ExamGecko
Search Search Login
Home Home / ECCouncil / ECSS

ECCouncil ECSS Practice Test - Questions Answers, Page 6

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A disk drive has 16.384 cylinders, 80 heads, and 63 sectors per track, and each sector can store 512 bytes of data. What is the total size of the disk?
Peter, a network defender, was instructed to protect the corporate network from unauthorized access. To achieve this, he employed a security solution for wireless communication that uses dragonfly key exchange for authentication, which is the strongest encryption algorithm that protects the network from dictionary and key recovery attacks. Identify the wireless encryption technology implemented in the security solution selected by Peter in the above scenario.
Jay, a network administrator, was monitoring traffic flowing through an IDS. Unexpectedly, he received an event triggered as an alarm, although there is no active attack in progress. Identify the type of IDS alert Jay has received in the above scenario.
Bob, a security professional, was recruited by an organization to ensure that application services are being delivered as expected without any delay. To achieve this. Bob decided to maintain different backup servers for the same resources so that if one backup system fails, another will serve the purpose. Identify the IA principle employed by Bob in the above scenario.
Which of the following MAC forensic data components saves file information and related events using a token with a binary structure?
Identify the backup mechanism that is performed within the organization using external devices such as hard disks and requires human interaction to perform the backup operations, thus, making it suspect able to theft or natural disasters.
Below is an extracted Apache error log entry. '(Wed Aug 28 13:35:38.878945 2020] (core:error] (pid 12356:tid 8689896234] (client 10.0.0.8] File not found: /images/folder/pic.jpg' Identify the element in the Apache error log entry above that represents the IP address from which the request was made.
A system that a cybercriminal was suspected to have used for performing an anti-social activity through the Tor browser. James reviewed the active network connections established using specific ports via Tor. Which of the following port numbers does Tor use for establishing a connection via Tor nodes?
Kevin, an attacker, is attempting to compromise a cloud server. In this process, Kevin intercepted the SOAP messages transmitted between a user and the server, manipulated the body of the message, and then redirected it to the server as a legitimate user to gain access and run malicious code on the cloud server. Identify the attack initiated by Kevin on the target cloud server.
Which of the following environmental controls options saves the hardware from humidity and heat, increases hardware performance, and maintains consistent room temperature?

Question 51

Report
Export
Collapse

Robert, a security specialist, was appointed to strengthen the security of the organization's network. To prevent multiple login attempts from unknown sources, Robert implemented a security strategy of issuing alerts or warning messages when multiple failed login attempts are made.

Which of the following security risks is addressed by Robert to make attempted break-ins unsuccessful?

A.

Indefinite session timeout

A.

Indefinite session timeout

Answers
B.

Absence of account lockout for invalid session IDs

B.

Absence of account lockout for invalid session IDs

Answers
C.

Small session-ID generation

C.

Small session-ID generation

Answers
D.

Weak session-ID generation

D.

Weak session-ID generation

Answers
Suggested answer: B

Explanation:

Robert's strategy of issuing alerts or warning messages when multiple failed login attempts occur is aimed at addressing the risk ofabsence of account lockout for invalid session IDs.By locking out accounts temporarily after a certain number of failed login attempts, Robert prevents attackers from repeatedly guessing passwords or trying different session IDs to gain unauthorized access.Reference: EC-Council Certified Security Specialist (E|CSS) documents and study guide12.

Question 52

Report
Export
Collapse

Bruce, a professional hacker, targeted an OT network. He initiated a looping strategy to recover the password of the target system. He started sending one character at a time to check whether the first character entered is correct: If so, he continued the loop for consecutive characters. Using this technique. Bruce identified how much time the device takes to finish one complete password authentication process, through which he determined the correct characters in the target password.

Identify the type of attack launched by Bruce on the target OT network.

A.

Code injection attack

A.

Code injection attack

Answers
B.

Buller overflow attack

B.

Buller overflow attack

Answers
C.

Reconnaissance attack

C.

Reconnaissance attack

Answers
D.

Side-channel attack

D.

Side-channel attack

Answers
Suggested answer: D

Explanation:

Bruce's strategy of sending one character at a time and measuring the time it takes for the device to complete the password authentication process is characteristic of aside-channel attack. In side-channel attacks, attackers exploit information leaked during the execution of cryptographic algorithms or other security protocols. In this case, the timing information provides clues about the correct characters in the password.

EC-Council Certified Security Specialist (E|CSS) documents and study guide.

EC-Council Certified Security Specialist (E|CSS) course materials.

Question 53

Report
Export
Collapse

Cheryl, a forensic expert, was recruited to investigate a malicious activity performed by an anonymous hackers' group on an organization's systems. Using an automated tool, Cheryl was able to extract the malware file and analyze the assembly code instructions, which helped him understand the malware's purpose.

Which of the following tools helped Cheryl extract and analyze the assembly code of the malware?

A.

Virtual Box

A.

Virtual Box

Answers
B.

OllyDbg

B.

OllyDbg

Answers
C.

QualNet

C.

QualNet

Answers
D.

VMware vSphere

D.

VMware vSphere

Answers
Suggested answer: B

Explanation:

OllyDbg is a populardebuggerused for analyzing assembly code. It allows forensic experts and security professionals to disassemble and debug executable files, including malware. By examining the assembly instructions, Cheryl could gain insights into the malware's behavior and purpose.

Question 54

Report
Export
Collapse

Which of the following standards and criteria version of SWCDE mandates that any action with the potential to alter, damage, or destroy any aspect of original evidence must be performed by qualified persons in a forensically sound manner?

A.

Standards and Criteria 11

A.

Standards and Criteria 11

Answers
B.

Standards and Criteria 13

B.

Standards and Criteria 13

Answers
C.

Standards and Criteria 17

C.

Standards and Criteria 17

Answers
D.

Standards and Criteria 15

D.

Standards and Criteria 15

Answers
Suggested answer: C

Explanation:

TheScientific Working Group on Digital Evidence (SWGDE), in collaboration with theInternational Organization on Digital Evidence (IOCE), has established guidelines and standards for the recovery, preservation, and examination of digital evidence.According to these standards, any action that has the potential to alter, damage, or destroy any aspect of original evidence must be performed by qualified individuals in aforensically soundmanner1.Therefore, the correct answer isStandards and Criteria 17.Reference:1

Question 55

Report
Export
Collapse

Bob, a forensic investigator, is investigating a live Windows system found at a crime scene. In this process, Bob extracted subkeys containing information such as SAM. Security, and software using an automated tool called FTK Imager.

Which of the following Windows Registry hives' subkeys provide the above information to Bob?

A.

H KEY-CLASSES. ROOT

A.

H KEY-CLASSES. ROOT

Answers
B.

HKEY .CURRENT CONFIG

B.

HKEY .CURRENT CONFIG

Answers
C.

HKEY CURRENT USER

C.

HKEY CURRENT USER

Answers
D.

HKEY LOCAL MACHINE

D.

HKEY LOCAL MACHINE

Answers
Suggested answer: D

Explanation:

Certainly! Let's break down the question and identify which Windows Registry hives' subkeys contain the requested information.

Windows Registry Hives:

The Windows Registry is a hierarchical database that holds configuration settings and options for both low-level operating system components and running programs.

It includes settings for the kernel, device drivers, services, user interface, and third-party applications.

The registry allows access to counters for system performance profiling.

Registry Hives:

The registry is organized into different hives, each containing keys and values.

Some important hives include:

HKEY_LOCAL_MACHINE (HKLM): Contains system-wide settings.

HKEY_CURRENT_USER (HKCU): Contains settings specific to the currently logged-in user.

HKEY_USERS (HKU): Contains profiles for all users on the system.

HKEY_CLASSES_ROOT (HKCR): Contains file association information.

HKEY_CURRENT_CONFIG (HKCC): Contains information about the current hardware configuration (only in certain Windows versions).

Subkeys Relevant to Bob's Investigation:

Bob is interested in information related toSAM,Security, andsoftware.

Let's see which hives contain these subkeys:

SAM(Security Account Manager):

The SAM hive stores user account information, including usernames, passwords, account types, enabled status, group memberships, and last logon time.

It is crucial for authentication and security.

Located in:HKEY_LOCAL_MACHINE\SAM

Security:

The Security hive contains security-related information, including access control lists (ACLs), user privileges, and security tokens.

It plays a vital role in enforcing security policies.

Located in:HKEY_LOCAL_MACHINE\Security

Software:

The Software subkey within the HKLM hive contains information related to installed software, configurations, and settings.

It is essential for forensic investigations.

Located in:HKEY_LOCAL_MACHINE\Software

Answer :

The subkeys that provide the requested information to Bob are:

SAM(located inHKEY_LOCAL_MACHINE\SAM)

Security(located inHKEY_LOCAL_MACHINE\Security)

Question 56

Report
Export
Collapse

James, a forensic specialist, was appointed to investigate an incident in an organization. As part of the investigation, James is attempting to identify whether any external storage devices are connected to the internal systems. For this purpose, he employed a utility to capture the list of all devices connected to the local machine and removed suspicious devices.

Identify the tool employed by James in the above scenario.

A.

Promise Detect

A.

Promise Detect

Answers
B.

DriveLetlerView

B.

DriveLetlerView

Answers
C.

ESEDatabaseView

C.

ESEDatabaseView

Answers
D.

ProcDump

D.

ProcDump

Answers
Suggested answer: B

Explanation:

In the given scenario, James employed theDriveLetterViewutility to capture the list of all devices connected to the local machine. DriveLetterView is a tool that displays a list of drive letters assigned to drives on a computer, including external storage devices.By using this utility, James can identify any suspicious devices connected to the internal systems.Reference: EC-Council Certified Security Specialist (E|CSS) documents and study guide12.

Question 57

Report
Export
Collapse

Kevin, a forensic investigator at FinCorp Ltd., was investigating a cybercrime against the company. As part of the investigation process, he needs to recover corrupted and deleted files from a Windows system. Kevin decided to use an automated tool to recover the damaged, corrupted, or deleted files.

Which of the following forensic tools can help Kevin in recovering deleted files?

A.

Cain & Abel

A.

Cain & Abel

Answers
B.

Rohos Mini Drive

B.

Rohos Mini Drive

Answers
C.

R-Sludio

C.

R-Sludio

Answers
D.

Ophcrack

D.

Ophcrack

Answers
Suggested answer: C

Explanation:

Kevin, as a forensic investigator, can use theR-Sludiotool to recover corrupted and deleted files from a Windows system. R-Sludio is a powerful forensic tool that assists in data recovery and analysis.It allows investigators to examine filesystem images, analyze cache, cookies, history recorded in web browsers, and perform memory forensics1.

EC-Council Certified Security Specialist (E|CSS) documents and study guide.

EC-Council Certified Security Specialist (E|CSS) course materials.

Question 58

Report
Export
Collapse

An loT sensor in an organization generated an emergency alarm indicating a security breach. The servers hosted in an loT layer accepted, stored, and processed the sensor data received from loT gateways and created dashboards for monitoring, analyzing, and implementing proactive decisions to tackle the issue.

Which of the following layers in the loT architecture performed the above activities after receiving an alert from the loT sensor?

A.

Communication Layer

A.

Communication Layer

Answers
B.

Process layer

B.

Process layer

Answers
C.

Cloud layer

C.

Cloud layer

Answers
D.

Device layer

D.

Device layer

Answers
Suggested answer: B

Explanation:

In the Internet of Things (IoT) architecture, theProcess layeris responsible for the activities described in the scenario.This layer employs IoT platforms to accumulate and manage all data streams, including accepting, storing, and processing sensor data received from IoT gateways1. It also involves creating dashboards for monitoring, analyzing, and implementing decisions based on the data received.

The Process layer is a critical component of IoT architecture, as it provides the necessary computing power and data management capabilities required for the effective functioning of IoT systems.It ensures that data collected by sensors is processed in a way that actionable insights can be derived and appropriate responses can be implemented in case of events like security breaches1.

The other options listed pertain to different aspects of IoT architecture:

A . Communication Layer: This layer is responsible for transferring data from devices to the network and vice versa but does not process or analyze the data.

C . Cloud Layer: While the cloud layer may be involved in data storage and processing, it is not the primary layer responsible for the activities mentioned.

D . Device Layer: This layer includes the physical devices and sensors that collect data but does not process or analyze it.

Therefore, the correct answer is B, the Process layer, as it aligns with the responsibilities of managing and processing data within the IoT architecture.

Question 59

Report
Export
Collapse

Below are the various stages of the virus lifecycle:

1) Replication

2)Detection

3)lncorporation

4)Design

5)Execution of the damage routine

6) Launch

What is the correct sequence of stages involved in the virus lifecycle?

A.

3->l >2- >6 >5 >4

A.

3->l >2- >6 >5 >4

Answers
B.

4 >2 >3 >5 >6- >1

B.

4 >2 >3 >5 >6- >1

Answers
C.

4 >l->6 >2 >3- >5

C.

4 >l->6 >2 >3- >5

Answers
D.

1>2 >3- >4 >5- >6

D.

1>2 >3- >4 >5- >6

Answers
Suggested answer: C

Explanation:

Certainly! Let's break down the stages of the virus lifecycle and identify the correct sequence:

Replication: This stage involves the virus creating copies of itself.

Detection: During this phase, the virus may be identified by security tools or human analysis.

Incorporation: The virus integrates itself into the host system or files.

Design: In this stage, the virus's code and behavior are crafted.

Execution of the damage routine: The virus carries out its malicious actions, which could include data deletion, pop-ups, or other harmful effects.

Launch: The virus becomes active and starts spreading.

Question 60

Report
Export
Collapse

Stephen, a security specialist, was instructed to identify emerging threats on the organization's network. In this process, he employed a computer system on the Internet intended to attract and trap those who attempt unauthorized host system utilization to penetrate the organization's network.

Identify the type of security solution employed by Stephen in the above scenario.

A.

Firewall

A.

Firewall

Answers
B.

IDS

B.

IDS

Answers
C.

Honeypot

C.

Honeypot

Answers
D.

Proxy server

D.

Proxy server

Answers
Suggested answer: C

Explanation:

Stephen employed ahoneypotin the given scenario. A honeypot is a simulation of an IT system or software application that acts as bait to attract the attention of attackers. While it appears to be a legitimate target, it is actually fake and carefully monitored by an IT security team.The purpose of a honeypot includes distraction for attackers, threat intelligence gathering, and research/training for IT security professionals1.

EC-Council Certified Security Specialist (E|CSS) documents and study guide1.

Total 100 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms