Download Exam ECSS Practice Test Questions with 100% Verified Answers [Q24-Q46]

Published date October 6, 2024

Rate this post

Download Exam ECSS Practice Test Questions with 100% Verified Answers

Share Latest ECSSTest Practice Test Questions, Exam Dumps

NO.24 You work as a Network Administrator for Infonet Inc. The company’s office has a wireless network. Wireless access point on the network works as a router and DHCP server. You want to configure a laptop to connect to the wireless network. What will you configure on the laptop to accomplish the task?

Internet service provider’s DNS server address

I/O address

Service Set Identifier

Demilitarized zone

NO.25 Messy, a network defender, was hired to secure an organization’s internal network. He deployed an IDS in which the detection process depends on observing and comparing the observed events with the normal behavior and then detecting any deviation from it.
Identify the type of IDS employed by Messy in the above scenario.

Stateful protocol analysis

Anomaly-based

Signature-based

Application proxy

Messy has deployed an anomaly-based Intrusion Detection System (IDS). This type of IDS observes and compares observed events with normal behavior, detecting deviations from the established patterns. It identifies anomalies that may indicate potential security threats. References: EC-Council Certified Security Specialist (E|CSS) course materials12.

NO.26 Kane, an investigation specialist, was appointed to investigate an incident in an organization’s network. In this process, Kane executed a command and identified that a network interface is running in the promiscuous mode and is allowing all incoming packets without any restriction.
In the above scenario, which of the following commands did Kane use to check whether the network interface is set to the promiscuous mode?

ipconfig < interface name >

ifconfig < interface name >

nmap -sT localhost

netstat -i

Kane used the ifconfig command to check whether the network interface is set to promiscuous mode.
The ifconfig command displays information about network interfaces, including their configuration settings.
When a network interface is in promiscuous mode, it allows all incoming packets to be captured without any filtering or restriction.
References:
* EC-Council Certified Security Specialist (E|CSS) documents and study guide.
* EC-Council Certified Security Specialist (E|CSS) course materials12345678910111213141516

NO.27 Which of the following refers to a computer that must be secure because it is accessible from the Internet and is vulnerable to attacks?

Gateway

LMHOSTS

Firewall

Bastion host

NO.28 Victor works as a professional Ethical Hacker for SecureEnet Inc. He has been assigned a job to test an image, in which some secret information is hidden, using Steganography. Victor performs the following techniques to accomplish the task:
1.Smoothening and decreasing contrast by averaging the pixels of the area where significant
color transitions occurs.
2.Reducing noise by adjusting color and averaging pixel value.
3.Sharpening, Rotating, Resampling, and Softening the image.
Which of the following Steganography attacks is Victor using?

Steg-Only Attack

Chosen-Stego Attack

Active Attacks

Stegdetect Attack

NO.29 Which of the following cryptographic system services ensures that information will not be disclosed to any unauthorized person on a local network?

Confidentiality

Authentication

Integrity

Non-repudiation

NO.30 Which of the following programs is used to monitor the keystrokes that a user types on a specific computer’s keyboard?

Keylogger

Brutus

Ettercap

THC-Hydra

NO.31 Which of the following can be used to perform session hijacking?
Each correct answer represents a complete solution. Choose all that apply.

ARP spoofing

Cross-site scripting

Session fixation

Session sidejacking

NO.32 The IT administrator wants to implement a stronger security policy. What are the four most important security priorities for PassGuide Software Systems Pvt. Ltd.? (Click the Exhibit button on the toolbar to see the case study.)

Preventing denial-of-service attacks.

Providing two-factor authentication.

Ensuring secure authentication.

Protecting employee data on portable computers.

Implementing Certificate services on Texas office.

Preventing unauthorized network access.

Providing secure communications between the overseas office and the headquarters.

Providing secure communications between Washington and the headquarters office.

NO.33 Which of the following two cryptography methods are used by NTFS Encrypting File System (EFS) to encrypt the data stored on a disk on a file-by-file basis?

Digital certificates

Twofish

Public key

RSA

NO.34 Mark works as a Network Administrator for Infonet Inc. The company has a Windows 2000 Active Directory domain-based network. The domain contains one hundred Windows XP Professional client computers. Mark is deploying an 802.11 wireless LAN on the network. The wireless LAN will use Wired Equivalent Privacy (WEP) for all the connections. According to the company’s security policy, the client computers must be able to automatically connect to the wireless LAN. However, the unauthorized computers must not be allowed to connect to the wireless LAN and view the wireless network. Mark wants to configure all the wireless access points and client computers to act in accordance with the company’s security policy. What will he do to accomplish this?
Each correct answer represents a part of the solution. Choose three.

Configure the authentication type for the wireless LAN to Open system.

Disable SSID Broadcast and enable MAC address filtering on all wireless access points.

On each client computer, add the SSID for the wireless LAN as the preferred network.

Install a firewall software on each wireless access point.

Broadcast SSID to connect to the access point (AP).

Configure the authentication type for the wireless LAN to Shared Key.

NO.35 Bob.
a security specialist at an organization, extracted the following IIS log from a Windows-based server:
“2019-12-12 06:11:41 192.168.0.10 GET /images/content/bg_body_l.jpg – 80 – 192.168.0.27 Mozilla/5.0 (Windows*NT 6.3:*WOW64)*AppleWebKit/537.36*(KHTML.*like Cecko)*Chrome/48.0.2564.103 Safari/5
http://www.movie5cope.com/css/style.c5s 200 0 0 365″
Identify the element in the above IIS log entry that indicates the request was fulfilled without error.

192

200

537

The element in the given IIS log entry that indicates the request was fulfilled without error is C. 2001. The HTTP status code 200 signifies a successful response, indicating that the server successfully processed the client’s request1.

NO.36 Which of the following organizations is dedicated to computer security research and information sharing?

NIPC

FBI

Honeynet Project

IEEE

NO.37 In which of the following complaint types does a fraudulent transaction take place?

Overpayment Fraud

FBI scams

Auction fraud

Computer damage

NO.38 While investigating a web attack on a Windows-based server, Jessy executed the following command on her system:
C:> net view <10.10.10.11>
What was Jessy’s objective in running the above command?

Verify the users using open sessions

Check file space usage to look for a sudden decrease in free space

Check whether sessions have been opened with other systems

Review file shares to ensure their purpose

The net view command in Windows is used to display a list of resources being shared on a computer. When used with a specific computer name or IP address, as in net view <10.10.10.11>, it displays the shared resources available on that particular computer1. Jessy’s objective in running this command was likely to review the file shares on the server with the IP address 10.10.10.11 to ensure that they are correctly purposed and not maliciously altered or added as part of the web attack.
This command does not verify users using open sessions, check file space usage, or check whether sessions have been opened with other systems. Instead, it specifically lists the shared resources, which can include file shares and printer shares, providing insight into what is being shared from the server in question. This information is crucial during a forensic investigation of a web attack to understand if and how the server’s shared resources were compromised or utilized by the attacker.

NO.39 You work as a Network Administrator for ABC Inc. The company uses a secure wireless network.
John complains to you that his computer is not working properly. What type of security audit do you need to conduct to resolve the problem?

Independent audit

Operational audit

Non-operational audit

Dependent audit

NO.40 Bob, a forensic investigator, was instructed to review a Windows machine and identify any anonymous activities performed using it. In this process. Bob used the command “netstat -ano” to view all the active connections in the system and determined that the connections established by the Tor browser were closed.
Which of the following states of the connections established by Tor indicates that the Tor browser is closed?

ESTABLISHED

CLOSE WAIT

TIMEWAIT

LISTENING

The netstat -ano command is used to display all active connections and their respective states on a system.
When the Tor browser is closed, the connections it established would no longer be active. The state that indicates a connection is no longer active and is in the process of closing is TIMEWAIT1.
In the context of TCP/IP networking, TIMEWAIT is a state that occurs after a connection has been terminated by the application, and the system is waiting to ensure that all packets have been received to prevent any delayed packets from appearing in subsequent connections2. This state helps to ensure that a new connection does not receive packets from an old connection, which is particularly important in ensuring the security and integrity of data transmission.
The other states listed have different meanings:
* A. ESTABLISHED: This state means that the connection is currently active and data can be transferred.
* B. CLOSE WAIT: This state indicates that the remote end has shut down, and the local end is waiting for the application to close the connection.
* D. LISTENING: This state signifies that the server is waiting for incoming connections on a specific port.
Therefore, the correct answer is C, TIMEWAIT, as it represents the state where the connection has been closed by the application, which in this case would be the Tor browser.

NO.41 Which of the following commands is used to test a network connection?

Popd

Path

Perfmon

Ping

NO.42 An organization decided to strengthen the security of its network by studying and analyzing the behavior of attackers. For this purpose. Steven, a security analyst, was instructed to deploy a device to bait attackers.
Steven selected a solution that appears to contain very useful information to lure attackers and find their locationsand techniques.
Identify the type of device deployed by Steven in the above scenario.

Firewall

Router

Intrusion detection system

Honeypot

Steven deployed a honeypot in the scenario. A honeypot is a simulation of an IT system or software application that acts as bait to attract the attention of attackers. While it appears to be a legitimate target, it is actually fake and carefully monitored by an IT security team. The purpose of a honeypot includes distraction (diverting attackers’ attention), threat intelligence (revealing attack methods), and research/training for security professionals1.
References:
* EC-Council Certified Security Specialist (E|CSS) documents and study guide1.
* EC-Council Certified Security Specialist (E|CSS) course materials2.

NO.43 Which of the following functions does the RSA Digital Signature combine with public key algorithm to create a more secure signature?

NO.44 Identify the backup mechanism that is performed within the organization using external devices such as hard disks and requires human interaction to perform the backup operations, thus, making it suspect able to theft or natural disasters.

Offsite data backup

Cloud data backup

Online data backup

Onsite data backup

* The backup mechanism described in the scenario, which involves using external devices (such as hard
* disks) and requires human interaction for backup operations, is known as onsite data backup. In this approach, backups are stored within the organization’s premises, making them susceptible to theft, damage, or natural disasters. It is essential to consider additional offsite or cloud-based backup solutions to enhance data resilience and security.
* References: EC-Council Certified Security Specialist (E|CSS) documents and study guide12.

NO.45 Which of the following statements are correct about spoofing and session hijacking?
Each correct answer represents a complete solution. Choose all that apply.

Spoofing is an attack in which an attacker can spoof the IP address or other identity of the targetand the valid user cannot be active.

Session hijacking is an attack in which an attacker takes over the session, and the valid user’ssession is disconnected.

Session hijacking is an attack in which an attacker takes over the session, and the valid user’ssession is not disconnected.

Spoofing is an attack in which an attacker can spoof the IP address or other identity of the targetbut the valid user can be active.

NO.46 You work as a Network Administrator for Tech Perfect Inc. The company has a Windows Active Directory-based single domain single forest network. The functional level of the forest is Windows Server 2003. The company has recently provided fifty laptops to its sales team members. You are required to configure an 802.11 wireless network for the laptops. The sales team members must be able to use their data placed at a server in a cabled network. The planned network should be able to handle the threat of unauthorized access and data interception by an unauthorized user.
You are also required to prevent the sales team members from communicating directly to one another. Which of the following actions will you take to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.

Configure the wireless network to use WEP encryption for the data transmitted over a wireless network.

Using group policies, configure the network to allow the wireless computers to connect to the ad hoc networks only.

Implement the open system authentication for the wireless network.

Using group policies, configure the network to allow the wireless computers to connect to the infrastructure networks only.

Implement the IEEE 802.1X authentication for the wireless network.

Loading …