

A.

Insecure deserialization

A.

Insecure deserialization

Answers
B.

Security misconfiguration

B.

Security misconfiguration

Answers
C.

Command injection

C.

Command injection

Answers
D.

Broken authentication

D.

Broken authentication

Answers
Suggested answer: B

Explanation:

Melanie discovered alogic flawin the target web application that allowed her to view thesource code. This flaw indicates asecurity misconfiguration, which can lead to further attacks.Security misconfigurations occur when an application or system is not properly configured, leaving it vulnerable to exploitation.Reference: EC-Council Certified Security Specialist (E|CSS) documents and study guide12.

Question 23

Report
Export
Collapse

Harry, a security professional, was hired to identify the details of an attack that was initiated on a Windows system. In this process, Harry decided to check the logs of currently running applications and the information related to previously uninstalled or removed applications for suspicious events.

Which of the following folders in a Windows system stores information on applications run on the system?

A.

C:\Windows\debug

A.

C:\Windows\debug

Answers
B.

C:\Windows\Book

B.

C:\Windows\Book

Answers
C.

C:\subdir

C.

C:\subdir

Answers
D.

C:\Windows\Prefelch

D.

C:\Windows\Prefelch

Answers
Suggested answer: D

Explanation:

The Prefetch folder in Windows is used to store information about applications that are run on the system. This data helps in optimizing the loading times of applications. The correct path is typicallyC:\Windows\Prefetch, notC:\Windows\Prefelchas listed in the options.It's important to note that while the Prefetch folder does contain logs that can be useful for understanding application behavior, it does not store logs for currently running applications or details about previously uninstalled applications1.

Question 24

Report
Export
Collapse

Bob. a security specialist at an organization, extracted the following IIS log from a Windows-based server: ''2019-12-12 06:11:41 192.168.0.10 GET /images/content/bg_body_l.jpg - 80 - 192.168.0.27 Mozilla/5.0 (Windows*NT6.3:*WOW64)*AppleWebKit/537.36*(KHTML.*likeCecko)*Chrome/48.0.2564.103Safari/537.36 http://www.movie5cope.com/css/style.c5s 200 0 0 365'

Identify the element in the above IIS log entry that indicates the request was fulfilled without error.

A.

192

A.

192

Answers
B.

80

B.

80

Answers
C.

200

C.

200

Answers
D.

537

D.

537

Answers
Suggested answer: C

Explanation:

The element in the given IIS log entry that indicates the request was fulfilled without error isC. 2001.The HTTP status code200signifies a successful response, indicating that the server successfully processed the client's request1.

Question 25

Report
Export
Collapse

Which of the following techniques is referred to as a messaging feature that originates from a server and enables the delivery of data or a message from an application to a mobile device without any explicit request from the user?

A.

Geofencing

A.

Geofencing

Answers
B.

PIN feature

B.

PIN feature

Answers
C.

Containerization

C.

Containerization

Answers
D.

Push notification

D.

Push notification

Answers
Suggested answer: D

Explanation:

Apush notificationis a messaging feature that originates from a server and enables the delivery of data or a message from an application to a mobile device without any explicit request from the user. It allows applications to notify users of new messages, updates, or events even when the app is not actively running on the device. Push notifications are commonly used in mobile apps to engage users and provide timely information.

Question 26

Report
Export
Collapse

Johnson is a professional hacker who targeted an organization's customers and decided to crack their system passwords. In this process, he found a list of valid customers, created a list of possible passwords, ranked the passwords from high to low probability, and started keying in each password in the target system until the correct password is discovered.

Identify the type of attack performed by Johnson in the above scenario.

A.

Password guessing

A.

Password guessing

Answers
B.

Rainbow table attack

B.

Rainbow table attack

Answers
C.

Dictionary attack

C.

Dictionary attack

Answers
D.

Brute force attack

D.

Brute force attack

Answers
Suggested answer: C

Explanation:

The scenario described involves Johnson using a list of possible passwords, which he has ranked by probability, and systematically entering them into the system to discover the correct one. This method is known as a dictionary attack, where an attacker uses a prearranged list of likely passwords---often derived from lists of common passwords or phrases---and tries them one by one. This is different from a brute force attack, which would involve trying all possible combinations, and a rainbow table attack, which uses precomputed hash values to crack encrypted passwords.Password guessing is a less systematic approach that doesn't necessarily involve a ranked list of passwords.Reference: The information provided aligns with the knowledge domains of the EC-Council Certified Security Specialist (E|CSS) program, which includes understanding various types of attacks and their methodologies as part of the ethical hacking and network defense curriculum1.

The scenario described involves Johnson, who has a list of valid customers and a list of possible passwords ranked by probability, which he uses to systematically attempt to log in to the target system. This method is known as adictionary attack. In a dictionary attack, the hacker uses a list of likely passwords---often derived from lists of common passwords or phrases---and tries them one by one. This differs from a brute force attack, which involves trying all possible combinations of characters until the correct one is found.

A dictionary attack is more efficient than brute force because it relies on the likelihood that people will use common words or phrases for passwords, making it a targeted approach based on probability rather than random attempts. Therefore, the correct answer is C, as it best describes the technique used by Johnson in the given scenario.

Question 27

Report
Export
Collapse

Below are the various steps involved in establishing a network connection using the shared key authentication process.

l .The AP sends a challenge text to the station.

2 .The station connects to the network.

3 .The station encrypts the challenge text using its configured 128-bit key and sends the encrypted text to the AP.

4 .The station sends an authentication frame to the AP.

5 .The AP uses its configured WEP key to decrypt the encrypted text and compares it with the original challenge text.

What is the correct sequence of steps involved in establishing a network connection using the shared key authentication process?

A.

2 >4 >3

A.

2 >4 >3

Answers
B.

4--->2--->1--->3--->5

B.

4--->2--->1--->3--->5

Answers
C.

4--->1--->3--->5--->2

C.

4--->1--->3--->5--->2

Answers
D.

4-->5->3->2-->1

D.

4-->5->3->2-->1

Answers
Suggested answer: C

Explanation:

The AP sends a challenge text to the station.

The Access Point (AP) initiates the authentication process by sending a challenge text to the station (client device).

The station connects to the network.

The station (client device) associates with the wireless network by connecting to the AP.

The station encrypts the challenge text using its configured 128-bit key and sends the encrypted text to the AP.

The station encrypts the challenge text using the shared secret key (configured on both the station and the AP).

It then sends the encrypted challenge text back to the AP.

The station sends an authentication frame to the AP.

The station constructs an authentication frame containing the encrypted challenge text.

This frame is sent to the AP for verification.

The AP uses its configured WEP key to decrypt the encrypted text and compares it with the original challenge text.

The AP decrypts the received encrypted challenge text using its configured WEP (Wired Equivalent Privacy) key.

If the decrypted text matches the original challenge text, the station is authenticated successfully.

Therefore, the correct sequence isC. 4--->1--->3--->5--->21. This order ensures that the challenge text is exchanged securely and verified by both the station and the AP during the shared key authentication process.

EC-Council Certified Security Specialist (E|CSS) documents and study guide.

EC-Council Certified Security Specialist (E|CSS) course materials1234

Question 28

Report
Export
Collapse

An organization decided to strengthen the security of its network by studying and analyzing the behavior of attackers. For this purpose. Steven, a security analyst, was instructed to deploy a device to bait attackers. Steven selected a solution that appears to contain very useful information to lure attackers and find their locationsand techniques.

Identify the type of device deployed by Steven in the above scenario.

A.

Firewall

A.

Firewall

Answers
B.

Router

B.

Router

Answers
C.

Intrusion detection system

C.

Intrusion detection system

Answers
D.

Honeypot

D.

Honeypot

Answers
Suggested answer: D

Explanation:

Steven deployed ahoneypotin the scenario. A honeypot is a simulation of an IT system or software application that acts as bait to attract the attention of attackers. While it appears to be a legitimate target, it is actually fake and carefully monitored by an IT security team.The purpose of a honeypot includes distraction (diverting attackers' attention), threat intelligence (revealing attack methods), and research/training for security professionals1.

EC-Council Certified Security Specialist (E|CSS) documents and study guide1.

EC-Council Certified Security Specialist (E|CSS) course materials2.

Question 29

Report
Export
Collapse

Kane, an investigation specialist, was appointed to investigate an incident in an organization's network. In this process, Kane executed a command and identified that a network interface is running in the promiscuous mode and is allowing all incoming packets without any restriction.

In the above scenario, which of the following commands did Kane use to check whether the network interface is set to the promiscuous mode?

A.

ipconfig < interface name >

A.

ipconfig < interface name >

Answers
B.

ifconfig < interface name >

B.

ifconfig < interface name >

Answers
C.

nmap -sT localhost

C.

nmap -sT localhost

Answers
D.

netstat -i

D.

netstat -i

Answers
Suggested answer: B

Explanation:

Kane used theifconfigcommand to check whether the network interface is set to promiscuous mode. Theifconfigcommand displays information about network interfaces, including their configuration settings. When a network interface is in promiscuous mode, it allows all incoming packets to be captured without any filtering or restriction.

EC-Council Certified Security Specialist (E|CSS) documents and study guide.

EC-Council Certified Security Specialist (E|CSS) course materials12345678910111213141516

Question 30

Report
Export
Collapse

Mark, a network administrator in an organization, was assigned the task of preventing data from falling into the wrong hands. In this process, Mark implemented authentication techniques and performed full memory encryption for the data stored on RAM.

In which of the following states has Steve encrypted the data in the above scenario?

A.

Data in transit

A.

Data in transit

Answers
B.

Data in rest

B.

Data in rest

Answers
C.

Data in use

C.

Data in use

Answers
D.

Data inactive

D.

Data inactive

Answers
Suggested answer: C

Explanation:

Mark implemented full memory encryption for the data stored in RAM. This means that the data is encrypted while it is actively being used by the system (e.g., during processing, execution, or manipulation). Data in use refers to the state when data resides in memory and is accessible by running processes. By encrypting data in use, Mark ensures that even if an attacker gains access to the system's memory, they won't be able to read sensitive information directly.

EC-Council Certified Encryption Specialist (E|CES) documents and study guide1.

EC-Council Certified Encryption Specialist (E|CES) course materials2.

Total 100 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms