Black Friday Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

ECCouncil ECSS EC-Council Certified Security Specialist (ECSSv10)Exam Exam Practice Test

Demo: 29 questions
Total 100 questions

EC-Council Certified Security Specialist (ECSSv10)Exam Questions and Answers

Question 1

Jacob, a network defender in an organization, was instructed to improve the physical security measures to prevent unauthorized intrusion attempts. In this process, Jacob implemented certain physical security controls by using warning messages and signs that notify legal consequences to discourage hackers from making intrusion attempts.

Which of the following type of physical security controls has Jacob implemented in the above scenario?

Options:

A.

Detective control

B.

Preventive controls

C.

Deterrent controls

D.

Recovery controls

Question 2

A major fire broke out in the storeroom of CyberSol Inc. It first gutted the equipment in the storeroom and then started spreading to other areas in the company. The officials of the company informed the fire department. The fire rescue team reached the premises and used a distribution piping system to suppress the fire, thereby preventing any human or asset loss.

Identify the type of fire-fighting system used by the rescue team in the above scenario.

Options:

A.

Fire extinguisher

B.

Wet chemical suppressant

C.

Standpipe system

D.

Sprinkler system

Question 3

Cheryl, a forensic expert, was recruited to investigate a malicious activity performed by an anonymous hackers’ group on an organization’s systems. Using an automated tool, Cheryl was able to extract the malware file and analyze the assembly code instructions, which helped him understand the malware’s purpose.

Which of the following tools helped Cheryl extract and analyze the assembly code of the malware?

Options:

A.

Virtual Box

B.

OllyDbg

C.

QualNet

D.

VMware vSphere

Question 4

Sarah was accessing confidential office files from a remote location via her personal computer connected to the public Internet. Accidentally, a malicious file was downloaded onto Sarah’s computer without her knowledge. This download might be due to the free Internet access and the absence of network defense solutions.

Identify the Internet access policy demonstrated in the above scenario.

Options:

A.

Promiscuous policy

B.

Paranoid policy

C.

Permissive policy

D.

Prudent policy

Question 5

A system that a cybercriminal was suspected to have used for performing an anti-social activity through the Tor browser. James reviewed the active network connections established using specific ports via Tor.

Which of the following port numbers does Tor use for establishing a connection via Tor nodes?

Options:

A.

1026/64666

B.

9150/9151

C.

3024/4092

D.

31/456

Question 6

Sarah, a forensic investigator, is working on a criminal case. She was provided with all the suspect devices. Sarah employs an imaging software tool for duplicating the original data from the suspect devices. However, the tool she employed failed to image the data as the suspect version of the drive was very old and incompatible with imaging software. Hence, Sarah used an alternative data acquisition technique and succeeded in imaging the data.

Which of the following types of data acquisition techniques did Sarah employ in the above scenario?

Options:

A.

Bit-stream disk-to-disk

B.

Bit-stream disk-to-image file

C.

Sparse acquisition

D.

Logical acquisition

Question 7

Daniel, a professional hacker, targeted Alice and lured her into downloading a malicious app from a third-party app store. Upon installation, the core malicious code inside the application started infecting other legitimate apps in Alice's mobile device. Daniel overloaded Alice's device with irrelevant and fraudulent advertisements through the infected app for financial gain.

Identify the type of attack Daniel has launched in the above scenario.

Options:

A.

Agent Smith attack

B.

Bluebugging attack

C.

SMiShing attack

D.

SIM card attack

Question 8

A type of malware allows an attacker to trick the target entity into performing a predefined action, and upon its activation, it grants the attacker unrestricted access to all the data stored on the compromised system.

Which of the following is this type of malware?

Options:

A.

Key log ger

B.

Botnet

C.

Worm

D.

Trojan

Question 9

While investigating a web attack on a Windows-based server, Jessy executed the following command on her system:

C:\> net view <10.10.10.11>

What was Jessy’s objective in running the above command?

Options:

A.

Verify the users using open sessions

B.

Check file space usage to look for a sudden decrease in free space

C.

Check whether sessions have been opened with other systems

D.

Review file shares to ensure their purpose

Question 10

John, from a remote location, was monitoring his bedridden grandfather’s health condition at his home. John has placed a smart wearable ECC on his grandfather's wrist so that he can receive alerts to his mobile phone and can keep a track over his grandfather's health condition periodically.

Which of the following types of loT communication model was demonstrated in the above scenario?

Options:

A.

Cloud-lo-cloud communication model

B.

Device to gateway model

C.

Device to device model

D.

Device-to-cloud model

Question 11

Below are the various steps involved in establishing a network connection using the shared key authentication process.

l.The AP sends a challenge text to the station.

2.The station connects to the network.

3.The station encrypts the challenge text using its configured 128-bit key and sends the encrypted text to the AP.

4.The station sends an authentication frame to the AP.

5.The AP uses its configured WEP key to decrypt the encrypted text and compares it with the original challenge text.

What is the correct sequence of steps involved in establishing a network connection using the shared key authentication process?

Options:

A.

2 >4>3

B.

4—>2—>1—>3—>5

C.

4—>1—>3—>5—>2

D.

4-->5->3->2-->1

Question 12

Jacob, an attacker, targeted container technology to destroy the reputation of an organization. To achieve this, he initially compromised a single container exploiting weak network defaults, overloaded the rest of the containers in the local domain, and restricted them from providing services to legitimate users.

Identify the type of attack initiated by Jacob in the above scenario.

Options:

A.

Docker registry attack

B.

Cross container attack

C.

Container escaping attack

D.

Replay attack

Question 13

Robert, a security specialist, was appointed to strengthen the security of the organization's network. To prevent multiple login attempts from unknown sources, Robert implemented a security strategy of issuing alerts or warning messages when multiple failed login attempts are made.

Which of the following security risks is addressed by Robert to make attempted break-ins unsuccessful?

Options:

A.

Indefinite session timeout

B.

Absence of account lockout for invalid session IDs

C.

Small session-ID generation

D.

Weak session-ID generation

Question 14

An investigator wants to extract information about the status of the network interface cards (NICs) in an organization's Windows-based systems. Identify the command-line utility that can help the investigator detect the network status.

Options:

A.

ipconfig

B.

PsList

C.

ifconfig

D.

PsLoggedOn

Question 15

A disk drive has 16.384 cylinders, 80 heads, and 63 sectors per track, and each sector can store 512bytes of data. What is the total size of the disk?

Options:

A.

42.278.584,340 bytes

B.

42.278.584,320 bytes

C.

42.279,584.320 bytes

D.

43,278,584,320 bytes

Question 16

Wesley, a fitness freak, purchased a new Apple smartwatch and synced it with a mobile app downloaded from an unauthorized third party. At the end of the day, when Wesley attempted to access his fitness report from the app, it generated an unusual report and asked for some unnecessary permissions to view it.

Which of the following mobile risks is demonstrated in the above scenario?

Options:

A.

Insecure data storage

B.

Improper platform usage

C.

Client code quality

D.

Insecure authentication

Question 17

Melanie, a professional hacker, is attempting to break into a target network through an application server. In this process, she identified a logic flaw in the target web application that provided visibility into the source code. She exploited this vulnerability to launch further attacks on the target web application.

Which of the web application vulnerabilities was identified by Melanie in the above scenario?

Options:

A.

Insecure deserialization

B.

Security misconfiguration

C.

Command injection

D.

Broken authentication

Question 18

Jennifer, a forensics investigation team member, was inspecting a compromised system. After gathering all the evidence related to the compromised system, she disconnected the system from the network to stop the spread of the incident to other systems.

Identify the role played by Jennifer in the forensics investigation.

Options:

A.

Evidence manager

B.

Expert witness

C.

Incident responder

D.

Incident analyzer

Question 19

Harry, a security professional, was hired to identify the details of an attack that was initiated on a Windows system. In this process, Harry decided to check the logs of currently running applications and the information related to previously uninstalled or removed applications for suspicious events.

Which of the following folders in a Windows system stores information on applications run on the system?

Options:

A.

C:\Windows\debug

B.

C:\Windows\Book

C.

C:\subdir

D.

C:\Windows\Prefelch

Question 20

Below are the elements included in the order of volatility for a typical computing system as per the RFC 3227 guidelines for evidence collection and archiving.

l.Archival media

2.Remote logging and monitoring data related to the target system

3.Routing table, process table, kernel statistics, and memory

4.Registers and processor cache

5-Physical configuration and network topology

6.Disk or other storage media

7.Temporary system files

Identify the correct sequence of order of volatility from the most to least volatile for a typical system.

Options:

A.

7->5- >4->3 ->2 >6 >1

B.

4 >3 >7->l >2 ->5—>6

C.

2—>1—>4-->3-->6-->5—>7

D.

4.>3 >7>6.>2-.>5- >l

Question 21

Michael, a forensic expert, was assigned to investigate an incident that involved unauthorized intrusion attempts. In this process, Michael identified all the open ports on a system and disabled them because these open ports can allow attackers to install malicious services and compromise the security of the system or network.

Which of the following commands assisted Michael in identifying open ports in the above scenario?

Options:

A.

nmap -sT localhost

B.

netstat -i

C.

ilconfig promise

D.

netstat rn

Question 22

Kalley, a shopping freak, often visits different e commerce websites from her office system. One day, she received a free software on her mail with the claim that it is loaded with new clothing offers. Tempted by this, Kalley downloaded the malicious software onto her system. The software infected Kalley's system and began spreading the infection to other systems connected to the network.

Identify the threat source through which Kalley unintentionally invited the malware into the network?

Options:

A.

File sharing services

B.

Portable hardware media

C.

insecure patch management

D.

Decoy application

Question 23

Bob. a network specialist in an organization, is attempting to identify malicious activities in the network. In this process. Bob analyzed specific data that provided him a summary of a conversation between two network devices, including a source IP and source port, a destination IP and destination port, the duration of the conversation, and the information shared during the conversation.

Which of the following types of network-based evidence was collected by Bob in the above scenario?

Options:

A.

Statistical data

B.

Alert data

C.

Session data

D.

Full content data

Question 24

Roxanne is a professional hacker hired by an agency to disrupt the business services of their rival company. Roxanne employed a special type of malware that consumes a server's memory and network bandwidth when triggered. Consequently, the target server is overloaded and stops responding.

Identify the type of malware Roxanne has used in the above scenario.

Options:

A.

Rootkit

B.

Armored virus

C.

worm

D.

Spyware

Question 25

Sandra, a hacker, targeted Johana, a software professional, to steal her banking details. She started sending frequent, random pop-up messages with malicious links to her social media page. Johana accidentally clicked on a link, causing a malicious program to get installed in her system. Subsequently, when Johana attempted to access her banking website, the URL directed her to a malicious website controlled by Sandra. Johana entered her banking credentials on the fake website, which Sandra then captured.

Identify the type of attack performed by Sandra on Johana.

Options:

A.

Shoulder surfing

B.

Pharming

C.

Tailgating

D.

Dumpster diving

Question 26

Which of the following techniques is referred to as a messaging feature that originates from a server and enables the delivery of data or a message from an application to a mobile device without any explicit request from the user?

Options:

A.

Geofencing

B.

PIN feature

C.

Containerization

D.

Push notification

Question 27

Bruce, a professional hacker, targeted an OT network. He initiated a looping strategy to recover the password of the target system. He started sending one character at a time to check whether the first character entered is correct: If so, he continued the loop for consecutive characters. Using thistechnique. Bruce identified how much time the device takes to finish one complete password authentication process, through which he determined the correct characters in the target password.

Identify the type of attack launched by Bruce on the target OT network.

Options:

A.

Code injection attack

B.

Buller overflow attack

C.

Reconnaissance attack

D.

Side-channel attack

Question 28

Bob, a forensic investigator, is investigating a live Windows system found at a crime scene. In this process, Bob extracted subkeys containing information such as SAM. Security, and software using an automated tool called FTK Imager.

Which of the following Windows Registry hives' subkeys provide the above information to Bob?

Options:

A.

H KEY-CLASSES. ROOT

B.

HKEY .CURRENT CONFIG

C.

HKEY CURRENT USER

D.

HKEY LOCAL MACHINE

Question 29

Ben, a computer user, applied for a digital certificate. A component of PKI verifies Ben's identity using the credentials provided and passes that request on behalf of Ben to grant the digital certificate.

Which of the following PKI components verified Ben as being legitimate to receive the certificate?

Options:

A.

Certificate directory

B.

Validation authority (VA)

C.

Certificate authority (CA)

D.

Registration authority (RA)

Demo: 29 questions
Total 100 questions