Winter Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

ECCouncil ECSS EC-Council Certified Security Specialist (ECSSv10)Exam Exam Practice Test

Page: 1 / 10
Total 100 questions

EC-Council Certified Security Specialist (ECSSv10)Exam Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$42  $119.99

PDF Study Guide

  • Product Type: PDF Study Guide
$36.75  $104.99
Question 1

An loT sensor in an organization generated an emergency alarm indicating a security breach. The servers hosted in an loT layer accepted, stored, and processed the sensor data received from loT gateways and created dashboards for monitoring, analyzing, and implementing proactive decisions to tackle the issue.

Which of the following layers in the loT architecture performed the above activities after receiving an alert from the loT sensor?

Options:

A.

Communication Layer

B.

Process layer

C.

Cloud layer

D.

Device layer

Question 2

Paola, a professional hacker, was hired to break into the target organization's network and extract sensitive data. In this process, Paola found that the target organization has purchased new hardware. She accessed the new hardware while it was in transit and tampered with the hardware to make it vulnerable to attacks.

Identify the class of attack Paola has performed on the target organization.

Options:

A.

Distribution attack

B.

insider attack

C.

Passive attack

D.

Active attack

Question 3

Stephen, an attacker, decided to gain access to an organization’s server. He identified a user with access to the remote server. He used sniffing programs to gain the user's credentials and captured the authentication tokens transmitted by the user. Then, he transmitted the captured tokens back tothe server to gain unauthorized access.

Identify the technique used by Stephen to gain unauthorized access to the target server.

Options:

A.

Brute-force attack

B.

Internal monologue

C.

SQL injection

D.

Replay attack

Question 4

Jacob, an attacker, targeted container technology to destroy the reputation of an organization. To achieve this, he initially compromised a single container exploiting weak network defaults, overloaded the rest of the containers in the local domain, and restricted them from providing services to legitimate users.

Identify the type of attack initiated by Jacob in the above scenario.

Options:

A.

Docker registry attack

B.

Cross container attack

C.

Container escaping attack

D.

Replay attack

Question 5

Wesley, a professional hacker, deleted a confidential file in a compromised system using the "/bin/rm/ command to deny access to forensic specialists.

Identify the operating system on which Don has performed the file carving activity.

Options:

A.

Windows

B.

Mac OS

C.

Linux

D.

Android

Question 6

Mary was surfing the Internet, and she wanted to hide her details and the content she was surfing over the web. She employed a proxy tool that makes his online activity untraceable.

Identify the type of proxy employed by John in the above scenario.

Options:

A.

Reverse proxy

B.

Anonvmous proxy

C.

Explicit proxy

D.

SOCKS proxy

Question 7

Below are the various steps involved in an email crime investigation.

1.Acquiring the email data

2.Analyzing email headers

3.Examining email messages

4.Recovering deleted email messages

5.Seizing the computer and email accounts

6.Retrieving email headers

What is the correct sequence of steps involved in the investigation of an email crime?

Options:

A.

5->l->3->6-->2 >4

B.

2->4->3-->6->5-->l

C.

1—>3->4—>2-->5">6

D.

5 -> 1 -> 6 -> 2 -> 3 -> 4

Question 8

Morris, an attacker, targeted an application server to manipulate its services. He succeeded by employing input validation attacks such as XSS that exploited vulnerabilities present in the programming logic of an application. Identify the web application layer in which Morris has manipulated the programming logic.

Options:

A.

Business layer

B.

Presentation layer

C.

Database layer

D.

Client layer

Question 9

Kevin, a security team member, was instructed to share a policy document with the employees. As it was supposed to be shared within the network, he used a simple algorithm to encrypt the document that just rearranges the same characters to produce the ciphertext.

Identify the type of cipher employed by Kevin in the above scenario.

Options:

A.

Transposition cipher

B.

Stream cipher

C.

Block cipher

D.

Substitution cipher

Question 10

John, from a remote location, was monitoring his bedridden grandfather’s health condition at his home. John has placed a smart wearable ECC on his grandfather's wrist so that he can receive alerts to his mobile phone and can keep a track over his grandfather's health condition periodically.

Which of the following types of loT communication model was demonstrated in the above scenario?

Options:

A.

Cloud-lo-cloud communication model

B.

Device to gateway model

C.

Device to device model

D.

Device-to-cloud model

Question 11

Jay, a network administrator, was monitoring traffic flowing through an IDS. Unexpectedly, he received an event triggered as an alarm, although there is no active attack in progress.

Identify the type of IDS alert Jay has received in the above scenario.

Options:

A.

True negative alert

B.

False negative alert

C.

True positive alert

D.

False positive alert

Question 12

Kalley, a shopping freak, often visits different e commerce websites from her office system. One day, she received a free software on her mail with the claim that it is loaded with new clothing offers. Tempted by this, Kalley downloaded the malicious software onto her system. The software infected Kalley's system and began spreading the infection to other systems connected to the network.

Identify the threat source through which Kalley unintentionally invited the malware into the network?

Options:

A.

File sharing services

B.

Portable hardware media

C.

insecure patch management

D.

Decoy application

Question 13

Jack, a forensic investigator, was appointed to investigate a Windows-based security incident. In this process, he employed an Autopsy tool to recover the deleted files from unallocated space, which helps in gathering potential evidence.

Which of the following functions of Autopsy helped Jack recover the deleted files?

Options:

A.

Timeline analysis

B.

Web artifacts

C.

Data carving

D.

Multimedia

Question 14

Roxanne is a professional hacker hired by an agency to disrupt the business services of their rival company. Roxanne employed a special type of malware that consumes a server's memory and network bandwidth when triggered. Consequently, the target server is overloaded and stops responding.

Identify the type of malware Roxanne has used in the above scenario.

Options:

A.

Rootkit

B.

Armored virus

C.

worm

D.

Spyware

Question 15

Sam is working as a loan agent for a financial institution. He frequently receives a number of emails from clients providing their personal details for loan approval. As these emails contain sensitive data. Sam had set up a feature that directly downloads the emails on his device without storing a copy on the mail server.

Which of the following protocols provides the above-discussed email features?

Options:

A.

SHA-1

B.

ICMP

C.

SNMP

D.

POP3

Question 16

Jacob, a network defender in an organization, was instructed to improve the physical security measures to prevent unauthorized intrusion attempts. In this process, Jacob implemented certain physical security controls by using warning messages and signs that notify legal consequences to discourage hackers from making intrusion attempts.

Which of the following type of physical security controls has Jacob implemented in the above scenario?

Options:

A.

Detective control

B.

Preventive controls

C.

Deterrent controls

D.

Recovery controls

Question 17

James is a professional hacker attempting to gain access to an industrial system through a remote control device. In this process, he used a specially designed radio transceiver device to sniff radio commands and inject arbitrary code into the firmware of the remote controllers to maintain persistence.

Which of the following attacks is performed by James in the above scenario?

Options:

A.

Malicious reprogramming attack

B.

Re pairing with a malicious RF controller

C.

Command injection

D.

Abusing reprogramming attack

Question 18

Ben, a computer user, applied for a digital certificate. A component of PKI verifies Ben's identity using the credentials provided and passes that request on behalf of Ben to grant the digital certificate.

Which of the following PKI components verified Ben as being legitimate to receive the certificate?

Options:

A.

Certificate directory

B.

Validation authority (VA)

C.

Certificate authority (CA)

D.

Registration authority (RA)

Question 19

Daniel, a networking specialist, identifies a glitch in a networking tool and fixes it on a priority using a system.

Daniel was authorized to make a copy of computers programs while maintaining or repairing the system.

Which of the following acts was demonstrated in the above scenario?

Options:

A.

Data Protection Act 2018 (DPA)

B.

The Digital Millennium Copyright Act (DMCA)

C.

Sarbanes Oxley Act (SOX)

D.

Gramm Leach Bliley Act (GLBA)

Question 20

John, a forensic officer, was working on a criminal case. He employed imaging software to create a copy of data from the suspect device on a storage medium for further investigation. For developing an image of the original data, John used a software application that does not allow an unauthorized user to alter the image content on storage media, thereby retaining an unaltered image copy.

Identify the data acquisition step performed by John in the above scenario.

Options:

A.

Validated data acquisition

B.

Planned for contingency

C.

Sanitized the target media

D.

Enabled write protection on the evidence media

Question 21

A system that a cybercriminal was suspected to have used for performing an anti-social activity through the Tor browser. James reviewed the active network connections established using specific ports via Tor.

Which of the following port numbers does Tor use for establishing a connection via Tor nodes?

Options:

A.

1026/64666

B.

9150/9151

C.

3024/4092

D.

31/456

Question 22

Wesley, a fitness freak, purchased a new Apple smartwatch and synced it with a mobile app downloaded from an unauthorized third party. At the end of the day, when Wesley attempted to access his fitness report from the app, it generated an unusual report and asked for some unnecessary permissions to view it.

Which of the following mobile risks is demonstrated in the above scenario?

Options:

A.

Insecure data storage

B.

Improper platform usage

C.

Client code quality

D.

Insecure authentication

Question 23

Kalley, a network administrator of an organization, has installed a traffic monitoring system to capture and report suspicious traffic signatures. In this process, she detects traffic containing password cracking, sniffing, and brute-forcing attempts.

Which of the following categories of suspicious traffic signature were identified by Kalley through the installed monitoring system?

Options:

A.

Reconnaissance signatures

B.

Informational signatures

C.

Unauthorized access signatures

D.

Denial of service (DoS) signatures

Question 24

Steve, a professional pen tester, was hired by an organization to assess its cybersecurity. The organization provided Steve with details such as network topology documents, asset inventory, and valuation information. This information helped Steve complete the penetration test successfully, and he provided a snapshot of the organization's current security posture.

Identify the penetration testing strategy followed by Steve in the above scenario.

Options:

A.

White-box testing

B.

Goal oriented penetration testing

C.

Black box testing

D.

Grey box testing

Question 25

Stephen, a security specialist, was instructed to identify emerging threats on the organization's network. In this process, he employed a computer system on the Internet intended to attract and trap those who attempt unauthorized host system utilization to penetrate the organization's network.

Identify the type of security solution employed by Stephen in the above scenario.

Options:

A.

Firewall

B.

IDS

C.

Honeypot

D.

Proxy server

Question 26

Bob. a security specialist at an organization, extracted the following IIS log from a Windows-based server: “2019-12-12 06:11:41 192.168.0.10 GET /images/content/bg_body_l.jpg - 80 - 192.168.0.27 Mozilla/5.0 (Windows*NT»6.3:*WOW64)*AppleWebKit/537.36*(KHTML.*like»Cecko)*Chrome/48.0.2564.103»Safari/537.36 200 0 0 365"

Identify the element in the above IIS log entry that indicates the request was fulfilled without error.

Options:

A.

192

B.

80

C.

200

D.

537

Question 27

Mark, an attacker, aims to access an organization's internal server, but the local firewall implementation restricted him from achieving this objective. To overcome this issue, he started sending specially crafted requests to the public server, through which he gained access to the local server.

Identify the type of attack initiated by Mark in the above scenario.

Options:

A.

Web cache poisoning attack

B.

SSRF attack

C.

TTP response-splitting attack

D.

SSH brute-force attack

Question 28

Bruce, a professional hacker, targeted an OT network. He initiated a looping strategy to recover the password of the target system. He started sending one character at a time to check whether the first character entered is correct: If so, he continued the loop for consecutive characters. Using thistechnique. Bruce identified how much time the device takes to finish one complete password authentication process, through which he determined the correct characters in the target password.

Identify the type of attack launched by Bruce on the target OT network.

Options:

A.

Code injection attack

B.

Buller overflow attack

C.

Reconnaissance attack

D.

Side-channel attack

Question 29

Sandra, a hacker, targeted Johana, a software professional, to steal her banking details. She started sending frequent, random pop-up messages with malicious links to her social media page. Johana accidentally clicked on a link, causing a malicious program to get installed in her system. Subsequently, when Johana attempted to access her banking website, the URL directed her to a malicious website controlled by Sandra. Johana entered her banking credentials on the fake website, which Sandra then captured.

Identify the type of attack performed by Sandra on Johana.

Options:

A.

Shoulder surfing

B.

Pharming

C.

Tailgating

D.

Dumpster diving

Question 30

Bob has secretly installed smart CCTV devices (loT devices) outside his home and wants to access the recorded data from a remote location. These smart CCTV devices send sensed data to an intermediate device that carries out pre-processing of data online before transmitting it to the cloudfor storage and analysis. The analyzed data is then sent to Bob for initiating actions.

Identify the component of loT architecture that collects data from loT devices and performs data preprocessing.

Options:

A.

Data lakes

B.

Streaming data processor

C.

Gateway

D.

A Machine learning

Page: 1 / 10
Total 100 questions