ECCouncil ECSS Practice Test - Questions Answers, Page 9

Below are the elements included in the order of volatility for a typical computing system as per the RFC 3227 guidelines for evidence collection and archiving.

l.Archival media

2.Remote logging and monitoring data related to the target system

3.Routing table, process table, kernel statistics, and memory

4.Registers and processor cache

5-Physical configuration and network topology

6.Disk or other storage media

7.Temporary system files

Identify the correct sequence of order of volatility from the most to least volatile for a typical system.

Peter, an attacker aiming to disrupt organizational services, targeted a configuration protocol that issues IP addresses to host systems. To disrupt the issuance of IP addresses. Peter flooded the target server with spoofed MAC addresses so that valid users cannot receive IP addresses to access the network.

Identify the type of attack Peter has performed in the above scenario.

Stephen, an attacker, decided to gain access to an organization's server. He identified a user with access to the remote server. He used sniffing programs to gain the user's credentials and captured the authentication tokens transmitted by the user. Then, he transmitted the captured tokens back to the server to gain unauthorized access.

Identify the technique used by Stephen to gain unauthorized access to the target server.

Williams, a forensic specialist, was tasked with performing a static malware analysis on a suspect system in an organization. For this purpose, Williams used an automated tool to perform a string search and saved all the identified strings in a text file. After analyzing the strings, he determined all the harmful actions that were performed by malware.

Identify the tool employed by Williams in the above scenario.

Kalley, a shopping freak, often visits different e commerce websites from her office system. One day, she received a free software on her mail with the claim that it is loaded with new clothing offers. Tempted by this, Kalley downloaded the malicious software onto her system. The software infected Kalley's system and began spreading the infection to other systems connected to the network.

Identify the threat source through which Kalley unintentionally invited the malware into the network?

Cibel.org, an organization, wanted to develop a web application for marketing its products to the public. In this process, they consulted a cloud service provider and requested provision of development tools, configuration management, and deployment platforms for developing customized applications.

Identify the type of cloud service requested by Cibel.org in the above scenario.

Below is an extracted Apache error log entry.

'(Wed Aug 28 13:35:38.878945 2020] (core:error] (pid 12356:tid 8689896234] (client 10.0.0.8] File not found: /images/folder/pic.jpg'

Identify the element in the Apache error log entry above that represents the IP address from which the request was made.

Below is the syntax of a command-line utility that displays active TCP connections and ports on which the computer is listening.

netstat [ a] [e] [-nJ [-o] [ p Protocol] [-r] [-s] [interval]

Identify the netstat parameter that displays active TCP connections and includes the process ID (PID) for each connection.

A disk drive has 16.384 cylinders, 80 heads, and 63 sectors per track, and each sector can store 512 bytes of data. What is the total size of the disk?