Massive Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

ECCouncil ECSS EC-Council Certified Security Specialist Exam Practice Test

Demo: 50 questions
Total 337 questions

EC-Council Certified Security Specialist Questions and Answers

Question 1

Which of the following statements are true about session hijacking?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

TCP session hijacking is when a hacker takes over a TCP session between two machines.

B.

It is used to slow the working of victim's network resources.

C.

Use of a long random number or string as the session key reduces session hijacking.

D.

It is the exploitation of a valid computer session to gain unauthorized access to informationor services in a computer system.

Question 2

In which of the following DoS attacks does an attacker send an ICMP packet larger than 65,536 bytes to the target system?

Options:

A.

Fraggle

B.

Jolt

C.

Teardrop

D.

Ping of death

Question 3

Which of the following softwares is used to perform constant monitoring of the network infrastructure?

Options:

A.

Logdog

B.

THCHydra

C.

IPSentry

D.

Cain

Question 4

Which of the following is a name, symbol, or slogan with which a product is identified?

Options:

A.

Copyright

B.

Trademark

C.

Trade secret

D.

Patent

Question 5

You work as a Network Administrator for Tech Perfect Inc. The company has a Windows Active Directory-based single domain single forest network. The functional level of the forest is Windows Server 2003. The company has recently provided fifty laptops to its sales team members. You are required to configure an 802.11 wireless network for the laptops. The sales team members must be able to use their data placed at a server in a cabled network. The planned network should be able to handle the threat of unauthorized access and data interception by an unauthorized user.

You are also required to prevent the sales team members from communicating directly to one another. Which of the following actions will you take to accomplish the task?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Configure the wireless network to use WEP encryption for the data transmitted over a wireless network.

B.

Using group policies, configure the network to allow the wireless computers to connect to the ad hoc networks only.

C.

Implement the open system authentication for the wireless network.

D.

Using group policies, configure the network to allow the wireless computers to connect to the infrastructure networks only.

E.

Implement the IEEE 802.1X authentication for the wireless network.

Question 6

Which of the following statements are correct about spoofing and session hijacking?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Spoofing is an attack in which an attacker can spoof the IP address or other identity of the targetand the valid user cannot be active.

B.

Session hijacking is an attack in which an attacker takes over the session, and the valid user'ssession is disconnected.

C.

Session hijacking is an attack in which an attacker takes over the session, and the valid user'ssession is not disconnected.

D.

Spoofing is an attack in which an attacker can spoof the IP address or other identity of the targetbut the valid user can be active.

Question 7

Adam works as a Security Analyst for Umbrella Inc. He is retrieving large amount of log data from various resources such as Apache log files, IIS logs, streaming servers, and some FTP servers. He is facing difficulty in analyzing the logs that he has retrieved. To solve this problem, Adam decides to use AWStats application. Which of the following statements are true about AWStats?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It generates advanced Web, streaming, mail server statistics graphically.

B.

It can analyze log files server tools such as Apache log files, WebStar, IIS and other Web, proxy, and some ftp servers.

C.

It can work with all Web hosting providers, which allow Perl, CGI and log access.

D.

It works only as a CGI and shows all possible information contained in log.

Question 8

Which of the following components are usually found in an Intrusion detection system (IDS)?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Modem

B.

Console

C.

Sensor

D.

Gateway

E.

Firewall

Question 9

Which of the following Linux rootkits allows attackers to hide files, processes, and network connections?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Phalanx2

B.

Adore

C.

Knark

D.

Beastkit

Question 10

Which of the following two cryptography methods are used by NTFS Encrypting File System (EFS) to encrypt the data stored on a disk on a file-by-file basis?

Options:

A.

Twofish

B.

Digital certificates

C.

Public key

D.

RSA

Question 11

Victor works as a professional Ethical Hacker for SecureEnet Inc. He has been assigned a job to test an image, in which some secret information is hidden, using Steganography. Victor performs the following techniques to accomplish the task:

1. Smoothening and decreasing contrast by averaging the pixels of the area where significant

color transitions occurs.

2. Reducing noise by adjusting color and averaging pixel value.

3. Sharpening, Rotating, Resampling, and Softening the image.

Which of the following Steganography attacks is Victor using?

Options:

A.

Steg-Only Attack

B.

Chosen-Stego Attack

C.

Active Attacks

D.

Stegdetect Attack

Question 12

Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?

Options:

A.

Snooping

B.

Copyright

C.

Utility model

D.

Patent

Question 13

Which of the following programs is used for bypassing normal authentication for securing remote access to a computer?

Options:

A.

Worm

B.

Adware

C.

Backdoor

D.

Spyware

Question 14

You work as a Network Administrator for ABC Inc. The company uses a secure wireless network.

John complains to you that his computer is not working properly. What type of security audit do you need to conduct to resolve the problem?

Options:

A.

Independent audit

B.

Operational audit

C.

Non-operational audit

D.

Dependent audit

Question 15

Which of the following can be used to perform session hijacking?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

ARP spoofing

B.

Cross-site scripting

C.

Session fixation

D.

Session sidejacking

Question 16

Maria works as a professional Ethical Hacker. She recently has been assigned a project to test the security of www.we-are-secure.com. The company has provided the following information about the infrastructure of its network:

·Network diagrams of the we-are-secure infrastructure

·Source code of the security tools

· IP addressing information of the we-are-secure network

Which of the following testing methodologies is we-are-secure.com using to test the security of its network?

Options:

A.

Whitebox

B.

Blackbox

C.

Graybox

D.

Alpha testing

Question 17

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using dumpster diving to gather information about Weare- secure, Inc. In which of the following steps of malicious hacking does dumpster diving come under?

Options:

A.

Gaining access

B.

Scanning

C.

Maintaining access

D.

Reconnaissance

Question 18

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He performs Web vulnerability scanning on the We-are-secure server.

The output of the scanning test is as follows:

C.\whisker.pl -h target_IP_address

-- whisker / v1.4.0 / rain forest puppy / www.wiretrip.net -- = - = - = - = - =

= Host: target_IP_address

= Server: Apache/1.3.12 (Win32) ApacheJServ/1.1

mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22

+ 200 OK: HEAD /cgi-bin/printenv

John recognizes /cgi-bin/printenv vulnerability ('Printenv' vulnerability) in the We_are_secure server. Which of the following statements about 'Printenv' vulnerability are true?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

The countermeasure to 'printenv' vulnerability is to remove the CGI script.

B.

'Printenv' vulnerability maintains a log file of user activities on the Website, which may be useful for the attacker.

C.

With the help of 'printenv' vulnerability, an attacker can input specially crafted links and/or other malicious scripts.

D.

This vulnerability helps in a cross site scripting attack.

Question 19

Which of the following is an example of a social engineering attack?

Options:

A.

Phishing

B.

Man-in-the-middle attack

C.

Browser Sniffing

D.

E-mail bombing

Question 20

You work as a Network Security Analyzer. You got a suspicious email while working on a forensic project. Now, you want to know the IP address of the sender so that you can analyze various information such as the actual location, domain information, operating system being used, contact information, etc. of the email sender with the help of various tools and resources. You also want to check whether this email is fake or real. You know that analysis of email headers is a good starting point in such cases. The email header of the suspicious email is given below:

What is the IP address of the sender of this email?

Options:

A.

209.191.91.180

B.

216.168.54.25

C.

172.16.10.90

D.

141.1.1.1

Question 21

You have made a program secure.c to display which ports are open and what types of services are running on these ports. You want to write the program's output to standard output and simultaneously copy it into a specified file. Which of the following commands will you use to accomplish the task?

Options:

A.

less

B.

tee

C.

cat

D.

more

Question 22

Which of the following are the two primary U.S. laws that address cybercrime?

Options:

A.

1030 and 1362

B.

1029 and 2510

C.

1030 and 2510

D.

1029 and 1030

Question 23

Which of the following programs is used to monitor the keystrokes that a user types on a specific computer's keyboard?

Options:

A.

Keylogger

B.

Ettercap

C.

THC-Hydra

D.

Brutus

Question 24

Fill in the blank with the appropriate layer name of the OSI model.

Secure Socket Layer (SSL) operates at the________ layer of the OSI model.

Options:

A.

transport

Question 25

Which of the following is the first computer virus that was used to infect the boot sector of storage media formatted with the DOS File Allocation Table (FAT) file system?

Options:

A.

I love you

B.

Melissa

C.

Brain

D.

Tequila

Question 26

Which of the following representatives of incident response team takes forensic backups of the systems that are the focus of the incident?

Options:

A.

Lead investigator

B.

Legal representative

C.

Information security representative

D.

Technical representative

Question 27

Which of the following processes is used to convert plain text into cipher text?

Options:

A.

Steganography

B.

Encapsulation

C.

Decryption

D.

Encryption

Question 28

Which of the following protocols allows a service to authenticate the identity of a user without needing to see a password?

Options:

A.

SMTP

B.

TCP/IP

C.

ICMP

D.

Kerberos

Question 29

Maria works as the Chief Security Officer for PassGuide Inc. She wants to send secret messages to the CEO of the company. To secure these messages, she uses a technique of hiding a secret message within an ordinary message. The technique provides 'security through obscurity'. What technique is Maria using?

Options:

A.

Encryption

B.

Steganography

C.

RSA algorithm

D.

Public-key cryptography

Question 30

Adam works as a Security Analyst for Umbrella Inc. He is retrieving large amount of log data from syslog servers and network devices such as Router and switches. He is facing difficulty in analyzing the logs that he has retrieved. To solve this problem, Adam decides to use software called Sawmill. Which of the following statements are true about Sawmill?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It incorporates real-time reporting and real-time alerting.

B.

It comes only as a software package for user deployment.

C.

It is a software package for the statistical analysis and reporting of log files.

D.

It is used to analyze any device or software package, which produces a log file such as Web servers, network devices (switches & routers etc.), syslog servers etc.

Question 31

You work as a security manager in Mariotiss Inc. Your enterprise has been facing network and software security threats since a few months. You want to renew your current security policies and management to enhance the safety of your information systems. Which of the following is the best practice to initiate the renewal process from the lowest level with the least managerial effort?

Options:

A.

Change the entire security policy.

B.

Start the Incident handling process.

C.

Switch to a new network infrastructure.

D.

Perform an IT audit.

Question 32

Which of the following malicious codes is used by a hacker to get control over the system files of a victim?

Options:

A.

Worm

B.

Multipartite virus

C.

Macro virus

D.

Trojan

Question 33

Adam works as a Computer Hacking Forensic Investigator for a garment company in the United States. A project has been assigned to him to investigate a case of a disloyal employee who is suspected of stealing design of the garments, which belongs to the company and selling those garments of the same design under different brand name. Adam investigated that the company does not have any policy related to the copy of design of the garments. He also investigated that the trademark under which the employee is selling the garments is almost identical to the original trademark of the company. On the grounds of which of the following laws can the employee be prosecuted?

Options:

A.

Cyber law

B.

Copyright law

C.

Trademark law

D.

Espionage law

Question 34

What level of encryption is used by syskey?

Options:

A.

128-bit

B.

256-bit

C.

64-bit

D.

32-bit

Question 35

Which of the following organizations is dedicated to computer security research and information sharing?

Options:

A.

NIPC

B.

FBI

C.

Honeynet Project

D.

IEEE

Question 36

Which method would provide the highest level of protection for all data transmitted on the internal network only?

(Click the Exhibit button on the toolbar to see the case study.)

Options:

A.

IPSec tunnel mode

B.

SSL

C.

PPTP

D.

IPSec transport mode

E.

SMB

Question 37

Adam, a novice Web user is getting large amount of unsolicited commercial emails on his email address. He suspects that the emails he is receiving are the Spam. Which of the following steps will he take to stop the Spam?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Forward a copy of the spam to the ISP to make the ISP conscious of the spam.

B.

Send an email to the domain administrator responsible for the initiating IP address.

C.

Close existing email account and open new email account.

D.

Report the incident to the FTC (The U.S. Federal Trade Commission) by sending a copy of the spam message.

Question 38

Which of the following U.S. Federal laws addresses computer crime activities in communication lines, stations, or systems?

Options:

A.

18 U.S.C. 2510

B.

18 U.S.C. 1362

C.

18 U.S.C. 1030

D.

18 U.S.C. 2701

E.

18 U.S.C. 1029

Question 39

You work as a security manager in Mariotiss Inc. Your enterprise has been facing network and software security threats since a few months. You want to renew your current security policies and management to enhance the safety of your information systems. Which of the following is the best practice to initiate the renewal process from the lowest level with the least managerial effort?

Options:

A.

Change the entire security policy.

B.

Switch to a new network infrastructure.

C.

Start the Incident handling process.

D.

Perform an IT audit.

Question 40

You work as a Network Administrator for Infonet Inc. The company's network is connected to the Internet. The network has a Web server that is accessible to Internet users. For security, you want to keep the Web server separate from other servers on the network. Where will you place the Web server?

Options:

A.

In a virtual private network (VPN)

B.

With the authentication server

C.

In a demilitarized zone (DMZ)

D.

With the database server

Question 41

John works as a Desktop Technician for NetPerfect Inc. The company has a Windows-based network. For the last few days, the network of the company has become prone to the Man-in-the- Middle attack. John wants to send a confidential MS-Word file to his Manager through e-mail attachment. He wants to ensure that no one is able to open and understand the file's message except the Manager. Which of the following should John use to accomplish the task?

Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Format the file

B.

Apply password to the file

C.

Encryption

D.

File Compression

Question 42

You have made a program secure.c to display which ports are open and what types of services are running on these ports. You want to write the program's output to standard output and simultaneously copy it into a specified file. Which of the following commands will you use to accomplish the task?

Options:

A.

cat

B.

less

C.

more

D.

tee

Question 43

Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping the conversation and keeps the password. After the interchange is over, Eve connects to Bob posing as Alice; when asked for a proof of identity, Eve sends Alice's password read from the last session, which Bob accepts. Which of the following attacks is being used by Eve?

Options:

A.

Firewalking

B.

Replay

C.

Session fixation

D.

Cross site scripting

Question 44

Which of the following is the correct order of digital investigations Standard Operating Procedure (SOP)?

Options:

A.

Initial analysis, request for service, data collection, data reporting, data analysis

B.

Request for service, initial analysis, data collection, data reporting, data analysis

C.

Request for service, initial analysis, data collection, data analysis, data reporting

D.

Initial analysis, request for service, data collection, data analysis, data reporting

Question 45

Which of the following is an example of a low-interaction production honeypot that is developed and sold by the Swiss company Netsec?

Options:

A.

Specter

B.

KFSensor

C.

Honeyd

D.

ManTrap

Question 46

Which of the following technologies is used to detect unauthorized attempts to access and manipulate computer systems locally or through the Internet or an intranet?

Options:

A.

Demilitarized zone (DMZ)

B.

Intrusion detection system (IDS)

C.

Firewall

D.

Packet filtering

Question 47

Which of the following statutes is enacted in the U.S., which prohibits creditors from collecting data from applicants, such as national origin, caste, religion etc?

Options:

A.

The Equal Credit Opportunity Act (ECOA)

B.

The Privacy Act

C.

The Fair Credit Reporting Act (FCRA)

D.

The Electronic Communications Privacy Act

Question 48

Which of the following DoS attacks attempts to block service or reduce activity on a host by sending ping requests directly to the victim?

Options:

A.

Teardrop attack

B.

Ping flood attack

C.

Land attack

D.

SYN flood attack

Question 49

Which of the following is a network worm that exploits the RPC sub-system vulnerability present in the Microsoft Windows operating system?

Options:

A.

WMA/TrojanDownloader.GetCodec

B.

Win32/PSW.OnLineGames

C.

Win32/Agent

D.

Win32/Conflicker

Question 50

Cola Co. manufactures, markets, sells, and distributes non-alcoholic potables such as Lemcaa and Thunder Up under its brand name Cola and uses green and red logo. Mola Co., a new company, starts manufacturing, marketing, selling, and distributing non-alcoholic potables like Lumca and Cloud Up under its brand name Mola and uses green and red logo. Which of the following violations has been committed by Mola Co.?

Options:

A.

Trademark infringement

B.

Plagiarism

C.

Patent law

D.

Copyright infringement

Demo: 50 questions
Total 337 questions