Winter Sale- Special Discount Limited Time 65% Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

ECCouncil ECSS EC-Council Certified Security Specialist (ECSSv10)Exam Exam Practice Test

Page: 1 / 10
Total 100 questions

EC-Council Certified Security Specialist (ECSSv10)Exam Questions and Answers

Question 1

William is an attacker who is attempting to hack Bluetooth-enabled devices at public places. Within the target’s range, he used special software to obtain the data stored in the victim’s device. He used a technique that exploits the vulnerability in the OBject Exchange (OBEX) protocol that Bluetooth uses to exchange information.

Identify the attack performed by William in the above scenario.

Options:

A.

Bluesmacking

B.

Bluesnarfing

C.

Bluebugging

D.

Bluejacking

Question 2

Kevin, a security team member, was instructed to share a policy document with the employees. As it was supposed to be shared within the network, he used a simple algorithm to encrypt the document that just rearranges the same characters to produce the ciphertext.

Identify the type of cipher employed by Kevin in the above scenario.

Options:

A.

Transposition cipher

B.

Stream cipher

C.

Block cipher

D.

Substitution cipher

Question 3

While investigating a web attack on a Windows-based server, Jessy executed the following command on her system:

C:\> net view <10.10.10.11>

What was Jessy’s objective in running the above command?

Options:

A.

Verify the users using open sessions

B.

Check file space usage to look for a sudden decrease in free space

C.

Check whether sessions have been opened with other systems

D.

Review file shares to ensure their purpose

Question 4

Kalley, a network administrator of an organization, has installed a traffic monitoring system to capture and report suspicious traffic signatures. In this process, she detects traffic containing password cracking, sniffing, and brute-forcing attempts.

Which of the following categories of suspicious traffic signature were identified by Kalley through the installed monitoring system?

Options:

A.

Reconnaissance signatures

B.

Informational signatures

C.

Unauthorized access signatures

D.

Denial of service (DoS) signatures

Question 5

Martin, a hacker, aimed to crash a target system. For this purpose, he spoofed the source IP address with the target's IP address and sent many ICMP ECHO request packets to an IP broadcast network, causing all the hosts to respond to the received ICMP ECHO requests and ultimately crashing the target machine.

Identify the type of attack performed by Martin in the above scenario.

Options:

A.

UDP flood attack

B.

Multi vector attack

C.

Smurf attack

D.

Fragmentation attack

Question 6

Kalley, a shopping freak, often visits different e commerce websites from her office system. One day, she received a free software on her mail with the claim that it is loaded with new clothing offers. Tempted by this, Kalley downloaded the malicious software onto her system. The software infected Kalley's system and began spreading the infection to other systems connected to the network.

Identify the threat source through which Kalley unintentionally invited the malware into the network?

Options:

A.

File sharing services

B.

Portable hardware media

C.

insecure patch management

D.

Decoy application

Question 7

James, a forensic specialist, was appointed to investigate an incident in an organization. As part of the investigation, James is attempting to identify whether any external storage devices are connected to the internal systems. For this purpose, he employed a utility to capture the list of all devices connected to the local machine and removed suspicious devices.

Identify the tool employed by James in the above scenario.

Options:

A.

Promise Detect

B.

DriveLetlerView

C.

ESEDatabaseView

D.

ProcDump

Question 8

Which of the following environmental controls options saves the hardware from humidity and heat, increases hardware performance, and maintains consistent room temperature?

Options:

A.

Hot and cold aisles

B.

Lighting system

C.

EMI shielding

D.

Temperature indicator

Question 9

Wesley, a fitness freak, purchased a new Apple smartwatch and synced it with a mobile app downloaded from an unauthorized third party. At the end of the day, when Wesley attempted to access his fitness report from the app, it generated an unusual report and asked for some unnecessary permissions to view it.

Which of the following mobile risks is demonstrated in the above scenario?

Options:

A.

Insecure data storage

B.

Improper platform usage

C.

Client code quality

D.

Insecure authentication

Question 10

Melissa, an ex-employee of an organization, was fired because of misuse of resources and security violations. She sought revenge against the company and targeted its network, as she is already aware of its network topology.

Which of the following categories of insiders does Melissa belong to?

Options:

A.

Malicious insider

B.

Professional insider

C.

Compromised insider

D.

Negligent insider

Question 11

Stella, a mobile user, often ignores the messages received from the manufacturer for updates. One day, she found that files in her device are being replaced, she immediately rushed to the nearest service center for inquiry. They tested the device and identified vulnerabilities in it as it ran with an obsolete OS version.

Identify the mobile device security risk raised on Stella's device in the above scenario.

Options:

A.

Network-based risk

B.

Physical security risks

C.

Application-based risk

D.

System-based risk

Question 12

Which of the following MAC forensic data components saves file information and related events using a token with a binary structure?

Options:

A.

Kexts

B.

User account

C.

Command-line inputs

D.

Basic Security Module

Question 13

Bob, a forensic investigator, was instructed to review a Windows machine and identify any anonymous activities performed using it. In this process. Bob used the command “netstat -ano" to view all the active connections in the system and determined that the connections established by the Tor browser were closed. Which of the following states of the connections established by Tor indicates that the Tor browser is closed?

Options:

A.

ESTABLISHED

B.

CLOSE WAIT

C.

TIMEWAIT

D.

LISTENING

Question 14

Harry, a security professional, was hired to identify the details of an attack that was initiated on a Windows system. In this process, Harry decided to check the logs of currently running applications and the information related to previously uninstalled or removed applications for suspicious events.

Which of the following folders in a Windows system stores information on applications run on the system?

Options:

A.

C:\Windows\debug

B.

C:\Windows\Book

C.

C:\subdir

D.

C:\Windows\Prefelch

Question 15

Clark, a digital forensic expert, was assigned to investigate a malicious activity performed on an organization's network. The organization provided Clark with all the information related to the incident. In this process, he assessed the impact of the incident on the organization, reasons for and source of the incident, steps required to tackle the incident, investigating team required to handle the case, investigative procedures, and possible outcome of the forensic process.

Identify the type of analysis performed by Clark in the above scenario.

Options:

A.

Data analysis

B.

Log analysis

C.

Traffic analysis

D.

Case analysis

Question 16

Jacob, an attacker, targeted container technology to destroy the reputation of an organization. To achieve this, he initially compromised a single container exploiting weak network defaults, overloaded the rest of the containers in the local domain, and restricted them from providing services to legitimate users.

Identify the type of attack initiated by Jacob in the above scenario.

Options:

A.

Docker registry attack

B.

Cross container attack

C.

Container escaping attack

D.

Replay attack

Question 17

Clark, a security professional, was instructed to monitor and continue the backup functions without interrupting the system or application services. In this process, Clark implemented a backup mechanism that dynamically backups the data even If the system or application resources are being used.

Which of the following types of backup mechanisms has Clark implemented in the above scenario?

Options:

A.

Full backup

B.

Cold backup

C.

Hot backup

D.

Offline backup

Question 18

Jack, a forensic investigator, was appointed to investigate a Windows-based security incident. In this process, he employed an Autopsy tool to recover the deleted files from unallocated space, which helps in gathering potential evidence.

Which of the following functions of Autopsy helped Jack recover the deleted files?

Options:

A.

Timeline analysis

B.

Web artifacts

C.

Data carving

D.

Multimedia

Question 19

Mary was surfing the Internet, and she wanted to hide her details and the content she was surfing over the web. She employed a proxy tool that makes his online activity untraceable.

Identify the type of proxy employed by John in the above scenario.

Options:

A.

Reverse proxy

B.

Anonvmous proxy

C.

Explicit proxy

D.

SOCKS proxy

Question 20

Stephen, an attacker, decided to gain access to an organization’s server. He identified a user with access to the remote server. He used sniffing programs to gain the user's credentials and captured the authentication tokens transmitted by the user. Then, he transmitted the captured tokens back tothe server to gain unauthorized access.

Identify the technique used by Stephen to gain unauthorized access to the target server.

Options:

A.

Brute-force attack

B.

Internal monologue

C.

SQL injection

D.

Replay attack

Question 21

Which of the following standards and criteria version of SWCDE mandates that any action with the potential to alter, damage, or destroy any aspect of original evidence must be performed by qualified persons in a forensically sound manner?

Options:

A.

Standards and Criteria 11

B.

Standards and Criteria 13

C.

Standards and Criteria 17

D.

Standards and Criteria 15

Question 22

Below are the elements included in the order of volatility for a typical computing system as per the RFC 3227 guidelines for evidence collection and archiving.

l.Archival media

2.Remote logging and monitoring data related to the target system

3.Routing table, process table, kernel statistics, and memory

4.Registers and processor cache

5-Physical configuration and network topology

6.Disk or other storage media

7.Temporary system files

Identify the correct sequence of order of volatility from the most to least volatile for a typical system.

Options:

A.

7->5- >4->3 ->2 >6 >1

B.

4 >3 >7->l >2 ->5—>6

C.

2—>1—>4-->3-->6-->5—>7

D.

4.>3 >7>6.>2-.>5- >l

Question 23

Michael is an attacker who aims to hack Bob's system. He started collecting data without any active interaction with Bob’s system. Using this technique. Michael can extract sensitive information from unencrypted data.

Identify the class of attack Michael has launched in the above scenario.

Options:

A.

Ac live attack

B.

Insider attack

C.

Close in attack

D.

Passive attack

Question 24

Wesley, a professional hacker, deleted a confidential file in a compromised system using the "/bin/rm/ command to deny access to forensic specialists.

Identify the operating system on which Don has performed the file carving activity.

Options:

A.

Windows

B.

Mac OS

C.

Linux

D.

Android

Question 25

Kevin, an attacker, is attempting to compromise a cloud server. In this process, Kevin intercepted the SOAP messages transmitted between a user and the server, manipulated the body of the message, and then redirected it to the server as a legitimate user to gain access and run malicious code on the cloud server.

Identify the attack initiated by Kevin on the target cloud server.

Options:

A.

Side-channel attack

B.

Wrapping attack

C.

Cross guest VM breaches

D.

DNS spoofing

Question 26

Bob. a network specialist in an organization, is attempting to identify malicious activities in the network. In this process. Bob analyzed specific data that provided him a summary of a conversation between two network devices, including a source IP and source port, a destination IP and destination port, the duration of the conversation, and the information shared during the conversation.

Which of the following types of network-based evidence was collected by Bob in the above scenario?

Options:

A.

Statistical data

B.

Alert data

C.

Session data

D.

Full content data

Question 27

Below are the various steps involved in an email crime investigation.

1.Acquiring the email data

2.Analyzing email headers

3.Examining email messages

4.Recovering deleted email messages

5.Seizing the computer and email accounts

6.Retrieving email headers

What is the correct sequence of steps involved in the investigation of an email crime?

Options:

A.

5->l->3->6-->2 >4

B.

2->4->3-->6->5-->l

C.

1—>3->4—>2-->5">6

D.

5 -> 1 -> 6 -> 2 -> 3 -> 4

Question 28

Below are the various steps involved in establishing a network connection using the shared key authentication process.

l.The AP sends a challenge text to the station.

2.The station connects to the network.

3.The station encrypts the challenge text using its configured 128-bit key and sends the encrypted text to the AP.

4.The station sends an authentication frame to the AP.

5.The AP uses its configured WEP key to decrypt the encrypted text and compares it with the original challenge text.

What is the correct sequence of steps involved in establishing a network connection using the shared key authentication process?

Options:

A.

2 >4>3

B.

4—>2—>1—>3—>5

C.

4—>1—>3—>5—>2

D.

4-->5->3->2-->1

Question 29

Andrew, a system administrator, is performing a UEFI boot process. The current phase of the UEFI boot process consists of the initialization code that the system executes after powering on the EFI system. This phase also manages platform reset events and sets up the system so that it can find, validate, install, and run the PEI.

Which of the following UEFI boot phases is the process currently in?

Options:

A.

Pre-EFI initialization phase

B.

Security phase

C.

Boot device selection phase

D.

Driver execution environment phase

Question 30

Bob, a network administrator in a company, manages network connectivity to 200 employees in six different rooms. Every employee has their own laptop to connect to the Internet through a wireless network, but the company has only one broadband connection.

Which of the following types of wireless networks allows Bob to provide Internet access to every laptop and bring all the devices to a single network?

Options:

A.

Extension to wired network

B.

3G/4G hotspot

C.

Multiple wireless access points

D.

LAN to LAN wireless network

Page: 1 / 10
Total 100 questions