ExamGecko
Search Search Login
Home Home / ECCouncil / ECSS

ECCouncil ECSS Practice Test - Questions Answers, Page 4

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A disk drive has 16.384 cylinders, 80 heads, and 63 sectors per track, and each sector can store 512 bytes of data. What is the total size of the disk?
Peter, a network defender, was instructed to protect the corporate network from unauthorized access. To achieve this, he employed a security solution for wireless communication that uses dragonfly key exchange for authentication, which is the strongest encryption algorithm that protects the network from dictionary and key recovery attacks. Identify the wireless encryption technology implemented in the security solution selected by Peter in the above scenario.
Bob, a security professional, was recruited by an organization to ensure that application services are being delivered as expected without any delay. To achieve this. Bob decided to maintain different backup servers for the same resources so that if one backup system fails, another will serve the purpose. Identify the IA principle employed by Bob in the above scenario.
Jay, a network administrator, was monitoring traffic flowing through an IDS. Unexpectedly, he received an event triggered as an alarm, although there is no active attack in progress. Identify the type of IDS alert Jay has received in the above scenario.
Which of the following MAC forensic data components saves file information and related events using a token with a binary structure?
Identify the backup mechanism that is performed within the organization using external devices such as hard disks and requires human interaction to perform the backup operations, thus, making it suspect able to theft or natural disasters.
Below is an extracted Apache error log entry. '(Wed Aug 28 13:35:38.878945 2020] (core:error] (pid 12356:tid 8689896234] (client 10.0.0.8] File not found: /images/folder/pic.jpg' Identify the element in the Apache error log entry above that represents the IP address from which the request was made.
A system that a cybercriminal was suspected to have used for performing an anti-social activity through the Tor browser. James reviewed the active network connections established using specific ports via Tor. Which of the following port numbers does Tor use for establishing a connection via Tor nodes?
Which of the following environmental controls options saves the hardware from humidity and heat, increases hardware performance, and maintains consistent room temperature?
Kevin, an attacker, is attempting to compromise a cloud server. In this process, Kevin intercepted the SOAP messages transmitted between a user and the server, manipulated the body of the message, and then redirected it to the server as a legitimate user to gain access and run malicious code on the cloud server. Identify the attack initiated by Kevin on the target cloud server.

Question 31

Report
Export
Collapse

Sarah was accessing confidential office files from a remote location via her personal computer connected to the public Internet. Accidentally, a malicious file was downloaded onto Sarah's computer without her knowledge. This download might be due to the free Internet access and the absence of network defense solutions.

Identify the Internet access policy demonstrated in the above scenario.

A.

Promiscuous policy

A.

Promiscuous policy

Answers
B.

Paranoid policy

B.

Paranoid policy

Answers
C.

Permissive policy

C.

Permissive policy

Answers
D.

Prudent policy

D.

Prudent policy

Answers
Suggested answer: C

Explanation:

In the given scenario, Sarah's personal computer connected to the public Internet allowed a malicious file to be downloaded without her knowledge. This situation reflects apermissive policy, where unrestricted access to the Internet is allowed, potentially leading to security risks.Reference: EC-Council Certified Security Specialist (E|CSS) documents and study guide .

Question 32

Report
Export
Collapse

Finch, a security professional, was instructed to strengthen the security at the entrance. At the doorway, he implemented a security mechanism that allows employees to register their retina scan and a unique six-digit code, using which they can enter the office at any time.

Which of the following combinations of authentication mechanisms is implemented in the above scenario?

A.

Password and two-factor authentication

A.

Password and two-factor authentication

Answers
B.

Two-factor and smart card authentication

B.

Two-factor and smart card authentication

Answers
C.

Biometric and password authentication

C.

Biometric and password authentication

Answers
D.

Smart card and password authentication

D.

Smart card and password authentication

Answers
Suggested answer: C

Explanation:

In the scenario described, Finch implemented a combination ofbiometric authentication(retina scan) andpassword authentication(unique six-digit code). Biometric authentication relies on unique physical or behavioral characteristics (such as retina scans) to verify identity, while password authentication requires users to enter a secret code (the six-digit code in this case).Combining these two mechanisms enhances security by requiring both something the user knows (password) and something the user is (biometric) for access.Reference: EC-Council Certified Security Specialist (E|CSS) documents and study guide12.

Question 33

Report
Export
Collapse

Which of th following titles of Th Electronic Communications Privacy Act protects the privacy of the contents of files stored by service providers and records held about the subscriber by service providers, such as subscriber name, billing records, and IP addresses?

A.

Title II

A.

Title II

Answers
B.

Title I

B.

Title I

Answers
C.

Title IV

C.

Title IV

Answers
D.

Title III

D.

Title III

Answers
Suggested answer: A

Explanation:

Title II of the Electronic Communications Privacy Act (ECPA), known as the Stored Communications Act (SCA), protects the privacy of the contents of files stored by service providers and records held about the subscriber by service providers.This includes information such as subscriber names, billing records, and IP addresses1.

The correct answer isTitle II. It specifically safeguards communications held in electronic storage, particularly messages stored on computers.While Title I of the ECPA protects wire, oral, and electronic communications while in transit, Title II focuses on the privacy of stored communications3.

Question 34

Report
Export
Collapse

William is an attacker who is attempting to hack Bluetooth-enabled devices at public places. Within the target's range, he used special software to obtain the data stored in the victim's device. He used a technique that exploits the vulnerability in the OBject Exchange (OBEX) protocol that Bluetooth uses to exchange information.

Identify the attack performed by William in the above scenario.

A.

Bluesmacking

A.

Bluesmacking

Answers
B.

Bluesnarfing

B.

Bluesnarfing

Answers
C.

Bluebugging

C.

Bluebugging

Answers
D.

Bluejacking

D.

Bluejacking

Answers
Suggested answer: B

Explanation:

William performed theBluesnarfingattack. Bluesnarfing is a technique where an attacker exploits a vulnerability in theOBject Exchange (OBEX)protocol used by Bluetooth to exchange information. By doing so, the attacker gains unauthorized access to data stored on the victim's Bluetooth-enabled device.

EC-Council Certified Security Specialist (E|CSS) documents and study guide.

EC-Council Certified Security Specialist (E|CSS) course materials1234

Question 35

Report
Export
Collapse

In which of the following levels of the OSI model does an attacker gain control over the HTTP user session by obtaining the session IDs and create new unauthorized sessions by using the stolen data?

A.

Presentation level

A.

Presentation level

Answers
B.

Transport level

B.

Transport level

Answers
C.

Network-level

C.

Network-level

Answers
D.

Application-level

D.

Application-level

Answers
Suggested answer: D

Explanation:

In the OSI model, theapplication layer(Layer 7) is closest to users and establishes communication between the user and applications. It deals with user interfaces, protocols, and application-specific data. An attacker who gains control over the HTTP user session by obtaining session IDs and creating new unauthorized sessions operates at the application level. By manipulating session IDs, the attacker can impersonate legitimate users and perform unauthorized actions.

EC-Council Certified Security Specialist (E|CSS) documents and study guide1.

EC-Council Certified Security Specialist (E|CSS) course materials2.

The application layer is where HTTP operates, making it the relevant layer for session management and security. Attackers exploit vulnerabilities in web applications to gain unauthorized access, manipulate sessions, and potentially compromise user data. Ensuring secure session management practices is crucial to prevent such attacks.

Question 36

Report
Export
Collapse

Andrew, a system administrator, is performing a UEFI boot process. The current phase of the UEFI boot process consists of the initialization code that the system executes after powering on the EFI system. This phase also manages platform reset events and sets up the system so that it can find, validate, install, and run the PEI.

Which of the following UEFI boot phases is the process currently in?

A.

Pre-EFI initialization phase

A.

Pre-EFI initialization phase

Answers
B.

Security phase

B.

Security phase

Answers
C.

Boot device selection phase

C.

Boot device selection phase

Answers
D.

Driver execution environment phase

D.

Driver execution environment phase

Answers
Suggested answer: A

Explanation:

The scenario accurately describes the functions of the PEI phase within the UEFI boot process:

PEI Phase Key Characteristics:

Early Hardware Initialization:The PEI phase is responsible for finding and initializing essential hardware components, like the CPU and the minimum amount of RAM needed for the system to function.

Foundation for Later Stages:It establishes the groundwork for subsequent UEFI phases by creating data structures (Hand-Off Blocks or HOBs) that communicate vital information.

Focus on DXE Initiation:The primary goal of the PEI phase is to prepare the system for the Driver Execution Environment (DXE) phase.

The UEFI boot process is divided into several distinct phases. The phase described in the question involves the initialization code executed after powering on the EFI system, managing platform reset events, and setting up the system to find, validate, install, and run the PEI (Pre-EFI Initialization).This description corresponds to thePre-EFI initialization phase1.

During this phase, the system's firmware is responsible for initializing the processor, memory, and other hardware components to a point where the firmware can hand off control to the operating system loader.It's a critical part of the UEFI boot process, as it prepares the system for the subsequent phases, which include the Security (SEC) phase, the Driver Execution Environment (DXE) phase, and the Boot Device Selection (BDS) phase1. The correct answer is A, as it aligns with the tasks and responsibilities of the Pre-EFI initialization phase as described in the scenario.

Question 37

Report
Export
Collapse

Wesley, a professional hacker, deleted a confidential file in a compromised system using the '/bin/rm/ command to deny access to forensic specialists.

Identify the operating system on which Don has performed the file carving activity.

A.

Windows

A.

Windows

Answers
B.

Mac OS

B.

Mac OS

Answers
C.

Linux

C.

Linux

Answers
D.

Android

D.

Android

Answers
Suggested answer: C

Explanation:

In the scenario described, Wesley used the''/bin/rm/'' commandto delete a confidential file. The ''/bin/rm/'' command is commonly associated withLinuxoperating systems. It is used to remove files and directories. By deleting the file, Wesley aimed to hinder forensic specialists' access to it.Therefore, the operating system on which Wesley performed the file carving activity isLinux.Reference: EC-Council Certified Security Specialist (E|CSS) documents and study guide12.

Question 38

Report
Export
Collapse

Christian is working as a software developer in a reputed MNC. He received a message from XIM bank that claims to be urgent and requests to call a phone number mentioned in the message. Worried by this, he called the number to check on his account, believing it to be an authentic XIM Bank customer service phone number. A recorded message asks him to provide his credit or debit card number, as well as his password.

Identify the type of social engineering attack being performed on Christian in the above scenario.

A.

SMiShing

A.

SMiShing

Answers
B.

Spam mail

B.

Spam mail

Answers
C.

Phishing

C.

Phishing

Answers
D.

Eavesdropping

D.

Eavesdropping

Answers
Suggested answer: A

Explanation:

The scenario described is a classic example ofSMiShing, a form of social engineering attack that uses text messages (SMS) to deceive individuals into providing sensitive information. In this case, Christian receives an urgent message prompting him to call a phone number, which is a tactic used in SMiShing attacks to create a sense of urgency and legitimacy. Upon calling the number, he is asked to provide personal financial information, which is the ultimate goal of the attacker.

SMiShing attacks often impersonate legitimate entities, such as banks, to trick victims into believing that the request is authentic.The use of a recorded message asking for credit or debit card numbers and passwords is a telltale sign of a SMiShing attempt, as legitimate banks would not ask for such sensitive information via a phone call initiated by an unsolicited text message1. Therefore, the correct answer is A, SMiShing, which specifically refers to phishing attacks conducted through SMS.

Question 39

Report
Export
Collapse

James is a professional hacker who managed to penetrate the target company's network and tamper with software by adding a malicious script in the production that holds persistence on the network.

Which of the following phases of hacking is James currently in?

A.

Clearing tracks

A.

Clearing tracks

Answers
B.

Maintaining access

B.

Maintaining access

Answers
C.

Gaining access

C.

Gaining access

Answers
D.

Scanning

D.

Scanning

Answers
Suggested answer: B

Explanation:

James is currently in theMaintaining accessphase of hacking. In this phase, an attacker ensures continued access to the compromised system or network. By adding a malicious script for persistence, James aims to maintain control over the target company's network.

EC-Council Certified Security Specialist (E|CSS) documents and study guide.

EC-Council Certified Security Specialist (E|CSS) course materials1234

Question 40

Report
Export
Collapse

Paola, a professional hacker, configured her wireless router in an organization's premises and advertised it with a spoofed SSID. She lured victims to connect to the router by sending the fake SSID. She started sniffing all the traffic from the victims that is passing through his wireless router.

Which of the following types of attacks is Paola performing in the above scenario?

A.

Key reinstallation attack

A.

Key reinstallation attack

Answers
B.

Ad-hoc connection attack

B.

Ad-hoc connection attack

Answers
C.

Rogue AP attack

C.

Rogue AP attack

Answers
D.

AP MAC spoofing attack

D.

AP MAC spoofing attack

Answers
Suggested answer: C

Explanation:

In the given scenario, Paola has set up a rogue wireless access point (AP) with a spoofed SSID. This rogue AP appears legitimate to victims, who unknowingly connect to it. Once connected, Paola can intercept and sniff all the network traffic passing through her rogue AP. This type of attack is known as aRogue AP attack.

EC-Council Certified Security Specialist (E|CSS) course materials and study guide12.

Total 100 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms