ExamGecko
Search Search Login
Home Home / ECCouncil / ECSS

ECCouncil ECSS Practice Test - Questions Answers, Page 7

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A disk drive has 16.384 cylinders, 80 heads, and 63 sectors per track, and each sector can store 512 bytes of data. What is the total size of the disk?
Peter, a network defender, was instructed to protect the corporate network from unauthorized access. To achieve this, he employed a security solution for wireless communication that uses dragonfly key exchange for authentication, which is the strongest encryption algorithm that protects the network from dictionary and key recovery attacks. Identify the wireless encryption technology implemented in the security solution selected by Peter in the above scenario.
Jay, a network administrator, was monitoring traffic flowing through an IDS. Unexpectedly, he received an event triggered as an alarm, although there is no active attack in progress. Identify the type of IDS alert Jay has received in the above scenario.
Bob, a security professional, was recruited by an organization to ensure that application services are being delivered as expected without any delay. To achieve this. Bob decided to maintain different backup servers for the same resources so that if one backup system fails, another will serve the purpose. Identify the IA principle employed by Bob in the above scenario.
Which of the following MAC forensic data components saves file information and related events using a token with a binary structure?
Identify the backup mechanism that is performed within the organization using external devices such as hard disks and requires human interaction to perform the backup operations, thus, making it suspect able to theft or natural disasters.
Below is an extracted Apache error log entry. '(Wed Aug 28 13:35:38.878945 2020] (core:error] (pid 12356:tid 8689896234] (client 10.0.0.8] File not found: /images/folder/pic.jpg' Identify the element in the Apache error log entry above that represents the IP address from which the request was made.
A system that a cybercriminal was suspected to have used for performing an anti-social activity through the Tor browser. James reviewed the active network connections established using specific ports via Tor. Which of the following port numbers does Tor use for establishing a connection via Tor nodes?
Kevin, an attacker, is attempting to compromise a cloud server. In this process, Kevin intercepted the SOAP messages transmitted between a user and the server, manipulated the body of the message, and then redirected it to the server as a legitimate user to gain access and run malicious code on the cloud server. Identify the attack initiated by Kevin on the target cloud server.
Which of the following environmental controls options saves the hardware from humidity and heat, increases hardware performance, and maintains consistent room temperature?

Question 61

Report
Export
Collapse

Bob, a professional hacker, targeted an organization to launch attacks. Bob gathered information such as network topology and a list of live hosts. Based on the collected information, he launched further attacks over the organization's network.

Identify the type of network attack Bob initiated on the target organization in the above scenario.

A.

Session hijacking

A.

Session hijacking

Answers
B.

Buffer overflow

B.

Buffer overflow

Answers
C.

Data modification

C.

Data modification

Answers
D.

Enumeration

D.

Enumeration

Answers
Suggested answer: D

Explanation:

In the given scenario, Bob's actions align with the concept ofenumeration. Here's why:

Network Reconnaissance: Bob collected information about the organization's network topology and a list of live hosts. This initial step is part of network reconnaissance, where an attacker gathers details about the target system.

Enumeration: After collecting this information, Bob proceeded to launch further attacks. Enumeration involves actively probing a network to identify services, users, shares, and other system details. It helps attackers understand the target environment better.

Purpose of Enumeration: By identifying live hosts and understanding the network topology, Bob can tailor subsequent attacks more effectively. Enumeration provides crucial insights for attackers during the reconnaissance phase.

EC-Council Certified Security Specialist (E|CSS) course materials and study guide12.

Question 62

Report
Export
Collapse

Clark, a security professional, was instructed to monitor and continue the backup functions without interrupting the system or application services. In this process, Clark implemented a backup mechanism that dynamically backups the data even If the system or application resources are being used.

Which of the following types of backup mechanisms has Clark implemented in the above scenario?

A.

Full backup

A.

Full backup

Answers
B.

Cold backup

B.

Cold backup

Answers
C.

Hot backup

C.

Hot backup

Answers
D.

Offline backup

D.

Offline backup

Answers
Suggested answer: C

Explanation:

Clark has implemented ahot backupmechanism. Hot backups allow data to be backed up while the system or application resources are actively being used, ensuring continuous availability without interruption.

Question 63

Report
Export
Collapse

Paola, a professional hacker, was hired to break into the target organization's network and extract sensitive data. In this process, Paola found that the target organization has purchased new hardware. She accessed the new hardware while it was in transit and tampered with the hardware to make it vulnerable to attacks.

Identify the class of attack Paola has performed on the target organization.

A.

Distribution attack

A.

Distribution attack

Answers
B.

insider attack

B.

insider attack

Answers
C.

Passive attack

C.

Passive attack

Answers
D.

Active attack

D.

Active attack

Answers
Suggested answer: A

Explanation:

The scenario describes Paola tampering with new hardware while it was in transit to make it vulnerable to attacks. This type of attack is known as adistribution attack.Distribution attacks involve the interception and manipulation of products during their delivery process1. By accessing and tampering with the hardware before it reaches its final destination, the attacker can introduce vulnerabilities or backdoors that can be exploited later.

This method is distinct from an insider attack, which would involve someone within the organization facilitating the breach. A passive attack refers to monitoring and capturing data without altering the system, and an active attack involves direct engagement with the system to disrupt or manipulate operations. Since Paola's actions involve tampering with hardware during distribution, the correct classification is a distribution attack.

Question 64

Report
Export
Collapse

John is working as a network administrator in an MNC company. He was instructed to connect all the remote offices with the corporate office but at the same time deny communication between the remote offices. In this process, he configured a central hub at the corporate head office, through which all branch offices can communicate.

Identify the type of VPN topology implemented by John in the above scenario.

A.

Point-to-point topology

A.

Point-to-point topology

Answers
B.

Hub and spoke topology

B.

Hub and spoke topology

Answers
C.

Star topology

C.

Star topology

Answers
D.

Mesh topology

D.

Mesh topology

Answers
Suggested answer: B

Explanation:

In the scenario described, John implemented ahub and spoke topologyfor the VPN. In this configuration, all remote offices (spokes) connect directly to the central hub (corporate head office).However, communication between the remote offices is denied, ensuring that all traffic flows through the central hub1. This design allows for centralized control and visibility while maintaining resource availability at the hub location.Keep in mind that the central hub becomes a potential single point of failure for VPN tunnels2.Reference:2,1

https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/configuration_examples/bovpn_centralized_config_example.html

Question 65

Report
Export
Collapse

Alice was working on her major project: she saved all her confidential files and locked her laptop. Bob wanted to access Alice's laptop for his personal use but was unable to access the laptop due to biometric authentication.

Which of the following network defense approaches was employed by Alice on her laptop?

A.

Reactive approach

A.

Reactive approach

Answers
B.

Proactive approach

B.

Proactive approach

Answers
C.

Preventive approach

C.

Preventive approach

Answers
D.

Retrospective approach

D.

Retrospective approach

Answers
Suggested answer: C

Explanation:

Certainly! Let's analyze the situation and determine which network defense approach Alice employed on her laptop.

Biometric Authentication:

Biometric authentication uses unique physical or behavioral characteristics (such as fingerprints, iris scans, or voice recognition) to verify a user's identity.

It enhances security by ensuring that only authorized individuals can access a system or device.

Network Defense Approaches:

Let's match Alice's situation with the available approaches:

Reactive Approach:

Reactive approaches focus on responding to incidents after they occur.

They involve actions like incident response, patching vulnerabilities, and recovering from attacks.

In Alice's case, she proactively secured her laptop before any incident occurred, so this approach doesn't apply.

Proactive Approach:

Proactive approaches aim to prevent incidents before they happen.

They involve measures like risk assessment, vulnerability scanning, and security awareness training.

Alice's use of biometric authentication aligns with a proactive approach because it prevents unauthorized access upfront.

Preventive Approach:

Preventive approaches focus on stopping incidents from occurring.

They include measures like access controls, firewalls, encryption, and security policies.

Alice's biometric authentication is a preventive measure.

Retrospective Approach:

Retrospective approaches involve analyzing past incidents to learn and improve.

They are not directly related to Alice's situation.

Alice employed thePreventive Approachby using biometric authentication to secure her laptop against unauthorized access.

Question 66

Report
Export
Collapse

Daniel, a professional hacker, targeted Alice and lured her into downloading a malicious app from a third-party app store. Upon installation, the core malicious code inside the application started infecting other legitimate apps in Alice's mobile device. Daniel overloaded Alice's device with irrelevant and fraudulent advertisements through the infected app for financial gain.

Identify the type of attack Daniel has launched in the above scenario.

A.

Agent Smith attack

A.

Agent Smith attack

Answers
B.

Bluebugging attack

B.

Bluebugging attack

Answers
C.

SMiShing attack

C.

SMiShing attack

Answers
D.

SIM card attack

D.

SIM card attack

Answers
Suggested answer: A

Explanation:

The scenario closely resembles the behavior of the Agent Smith malware campaign:

Agent Smith Modus Operandi:

Initial Compromise:Users are tricked into downloading seemingly benign apps from unofficial app stores, which contain the malicious payload.

Lateral Spread:Agent Smith infects other legitimate apps on the device, replacing their functionality.

Ad Fraud:The infected apps are used to display excessive, intrusive ads, generating revenue for the attacker.

Scenario Match:

Alice downloads from a third-party store, a common Agent Smith vector.

The malware spreads to other apps, a key feature of Agent Smith.

Ad-based profit motivates the attack, again aligning with Agent Smith.

Question 67

Report
Export
Collapse

Sandra, a hacker, targeted Johana, a software professional, to steal her banking details. She started sending frequent, random pop-up messages with malicious links to her social media page. Johana accidentally clicked on a link, causing a malicious program to get installed in her system. Subsequently, when Johana attempted to access her banking website, the URL directed her to a malicious website controlled by Sandra. Johana entered her banking credentials on the fake website, which Sandra then captured.

Identify the type of attack performed by Sandra on Johana.

A.

Shoulder surfing

A.

Shoulder surfing

Answers
B.

Pharming

B.

Pharming

Answers
C.

Tailgating

C.

Tailgating

Answers
D.

Dumpster diving

D.

Dumpster diving

Answers
Suggested answer: B

Explanation:

The attack performed by Sandra on Johana is known aspharming. Pharming is a type of social engineering cyberattack where criminals redirect internet users trying to reach a specific website to a different, fake site. These ''spoofed'' sites aim to capture a victim's personally identifiable information (PII) and login credentials, such as passwords, social security numbers, and account numbers.In Johana's case, Sandra manipulated the URL to direct her to a malicious website where she entered her banking credentials, which Sandra then captured1.

EC-Council Certified Security Specialist (E|CSS) documents and study guide.

EC-Council Certified Security Specialist (E|CSS) course materials.

Question 68

Report
Export
Collapse

Clark is an unskilled hacker attempting to perform an attack on a target organization to gain popularity. He downloaded and used freely available hacking tools and software developed by other professional hackers for this purpose.

Identify the type of threat actor described in the above scenario.

A.

Script kiddie

A.

Script kiddie

Answers
B.

industrial spy

B.

industrial spy

Answers
C.

Hacktivist

C.

Hacktivist

Answers
D.

Cyber terrorist

D.

Cyber terrorist

Answers
Suggested answer: A

Explanation:

Ascript kiddieis an unskilled individual who uses pre-written hacking tools and software to perform attacks without fully understanding the underlying techniques.They often seek attention or popularity by exploiting vulnerabilities using readily available tools.Reference: EC-Council Certified Security Specialist (E|CSS) documents and study guide12.

Question 69

Report
Export
Collapse

Bob, a network administrator in a company, manages network connectivity to 200 employees in six different rooms. Every employee has their own laptop to connect to the Internet through a wireless network, but the company has only one broadband connection.

Which of the following types of wireless networks allows Bob to provide Internet access to every laptop and bring all the devices to a single network?

A.

Extension to wired network

A.

Extension to wired network

Answers
B.

3G/4G hotspot

B.

3G/4G hotspot

Answers
C.

Multiple wireless access points

C.

Multiple wireless access points

Answers
D.

LAN to LAN wireless network

D.

LAN to LAN wireless network

Answers
Suggested answer: C

Explanation:

To provide Internet access to every laptop and bring all the devices to a single network, Bob should usemultiple wireless access points. These access points can be connected to the same wired network and provide wireless connectivity to the laptops in different rooms. By strategically placing these access points, Bob can ensure coverage throughout the company premises.

EC-Council Certified Security Specialist (E|CSS) documents and study guide.

EC-Council Certified Security Specialist (E|CSS) course materials12

Question 70

Report
Export
Collapse

An investigator wants to extract information about the status of the network interface cards (NICs) in an organization's Windows-based systems. Identify the command-line utility that can help the investigator detect the network status.

A.

ipconfig

A.

ipconfig

Answers
B.

PsList

B.

PsList

Answers
C.

ifconfig

C.

ifconfig

Answers
D.

PsLoggedOn

D.

PsLoggedOn

Answers
Suggested answer: A

Explanation:

Theipconfigcommand displays the configuration of all network interfaces on a Windows system. It provides information about IP addresses, subnet masks, default gateways, DNS servers, and other network-related settings. By runningipconfig, an investigator can quickly view the status of NICs and their associated network parameters.

EC-Council Certified Security Specialist (E|CSS) documents and study guide.

EC-Council Certified Security Specialist (E|CSS) course materials.

Total 100 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms