ExamGecko
Search Search Login
Home Home / ECCouncil / ECSS
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A disk drive has 16.384 cylinders, 80 heads, and 63 sectors per track, and each sector can store 512 bytes of data. What is the total size of the disk?
Peter, a network defender, was instructed to protect the corporate network from unauthorized access. To achieve this, he employed a security solution for wireless communication that uses dragonfly key exchange for authentication, which is the strongest encryption algorithm that protects the network from dictionary and key recovery attacks. Identify the wireless encryption technology implemented in the security solution selected by Peter in the above scenario.
Jay, a network administrator, was monitoring traffic flowing through an IDS. Unexpectedly, he received an event triggered as an alarm, although there is no active attack in progress. Identify the type of IDS alert Jay has received in the above scenario.
Bob, a security professional, was recruited by an organization to ensure that application services are being delivered as expected without any delay. To achieve this. Bob decided to maintain different backup servers for the same resources so that if one backup system fails, another will serve the purpose. Identify the IA principle employed by Bob in the above scenario.
Which of the following MAC forensic data components saves file information and related events using a token with a binary structure?
Identify the backup mechanism that is performed within the organization using external devices such as hard disks and requires human interaction to perform the backup operations, thus, making it suspect able to theft or natural disasters.
Below is an extracted Apache error log entry. '(Wed Aug 28 13:35:38.878945 2020] (core:error] (pid 12356:tid 8689896234] (client 10.0.0.8] File not found: /images/folder/pic.jpg' Identify the element in the Apache error log entry above that represents the IP address from which the request was made.
A system that a cybercriminal was suspected to have used for performing an anti-social activity through the Tor browser. James reviewed the active network connections established using specific ports via Tor. Which of the following port numbers does Tor use for establishing a connection via Tor nodes?
Kevin, an attacker, is attempting to compromise a cloud server. In this process, Kevin intercepted the SOAP messages transmitted between a user and the server, manipulated the body of the message, and then redirected it to the server as a legitimate user to gain access and run malicious code on the cloud server. Identify the attack initiated by Kevin on the target cloud server.
Which of the following environmental controls options saves the hardware from humidity and heat, increases hardware performance, and maintains consistent room temperature?

Question 47 - ECSS discussion

Report
Export

Steve, a professional pen tester, was hired by an organization to assess its cybersecurity. The organization provided Steve with details such as network topology documents, asset inventory, and valuation information. This information helped Steve complete the penetration test successfully, and he provided a snapshot of the organization's current security posture.

Identify the penetration testing strategy followed by Steve in the above scenario.

A.

White-box testing

Answers
A.

White-box testing

B.

Goal oriented penetration testing

Answers
B.

Goal oriented penetration testing

C.

Black box testing

Answers
C.

Black box testing

D.

Grey box testing

Answers
D.

Grey box testing

Suggested answer: A

Explanation:

In the scenario described, Steve is provided with comprehensive information about the organization's network, including topology documents, asset inventory, and valuation information.This approach is indicative ofwhite-box testing, which is a penetration testing strategy where the tester has full knowledge of the system being tested12.

White-box testing allows for a thorough examination of the internal workings of the system, as the tester has access to all information, including source code, architecture diagrams, and other documentation.This level of access enables the tester to perform a more detailed and complete security assessment, as opposed to black-box testing, where the tester has no prior knowledge of the system, or grey-box testing, which is a combination of both white and black-box testing methods12.

In this case, Steve's ability to provide a snapshot of the organization's current security posture is greatly enhanced by the detailed information provided to him, which is a hallmark of the white-box testing methodology.

Show Answer
asked 24/10/2024
Paul Macinic
30 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms