Winter Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: geek65

ECSS EC-Council Certified Security Specialist (ECSSv10)Exam Questions and Answers

Questions 4

Bob, a forensic investigator, is investigating a live Windows system found at a crime scene. In this process, Bob extracted subkeys containing information such as SAM. Security, and software using an automated tool called FTK Imager.

Which of the following Windows Registry hives' subkeys provide the above information to Bob?

Options:

A.

H KEY-CLASSES. ROOT

B.

HKEY .CURRENT CONFIG

C.

HKEY CURRENT USER

D.

HKEY LOCAL MACHINE

Buy Now
Questions 5

Robert, a security specialist, was appointed to strengthen the security of the organization's network. To prevent multiple login attempts from unknown sources, Robert implemented a security strategy of issuing alerts or warning messages when multiple failed login attempts are made.

Which of the following security risks is addressed by Robert to make attempted break-ins unsuccessful?

Options:

A.

Indefinite session timeout

B.

Absence of account lockout for invalid session IDs

C.

Small session-ID generation

D.

Weak session-ID generation

Buy Now
Questions 6

Bob, a security professional, was recruited by an organization to ensure that application services are being delivered as expected without any delay. To achieve this. Bob decided to maintain different backup servers for the same resources so that if one backup system fails, another will serve the purpose.

Identify the IA principle employed by Bob in the above scenario.

Options:

A.

Integrity

B.

Confidentiality

C.

Authentication

D.

Availability

Buy Now
Questions 7

Wesley, a professional hacker, deleted a confidential file in a compromised system using the "/bin/rm/ command to deny access to forensic specialists.

Identify the operating system on which Don has performed the file carving activity.

Options:

A.

Windows

B.

Mac OS

C.

Linux

D.

Android

Buy Now
Questions 8

Ben, a computer user, applied for a digital certificate. A component of PKI verifies Ben's identity using the credentials provided and passes that request on behalf of Ben to grant the digital certificate.

Which of the following PKI components verified Ben as being legitimate to receive the certificate?

Options:

A.

Certificate directory

B.

Validation authority (VA)

C.

Certificate authority (CA)

D.

Registration authority (RA)

Buy Now
Questions 9

Mark, an attacker, aims to access an organization's internal server, but the local firewall implementation restricted him from achieving this objective. To overcome this issue, he started sending specially crafted requests to the public server, through which he gained access to the local server.

Identify the type of attack initiated by Mark in the above scenario.

Options:

A.

Web cache poisoning attack

B.

SSRF attack

C.

TTP response-splitting attack

D.

SSH brute-force attack

Buy Now
Questions 10

Kalley, a network administrator of an organization, has installed a traffic monitoring system to capture and report suspicious traffic signatures. In this process, she detects traffic containing password cracking, sniffing, and brute-forcing attempts.

Which of the following categories of suspicious traffic signature were identified by Kalley through the installed monitoring system?

Options:

A.

Reconnaissance signatures

B.

Informational signatures

C.

Unauthorized access signatures

D.

Denial of service (DoS) signatures

Buy Now
Questions 11

Jay, a network administrator, was monitoring traffic flowing through an IDS. Unexpectedly, he received an event triggered as an alarm, although there is no active attack in progress.

Identify the type of IDS alert Jay has received in the above scenario.

Options:

A.

True negative alert

B.

False negative alert

C.

True positive alert

D.

False positive alert

Buy Now
Questions 12

Michael is an attacker who aims to hack Bob's system. He started collecting data without any active interaction with Bob’s system. Using this technique. Michael can extract sensitive information from unencrypted data.

Identify the class of attack Michael has launched in the above scenario.

Options:

A.

Ac live attack

B.

Insider attack

C.

Close in attack

D.

Passive attack

Buy Now
Questions 13

Below are the various stages of the virus lifecycle:

1) Replication

2)Detection

3)lncorporation

4)Design

5)Execution of the damage routine

6)Launch

What is the correct sequence of stages involved in the virus lifecycle?

Options:

A.

3->l >2- >6 >5 >4

B.

4 >2 >3 >5 >6- >1

C.

4 >l->6 >2 >3- >5

D.

1>2 >3- >4 >5- >6

Buy Now
Questions 14

Roxanne is a professional hacker hired by an agency to disrupt the business services of their rival company. Roxanne employed a special type of malware that consumes a server's memory and network bandwidth when triggered. Consequently, the target server is overloaded and stops responding.

Identify the type of malware Roxanne has used in the above scenario.

Options:

A.

Rootkit

B.

Armored virus

C.

worm

D.

Spyware

Buy Now
Questions 15

Sam is working as a loan agent for a financial institution. He frequently receives a number of emails from clients providing their personal details for loan approval. As these emails contain sensitive data. Sam had set up a feature that directly downloads the emails on his device without storing a copy on the mail server.

Which of the following protocols provides the above-discussed email features?

Options:

A.

SHA-1

B.

ICMP

C.

SNMP

D.

POP3

Buy Now
Questions 16

Joseph, a security professional, was instructed to secure the organization's network. In this process, he began analyzing packet headers to check whether any indications of source and destination IP addresses and port numbers are being changed during transmission.

Identify the attack signature analysis technique performed by Joseph in the above scenario.

Options:

A.

Composite-signature-based analysis

B.

Context based signature analysis

C.

Content based signature analysis

D.

Atomic signature based analysis

Buy Now
Questions 17

Below are the elements included in the order of volatility for a typical computing system as per the RFC 3227 guidelines for evidence collection and archiving.

l.Archival media

2.Remote logging and monitoring data related to the target system

3.Routing table, process table, kernel statistics, and memory

4.Registers and processor cache

5-Physical configuration and network topology

6.Disk or other storage media

7.Temporary system files

Identify the correct sequence of order of volatility from the most to least volatile for a typical system.

Options:

A.

7->5- >4->3 ->2 >6 >1

B.

4 >3 >7->l >2 ->5—>6

C.

2—>1—>4-->3-->6-->5—>7

D.

4.>3 >7>6.>2-.>5- >l

Buy Now
Questions 18

Kevin logged into a banking application with his registered credentials and tried to transfer some amount from his account to Flora's account. Before transferring the amount to Flora’s account, the application sent an OTP to Kevin's mobile for confirmation.

Which of the following authentication mechanisms is employed by the banking application in the above scenario?

Options:

A.

Single sign on (SSO) authentication

B.

Smart card authentication

C.

Biometric authentication

D.

Two factor authentication

Buy Now
Questions 19

Paola, a professional hacker, configured her wireless router in an organization's premises and advertised it with a spoofed SSID. She lured victims to connect to the router by sending the fake SSID. She started sniffing all the traffic from the victims that is passing through his wireless router.

Which of the following types of attacks is Paola performing in the above scenario?

Options:

A.

Key reinstallation attack

B.

Ad-hoc connection attack

C.

Rogue AP attack

D.

AP MAC spoofing attack

Buy Now
Questions 20

Morris, an attacker, targeted an application server to manipulate its services. He succeeded by employing input validation attacks such as XSS that exploited vulnerabilities present in the programming logic of an application. Identify the web application layer in which Morris has manipulated the programming logic.

Options:

A.

Business layer

B.

Presentation layer

C.

Database layer

D.

Client layer

Buy Now
Questions 21

Michael, a forensic expert, was assigned to investigate an incident that involved unauthorized intrusion attempts. In this process, Michael identified all the open ports on a system and disabled them because these open ports can allow attackers to install malicious services and compromise the security of the system or network.

Which of the following commands assisted Michael in identifying open ports in the above scenario?

Options:

A.

nmap -sT localhost

B.

netstat -i

C.

ilconfig promise

D.

netstat rn

Buy Now
Questions 22

Sandra, a hacker, targeted Johana, a software professional, to steal her banking details. She started sending frequent, random pop-up messages with malicious links to her social media page. Johana accidentally clicked on a link, causing a malicious program to get installed in her system. Subsequently, when Johana attempted to access her banking website, the URL directed her to a malicious website controlled by Sandra. Johana entered her banking credentials on the fake website, which Sandra then captured.

Identify the type of attack performed by Sandra on Johana.

Options:

A.

Shoulder surfing

B.

Pharming

C.

Tailgating

D.

Dumpster diving

Buy Now
Questions 23

Which of the following techniques is referred to as a messaging feature that originates from a server and enables the delivery of data or a message from an application to a mobile device without any explicit request from the user?

Options:

A.

Geofencing

B.

PIN feature

C.

Containerization

D.

Push notification

Buy Now
Questions 24

A type of malware allows an attacker to trick the target entity into performing a predefined action, and upon its activation, it grants the attacker unrestricted access to all the data stored on the compromised system.

Which of the following is this type of malware?

Options:

A.

Key log ger

B.

Botnet

C.

Worm

D.

Trojan

Buy Now
Questions 25

John, a forensic officer, was working on a criminal case. He employed imaging software to create a copy of data from the suspect device on a storage medium for further investigation. For developing an image of the original data, John used a software application that does not allow an unauthorized user to alter the image content on storage media, thereby retaining an unaltered image copy.

Identify the data acquisition step performed by John in the above scenario.

Options:

A.

Validated data acquisition

B.

Planned for contingency

C.

Sanitized the target media

D.

Enabled write protection on the evidence media

Buy Now
Questions 26

Below are the various steps involved in forensic readiness planning.

l.Keep an incident response team ready to review the incident and preserve the evidence.

2.Create a process for documenting the procedure.

3.ldentify the potential evidence required for an incident.

4.Determine the sources of evidence.

5.Establish a legal advisory board to guide the investigation process.

6.ldentify if the incident requires full or formal investigation.

7.Establish a policy for securely handling and storing the collected evidence.

8.Define a policy that determines the pathway to legally extract electronic evidence with minimal disruption. Identify the correct sequence of steps involved in forensic readiness planning.

Options:

A.

1 >2 >3 >4 -5 >6 >7 >8

B.

2..>3->l->4->6->5->7->8

C.

3 >4 >8 >7 >6 >2 >5 >1

D.

3 >1. >4 >S >8 >2 >6 >7

Buy Now
Questions 27

Williams, a forensic specialist, was tasked with performing a static malware analysis on a suspect system in an organization. For this purpose, Williams used an automated tool to perform a string search and saved all the identified strings in a text file. After analyzing the strings, he determined all the harmful actions that were performed by malware.

Identify the tool employed by Williams in the above scenario.

Options:

A.

ResourcesExlract

B.

Snagit

C.

Ezvid

D.

R-Drive Image

Buy Now
Questions 28

Peter, a network defender, was instructed to protect the corporate network from unauthorized access. To achieve this, he employed a security solution for wireless communication that uses dragonfly key exchange for authentication, which is the strongest encryption algorithm that protects the network from dictionary and key recovery attacks.

Identify the wireless encryption technology implemented in the security solution selected by Peter in the above scenario.

Options:

A.

WPA

B.

WPA3

C.

WEP

D.

EAP

Buy Now
Questions 29

Kalley, a shopping freak, often visits different e commerce websites from her office system. One day, she received a free software on her mail with the claim that it is loaded with new clothing offers. Tempted by this, Kalley downloaded the malicious software onto her system. The software infected Kalley's system and began spreading the infection to other systems connected to the network.

Identify the threat source through which Kalley unintentionally invited the malware into the network?

Options:

A.

File sharing services

B.

Portable hardware media

C.

insecure patch management

D.

Decoy application

Buy Now
Questions 30

Paola, a professional hacker, was hired to break into the target organization's network and extract sensitive data. In this process, Paola found that the target organization has purchased new hardware. She accessed the new hardware while it was in transit and tampered with the hardware to make it vulnerable to attacks.

Identify the class of attack Paola has performed on the target organization.

Options:

A.

Distribution attack

B.

insider attack

C.

Passive attack

D.

Active attack

Buy Now
Exam Code: ECSS
Exam Name: EC-Council Certified Security Specialist (ECSSv10)Exam
Last Update: Dec 3, 2024
Questions: 100
ECSS pdf

ECSS PDF

$29.75  $84.99
ECSS Engine

ECSS Testing Engine

$35  $99.99
ECSS PDF + Engine

ECSS PDF + Testing Engine

$47.25  $134.99