ExamGecko
Search Search Login
Home Home / ECCouncil / ECSS

ECCouncil ECSS Practice Test - Questions Answers, Page 8

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A disk drive has 16.384 cylinders, 80 heads, and 63 sectors per track, and each sector can store 512 bytes of data. What is the total size of the disk?
Peter, a network defender, was instructed to protect the corporate network from unauthorized access. To achieve this, he employed a security solution for wireless communication that uses dragonfly key exchange for authentication, which is the strongest encryption algorithm that protects the network from dictionary and key recovery attacks. Identify the wireless encryption technology implemented in the security solution selected by Peter in the above scenario.
Jay, a network administrator, was monitoring traffic flowing through an IDS. Unexpectedly, he received an event triggered as an alarm, although there is no active attack in progress. Identify the type of IDS alert Jay has received in the above scenario.
Bob, a security professional, was recruited by an organization to ensure that application services are being delivered as expected without any delay. To achieve this. Bob decided to maintain different backup servers for the same resources so that if one backup system fails, another will serve the purpose. Identify the IA principle employed by Bob in the above scenario.
Which of the following MAC forensic data components saves file information and related events using a token with a binary structure?
Identify the backup mechanism that is performed within the organization using external devices such as hard disks and requires human interaction to perform the backup operations, thus, making it suspect able to theft or natural disasters.
Below is an extracted Apache error log entry. '(Wed Aug 28 13:35:38.878945 2020] (core:error] (pid 12356:tid 8689896234] (client 10.0.0.8] File not found: /images/folder/pic.jpg' Identify the element in the Apache error log entry above that represents the IP address from which the request was made.
A system that a cybercriminal was suspected to have used for performing an anti-social activity through the Tor browser. James reviewed the active network connections established using specific ports via Tor. Which of the following port numbers does Tor use for establishing a connection via Tor nodes?
Kevin, an attacker, is attempting to compromise a cloud server. In this process, Kevin intercepted the SOAP messages transmitted between a user and the server, manipulated the body of the message, and then redirected it to the server as a legitimate user to gain access and run malicious code on the cloud server. Identify the attack initiated by Kevin on the target cloud server.
Which of the following environmental controls options saves the hardware from humidity and heat, increases hardware performance, and maintains consistent room temperature?

Question 71

Report
Export
Collapse

Jay, a network administrator, was monitoring traffic flowing through an IDS. Unexpectedly, he received an event triggered as an alarm, although there is no active attack in progress.

Identify the type of IDS alert Jay has received in the above scenario.

A.

True negative alert

A.

True negative alert

Answers
B.

False negative alert

B.

False negative alert

Answers
C.

True positive alert

C.

True positive alert

Answers
D.

False positive alert

D.

False positive alert

Answers
Suggested answer: D

Explanation:

In the given scenario, Jay received an alarm from the IDS even though there was no active attack. This situation corresponds to afalse positive alert. A false positive occurs when the IDS incorrectly identifies benign or legitimate traffic as malicious or suspicious. It can lead to unnecessary alerts and additional workload for network administrators.

Question 72

Report
Export
Collapse

Stella, a mobile user, often ignores the messages received from the manufacturer for updates. One day, she found that files in her device are being replaced, she immediately rushed to the nearest service center for inquiry. They tested the device and identified vulnerabilities in it as it ran with an obsolete OS version.

Identify the mobile device security risk raised on Stella's device in the above scenario.

A.

Network-based risk

A.

Network-based risk

Answers
B.

Physical security risks

B.

Physical security risks

Answers
C.

Application-based risk

C.

Application-based risk

Answers
D.

System-based risk

D.

System-based risk

Answers
Suggested answer: D

Explanation:

Stella's mobile device running an obsolete operating system (OS) version poses asystem-based risk. Outdated OS versions may lack critical security patches, leaving the device vulnerable to exploits and attacks. Regular OS updates are essential to address security vulnerabilities and maintain the device's security posture.

EC-Council Certified Security Specialist (E|CSS) course materials and study guide12.

EC-Council Certified Security Specialist (ECSS) program information1.

EC-Council ECSS Certification Syllabus and Prep Guide3.

EC-Council ECSS Certification Sample Questions and Practice Exam4.

EC-Council ECSS brochure5.

Question 73

Report
Export
Collapse

Below are the various steps involved in an email crime investigation.

1.Acquiring the email data

2.Analyzing email headers

3.Examining email messages

4.Recovering deleted email messages

5.Seizing the computer and email accounts

6.Retrieving email headers

What is the correct sequence of steps involved in the investigation of an email crime?

A.

5->l->3->6-->2 >4

A.

5->l->3->6-->2 >4

Answers
B.

2->4->3-->6->5-->l

B.

2->4->3-->6->5-->l

Answers
C.

1--->3->4--->2-->5'>6

C.

1--->3->4--->2-->5'>6

Answers
D.

5 -> 1 -> 6 -> 2 -> 3 -> 4

D.

5 -> 1 -> 6 -> 2 -> 3 -> 4

Answers
Suggested answer: D

Explanation:

Seizing the computer and email accounts (Step 5): This is the initial step to secure potential evidence. It involves physically or remotely seizing the suspect's computer and email accounts to prevent tampering.

Acquiring the email data (Step 1): After seizing the devices, investigators acquire the email data. This includes collecting email files, attachments, and metadata.

Retrieving email headers (Step 6): Email headers contain valuable information such as sender IP addresses, timestamps, and routing details. Retrieving headers helps trace the email's origin.

Analyzing email headers (Step 2): Investigators analyze the headers to identify any anomalies, spoofing, or suspicious patterns.

Examining email messages (Step 3): Investigators review the actual email content, attachments, and any embedded links. This step helps understand the context and intent.

Recovering deleted email messages (Step 4): Deleted emails may contain critical evidence. Investigators use specialized tools to recover deleted messages.

EC-Council Certified Security Specialist (E|CSS) documents and study guide.

EC-Council Certified Security Specialist (E|CSS) course materials123

Question 74

Report
Export
Collapse

Kevin, a security team member, was instructed to share a policy document with the employees. As it was supposed to be shared within the network, he used a simple algorithm to encrypt the document that just rearranges the same characters to produce the ciphertext.

Identify the type of cipher employed by Kevin in the above scenario.

A.

Transposition cipher

A.

Transposition cipher

Answers
B.

Stream cipher

B.

Stream cipher

Answers
C.

Block cipher

C.

Block cipher

Answers
D.

Substitution cipher

D.

Substitution cipher

Answers
Suggested answer: A

Explanation:

Atransposition cipherrearranges characters or bits of plaintext to produce ciphertext. In Kevin's scenario, he used an algorithm that rearranges the same characters to create the ciphertext. This aligns with the characteristics of a transposition cipher, where the order of characters is altered without changing their identity.

https://www.newsoftwares.net/blog/the-transposition-cipher-rearranging-data-for-enhanced-encryption/

Question 75

Report
Export
Collapse

Daniel, a networking specialist, identifies a glitch in a networking tool and fixes it on a priority using a system.

Daniel was authorized to make a copy of computers programs while maintaining or repairing the system.

Which of the following acts was demonstrated in the above scenario?

A.

Data Protection Act 2018 (DPA)

A.

Data Protection Act 2018 (DPA)

Answers
B.

The Digital Millennium Copyright Act (DMCA)

B.

The Digital Millennium Copyright Act (DMCA)

Answers
C.

Sarbanes Oxley Act (SOX)

C.

Sarbanes Oxley Act (SOX)

Answers
D.

Gramm Leach Bliley Act (GLBA)

D.

Gramm Leach Bliley Act (GLBA)

Answers
Suggested answer: B

Explanation:

Daniel's action of making a copy of computer programs while maintaining or repairing the system aligns with the provisions of theDigital Millennium Copyright Act (DMCA).The DMCA allows for certain exemptions related to circumventing technological protection measures (TPMs) for purposes of maintenance or repair1. Specifically, section 117 of the U.S.Copyright Code permits the owner or lessee of a machine to make a copy of a computer program solely for maintenance or repair if certain conditions are met1. In this case, Daniel's authorized copying falls within the scope of this provision.Reference: U.S.Copyright Code, Title 17, Section 1171.

Question 76

Report
Export
Collapse

Jack, a forensic investigator, was appointed to investigate a Windows-based security incident. In this process, he employed an Autopsy tool to recover the deleted files from unallocated space, which helps in gathering potential evidence.

Which of the following functions of Autopsy helped Jack recover the deleted files?

A.

Timeline analysis

A.

Timeline analysis

Answers
B.

Web artifacts

B.

Web artifacts

Answers
C.

Data carving

C.

Data carving

Answers
D.

Multimedia

D.

Multimedia

Answers
Suggested answer: C

Explanation:

Comprehensive Explanation: TheAutopsytool is a digital forensics platform that assists investigators in analyzing and recovering evidence from various sources. One of its crucial functions isdata carving. Here's how it works:

Data Carving:

Data carving, also known asfile carving, is a technique used to retrieve files from unallocated space on storage devices.

When files are deleted, they may not be immediately overwritten. Instead, their remnants remain in unallocated areas of the storage medium.

Autopsy'sPhotoRec Carver moduleperforms data carving by scanning unallocated space, identifying file signatures, and recovering deleted files.

These files are often found in seemingly ''empty'' portions of the device storage.

By analyzing unallocated space, Autopsy can uncover potential evidence that was previously deleted.

EC-Council Certified Security Specialist (E|CSS) documents and study guide.

Autopsy User Documentation:PhotoRec Carver Module

Question 77

Report
Export
Collapse

Messy, a network defender, was hired to secure an organization's internal network. He deployed an IDS in which the detection process depends on observing and comparing the observed events with the normal behavior and then detecting any deviation from it.

Identify the type of IDS employed by Messy in the above scenario.

A.

Stateful protocol analysis

A.

Stateful protocol analysis

Answers
B.

Anomaly-based

B.

Anomaly-based

Answers
C.

Signature-based

C.

Signature-based

Answers
D.

Application proxy

D.

Application proxy

Answers
Suggested answer: B

Explanation:

Messy has deployed ananomaly-basedIntrusion Detection System (IDS). This type of IDS observes and compares observed events with normal behavior, detecting deviations from the established patterns.It identifies anomalies that may indicate potential security threats.Reference: EC-Council Certified Security Specialist (E|CSS) course materials12.

Question 78

Report
Export
Collapse

Wesley, a fitness freak, purchased a new Apple smartwatch and synced it with a mobile app downloaded from an unauthorized third party. At the end of the day, when Wesley attempted to access his fitness report from the app, it generated an unusual report and asked for some unnecessary permissions to view it.

Which of the following mobile risks is demonstrated in the above scenario?

A.

Insecure data storage

A.

Insecure data storage

Answers
B.

Improper platform usage

B.

Improper platform usage

Answers
C.

Client code quality

C.

Client code quality

Answers
D.

Insecure authentication

D.

Insecure authentication

Answers
Suggested answer: B

Explanation:

In this scenario, Wesley's use of an unauthorized third-party mobile app to sync with his Apple smartwatch highlights the risk ofimproper platform usage. Here's why:

Unauthorized Third-Party App: Wesley downloaded the app from an unauthorized source, which means it hasn't undergone proper security checks or vetting. Such apps may contain vulnerabilities or malicious code.

Unusual Report and Unnecessary Permissions: The app generated an unusual fitness report and requested unnecessary permissions. This behavior indicates that the app is not following proper guidelines for platform usage.

Platform Security Guidelines: Mobile platforms (like iOS or Android) have specific guidelines for app development and usage. When users sideload apps from untrusted sources, they bypass these guidelines, risking security and privacy.

Risk Implications:

Data Privacy: Unauthorized apps may mishandle sensitive data (like fitness reports), leading to privacy breaches.

Malware or Spyware: The app could contain malicious code, potentially compromising the device or user data.

Permissions Abuse: Requesting unnecessary permissions can lead to data leakage or unauthorized access.

EC-Council Certified Security Specialist (E|CSS) documents and study guide provide insights into mobile security risks and best practices1.

EC-Council's focus on information security emphasizes the importance of proper platform usage and adherence to guidelines1.

Question 79

Report
Export
Collapse

Kevin logged into a banking application with his registered credentials and tried to transfer some amount from his account to Flora's account. Before transferring the amount to Flora's account, the application sent an OTP to Kevin's mobile for confirmation.

Which of the following authentication mechanisms is employed by the banking application in the above scenario?

A.

Single sign on (SSO) authentication

A.

Single sign on (SSO) authentication

Answers
B.

Smart card authentication

B.

Smart card authentication

Answers
C.

Biometric authentication

C.

Biometric authentication

Answers
D.

Two factor authentication

D.

Two factor authentication

Answers
Suggested answer: D

Explanation:

In the given scenario, the banking application employstwo-factor authentication (2FA). Here's why:

Registered Credentials: Kevin logs in with hisregistered credentials(username and password).

OTP (One-Time Password): The application sends anOTP to Kevin's mobilefor confirmation. This OTP serves as thesecond factorof authentication.

EC-Council Certified Security Specialist (E|CSS) documents and study guide.

EC-Council Certified Security Specialist (E|CSS) course materials12

Two-factor authentication enhances security by requiring users to provide two different authentication factors (usually something they know, like a password, and something they have, like an OTP) before granting access. It helps protect against unauthorized access even if one factor is compromised.

Question 80

Report
Export
Collapse

Bob, a forensic investigator, was instructed to review a Windows machine and identify any anonymous activities performed using it. In this process. Bob used the command ''netstat -ano' to view all the active connections in the system and determined that the connections established by the Tor browser were closed. Which of the following states of the connections established by Tor indicates that the Tor browser is closed?

A.

ESTABLISHED

A.

ESTABLISHED

Answers
B.

CLOSE WAIT

B.

CLOSE WAIT

Answers
C.

TIMEWAIT

C.

TIMEWAIT

Answers
D.

LISTENING

D.

LISTENING

Answers
Suggested answer: C

Explanation:

Thenetstat -anocommand is used to display all active connections and their respective states on a system. When the Tor browser is closed, the connections it established would no longer be active.The state that indicates a connection is no longer active and is in the process of closing isTIMEWAIT1.

In the context of TCP/IP networking,TIMEWAITis a state that occurs after a connection has been terminated by the application, and the system is waiting to ensure that all packets have been received to prevent any delayed packets from appearing in subsequent connections2. This state helps to ensure that a new connection does not receive packets from an old connection, which is particularly important in ensuring the security and integrity of data transmission.

The other states listed have different meanings:

A . ESTABLISHED: This state means that the connection is currently active and data can be transferred.

B . CLOSE WAIT: This state indicates that the remote end has shut down, and the local end is waiting for the application to close the connection.

D . LISTENING: This state signifies that the server is waiting for incoming connections on a specific port.

Therefore, the correct answer is C, TIMEWAIT, as it represents the state where the connection has been closed by the application, which in this case would be the Tor browser.

Total 100 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms