ExamGecko
Search Search Login
Home Home / ECCouncil / ECSS

ECCouncil ECSS Practice Test - Questions Answers, Page 9

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A disk drive has 16.384 cylinders, 80 heads, and 63 sectors per track, and each sector can store 512 bytes of data. What is the total size of the disk?
Peter, a network defender, was instructed to protect the corporate network from unauthorized access. To achieve this, he employed a security solution for wireless communication that uses dragonfly key exchange for authentication, which is the strongest encryption algorithm that protects the network from dictionary and key recovery attacks. Identify the wireless encryption technology implemented in the security solution selected by Peter in the above scenario.
Jay, a network administrator, was monitoring traffic flowing through an IDS. Unexpectedly, he received an event triggered as an alarm, although there is no active attack in progress. Identify the type of IDS alert Jay has received in the above scenario.
Bob, a security professional, was recruited by an organization to ensure that application services are being delivered as expected without any delay. To achieve this. Bob decided to maintain different backup servers for the same resources so that if one backup system fails, another will serve the purpose. Identify the IA principle employed by Bob in the above scenario.
Which of the following MAC forensic data components saves file information and related events using a token with a binary structure?
Identify the backup mechanism that is performed within the organization using external devices such as hard disks and requires human interaction to perform the backup operations, thus, making it suspect able to theft or natural disasters.
Below is an extracted Apache error log entry. '(Wed Aug 28 13:35:38.878945 2020] (core:error] (pid 12356:tid 8689896234] (client 10.0.0.8] File not found: /images/folder/pic.jpg' Identify the element in the Apache error log entry above that represents the IP address from which the request was made.
A system that a cybercriminal was suspected to have used for performing an anti-social activity through the Tor browser. James reviewed the active network connections established using specific ports via Tor. Which of the following port numbers does Tor use for establishing a connection via Tor nodes?
Kevin, an attacker, is attempting to compromise a cloud server. In this process, Kevin intercepted the SOAP messages transmitted between a user and the server, manipulated the body of the message, and then redirected it to the server as a legitimate user to gain access and run malicious code on the cloud server. Identify the attack initiated by Kevin on the target cloud server.
Which of the following environmental controls options saves the hardware from humidity and heat, increases hardware performance, and maintains consistent room temperature?

Question 81

Report
Export
Collapse

Carol is a new employee at ApTech Sol Inc., and she has been allocated a laptop to fulfill his job activities. Carol tried to install certain applications on the company's laptop but could not complete the installation as she requires administrator privileges to initiate the installation process. The administrator imposed an access policy on the company's laptop that only users with administrator privileges have installation rights.

Identify the access control model demonstrated in the above scenario.

A.

Mandatory access control {MAC)

A.

Mandatory access control {MAC)

Answers
B.

Rule based access control (RB-RBAC)

B.

Rule based access control (RB-RBAC)

Answers
C.

Discretionary access control (DAC)

C.

Discretionary access control (DAC)

Answers
D.

Role based access control (RBAC)

D.

Role based access control (RBAC)

Answers
Suggested answer: D

Explanation:

The scenario described is an example ofRole Based Access Control (RBAC).In RBAC, access decisions are based on the roles that individual users have within an organization and the permissions that accompany those roles1.

In this case, Carol, as a new employee, has been assigned a user role that does not include administrator privileges. The access control policy in place requires administrator privileges for installing applications, which means that only users with an 'administrator' role have the rights to install software. This is a typical RBAC policy, where permissions to perform certain actions within the system are not assigned to individual users directly but are based on the roles assigned to them within the company.

The other options do not fit the scenario as well as RBAC:

A . Mandatory Access Control (MAC): In MAC, access rights are regulated by a central authority based on multiple levels of security. Users cannot change access permissions.

B . Rule Based Access Control (RB-RAC): This is similar to RBAC but is driven by rules that trigger under certain conditions, not explicitly mentioned in the scenario.

C . Discretionary Access Control (DAC): In DAC, the owner of the resource determines who is allowed to access it, which is not indicated in the scenario provided.

Therefore, the correct answer is D, Role Based Access Control (RBAC), as it aligns with the policy of assigning installation rights based on the user's role within the company.

Question 82

Report
Export
Collapse

Below are the elements included in the order of volatility for a typical computing system as per the RFC 3227 guidelines for evidence collection and archiving.

l.Archival media

2.Remote logging and monitoring data related to the target system

3.Routing table, process table, kernel statistics, and memory

4.Registers and processor cache

5-Physical configuration and network topology

6.Disk or other storage media

7.Temporary system files

Identify the correct sequence of order of volatility from the most to least volatile for a typical system.

A.

7->5- >4->3 ->2 >6 >1

A.

7->5- >4->3 ->2 >6 >1

Answers
B.

4 >3 >7->l >2 ->5--->6

B.

4 >3 >7->l >2 ->5--->6

Answers
C.

2--->1--->4-->3-->6-->5--->7

C.

2--->1--->4-->3-->6-->5--->7

Answers
D.

4.>3 >7>6.>2-.>5- >l

D.

4.>3 >7>6.>2-.>5- >l

Answers
Suggested answer: D

Explanation:

This order correctly reflects the volatility of data from most volatile (disappears quickly) to least volatile (most persistent):

Registers and processor cache:These contain the CPU's most immediate working data, changing rapidly.

Routing table, process table, kernel statistics, and memory (RAM):These hold system state information, but can be modified by running processes or events.

Temporary system files:Designed to be transient, but may persist for some time depending on usage patterns.

Disk or other storage media:Holds data intended to persist, but is subject to modification.

Remote logging and monitoring data related to the target system:Often stored off-site, less volatile than local data.

Physical configuration and network topology:Relatively static information about the system's setup.

Archival media:Designed for long-term storage, changes to this data are intentional and infrequent.

Question 83

Report
Export
Collapse

Peter, an attacker aiming to disrupt organizational services, targeted a configuration protocol that issues IP addresses to host systems. To disrupt the issuance of IP addresses. Peter flooded the target server with spoofed MAC addresses so that valid users cannot receive IP addresses to access the network.

Identify the type of attack Peter has performed in the above scenario.

A.

Session hijacking

A.

Session hijacking

Answers
B.

Ping-of-death attack

B.

Ping-of-death attack

Answers
C.

ARP spoofing

C.

ARP spoofing

Answers
D.

DHCP starvation attack

D.

DHCP starvation attack

Answers
Suggested answer: D

Explanation:

Peter has performed aDHCP starvation attackin the given scenario. In this attack, the attacker floods the target DHCP server withspoofed MAC addresses, depleting the pool of available IP addresses.As a result, legitimate users cannot obtain IP addresses via DHCP, causing aDenial of Service (DoS)attack12.Additionally, the attacker could set up a rogue DHCP server to assign IP addresses to legitimate users, potentially leading to aMan-in-the-Middle (MITM)attack1. The correct answer isD.5 -> 1 -> 6 -> 2 -> 3 -> 41.

Question 84

Report
Export
Collapse

Stephen, an attacker, decided to gain access to an organization's server. He identified a user with access to the remote server. He used sniffing programs to gain the user's credentials and captured the authentication tokens transmitted by the user. Then, he transmitted the captured tokens back to the server to gain unauthorized access.

Identify the technique used by Stephen to gain unauthorized access to the target server.

A.

Brute-force attack

A.

Brute-force attack

Answers
B.

Internal monologue

B.

Internal monologue

Answers
C.

SQL injection

C.

SQL injection

Answers
D.

Replay attack

D.

Replay attack

Answers
Suggested answer: D

Explanation:

Stephen used areplay attacktechnique to gain unauthorized access to the target server. In this scenario, he captured authentication tokens transmitted by the user and then replayed those tokens back to the server to impersonate the user and gain access.

https://www.cynet.com/network-attacks/unauthorized-access-5-best-practices-to-avoid-the-next-data-breach/

Question 85

Report
Export
Collapse

Williams, a forensic specialist, was tasked with performing a static malware analysis on a suspect system in an organization. For this purpose, Williams used an automated tool to perform a string search and saved all the identified strings in a text file. After analyzing the strings, he determined all the harmful actions that were performed by malware.

Identify the tool employed by Williams in the above scenario.

A.

ResourcesExlract

A.

ResourcesExlract

Answers
B.

Snagit

B.

Snagit

Answers
C.

Ezvid

C.

Ezvid

Answers
D.

R-Drive Image

D.

R-Drive Image

Answers
Suggested answer: A

Explanation:

The scenario's focus on extracting strings from a suspect system for malware analysis aligns with the functionality of tools like ResourcesExtract:

ResourcesExtract's Purpose:It's designed to extract specific resources, including strings, from executables and other file types. This is crucial for static malware analysis.

String Search and Analysis:Finding and analyzing embedded strings can reveal malicious code behavior, function calls, and other clues about the malware's intent.

Question 86

Report
Export
Collapse

Kalley, a shopping freak, often visits different e commerce websites from her office system. One day, she received a free software on her mail with the claim that it is loaded with new clothing offers. Tempted by this, Kalley downloaded the malicious software onto her system. The software infected Kalley's system and began spreading the infection to other systems connected to the network.

Identify the threat source through which Kalley unintentionally invited the malware into the network?

A.

File sharing services

A.

File sharing services

Answers
B.

Portable hardware media

B.

Portable hardware media

Answers
C.

insecure patch management

C.

insecure patch management

Answers
D.

Decoy application

D.

Decoy application

Answers
Suggested answer: D

Explanation:

Kalley's actions inadvertently introduced malware into the network. Here's how:

Decoy Application:

Adecoy applicationis a seemingly legitimate software or tool that disguises itself as something useful or appealing.

In Kalley's case, she received an email claiming that the software was loaded with new clothing offers. Tempted by this, she downloaded it.

Unfortunately, the software turned out to bemalicious, infecting her system.

Decoy applications often exploit users' curiosity or desire for freebies, enticing them to install harmful software.

EC-Council Certified Security Specialist (E|CSS) documents and course materials.

Question 87

Report
Export
Collapse

Cibel.org, an organization, wanted to develop a web application for marketing its products to the public. In this process, they consulted a cloud service provider and requested provision of development tools, configuration management, and deployment platforms for developing customized applications.

Identify the type of cloud service requested by Cibel.org in the above scenario.

A.

Security-as-a-service (SECaaS)

A.

Security-as-a-service (SECaaS)

Answers
B.

Infrastructure-as-a-service (laaS)

B.

Infrastructure-as-a-service (laaS)

Answers
C.

identity-as-a-service (IDaaS)

C.

identity-as-a-service (IDaaS)

Answers
D.

Platform-as-a-service

D.

Platform-as-a-service

Answers
Suggested answer: D

Explanation:

Cibel.org requested a cloud service that providesdevelopment tools, configuration management, and deployment platformsfor developing customized applications.This aligns with the characteristics ofPlatform-as-a-service (PaaS), which offers a platform for developers to build, deploy, and manage applications without worrying about infrastructure management.Reference: EC-Council Certified Security Specialist (E|CSS) course materials12.

Question 88

Report
Export
Collapse

Below is an extracted Apache error log entry.

'(Wed Aug 28 13:35:38.878945 2020] (core:error] (pid 12356:tid 8689896234] (client 10.0.0.8] File not found: /images/folder/pic.jpg'

Identify the element in the Apache error log entry above that represents the IP address from which the request was made.

A.

10.0.0.8

A.

10.0.0.8

Answers
B.

8689896234

B.

8689896234

Answers
C.

13:35:38.878945

C.

13:35:38.878945

Answers
D.

12356

D.

12356

Answers
Suggested answer: A

Explanation:

Certainly! Let's analyze the Apache error log entry to identify the IP address:

The IP address from which the request was made is10.0.0.8(option A).

This address appears in the log entry as follows:

(client 10.0.0.8] File not found: /images/folder/pic.jpg'

EC-Council Certified Security Specialist (E|CSS) documents and study guide provide insights into network security and log analysis1.

Apache error logs follow a specific format, where the client IP address is indicated1.

Question 89

Report
Export
Collapse

Below is the syntax of a command-line utility that displays active TCP connections and ports on which the computer is listening.

netstat [ a] [e] [-nJ [-o] [ p Protocol] [-r] [-s] [interval]

Identify the netstat parameter that displays active TCP connections and includes the process ID (PID) for each connection.

A.

l-S]

A.

l-S]

Answers
B.

[-O]

B.

[-O]

Answers
C.

[-n]

C.

[-n]

Answers
D.

[-r]

D.

[-r]

Answers
Suggested answer: B

Explanation:

Thenetstatparameter that displays active TCP connections and includes theprocess ID (PID)for each connection is[-O]. When you use this option, netstat will show the associated process ID (PID) for each active connection.

EC-Council Certified Security Specialist (E|CSS) documents and study guide.

EC-Council Certified Security Specialist (E|CSS) course materials12

Question 90

Report
Export
Collapse

A disk drive has 16.384 cylinders, 80 heads, and 63 sectors per track, and each sector can store 512 bytes of data. What is the total size of the disk?

A.

42.278.584,340 bytes

A.

42.278.584,340 bytes

Answers
B.

42.278.584,320 bytes

B.

42.278.584,320 bytes

Answers
C.

42.279,584.320 bytes

C.

42.279,584.320 bytes

Answers
D.

43,278,584,320 bytes

D.

43,278,584,320 bytes

Answers
Suggested answer: B

Explanation:

Sectors per Cylinder: Multiply heads * sectors per track: 80 * 63 = 5040 sectors/cylinder

Bytes per Cylinder: Multiply sectors per cylinder * bytes per sector: 5040 * 512 = 2,580,480 bytes/cylinder

Total Bytes: Multiply bytes per cylinder * total cylinders: 2,580,480 * 16,384 = 42,278,584,320 bytes

Explanation:

To find the total disk size, we need to calculate the storage capacity per cylinder and then multiply that by the total number of cylinders.

Total 100 questions
Go to page: of 10
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms