EC-Council Certified Security Specialist (ECSSv10)Exam Questions and Answers
A disk drive has 16.384 cylinders, 80 heads, and 63 sectors per track, and each sector can store 512bytes of data. What is the total size of the disk?
Kalley, a network administrator of an organization, has installed a traffic monitoring system to capture and report suspicious traffic signatures. In this process, she detects traffic containing password cracking, sniffing, and brute-forcing attempts.
Which of the following categories of suspicious traffic signature were identified by Kalley through the installed monitoring system?
Jack, a forensic investigator, was appointed to investigate a Windows-based security incident. In this process, he employed an Autopsy tool to recover the deleted files from unallocated space, which helps in gathering potential evidence.
Which of the following functions of Autopsy helped Jack recover the deleted files?
James is a professional hacker who managed to penetrate the target company’s network and tamper with software by adding a malicious script in the production that holds persistence on the network.
Which of the following phases of hacking is James currently in?
A type of malware allows an attacker to trick the target entity into performing a predefined action, and upon its activation, it grants the attacker unrestricted access to all the data stored on the compromised system.
Which of the following is this type of malware?
Bob, a security professional, was recruited by an organization to ensure that application services are being delivered as expected without any delay. To achieve this. Bob decided to maintain different backup servers for the same resources so that if one backup system fails, another will serve the purpose.
Identify the IA principle employed by Bob in the above scenario.
Jay, a network administrator, was monitoring traffic flowing through an IDS. Unexpectedly, he received an event triggered as an alarm, although there is no active attack in progress.
Identify the type of IDS alert Jay has received in the above scenario.
Jacob, a network defender in an organization, was instructed to improve the physical security measures to prevent unauthorized intrusion attempts. In this process, Jacob implemented certain physical security controls by using warning messages and signs that notify legal consequences to discourage hackers from making intrusion attempts.
Which of the following type of physical security controls has Jacob implemented in the above scenario?
Bob. a network specialist in an organization, is attempting to identify malicious activities in the network. In this process. Bob analyzed specific data that provided him a summary of a conversation between two network devices, including a source IP and source port, a destination IP and destination port, the duration of the conversation, and the information shared during the conversation.
Which of the following types of network-based evidence was collected by Bob in the above scenario?
Which of the following environmental controls options saves the hardware from humidity and heat, increases hardware performance, and maintains consistent room temperature?
Kane, an investigation specialist, was appointed to investigate an incident in an organization’s network. In this process, Kane executed a command and identified that a network interface is running in the promiscuous mode and is allowing all incoming packets without any restriction.
In the above scenario, which of the following commands did Kane use to check whether the network interface is set to the promiscuous mode?
Bob, a forensic investigator, is investigating a live Windows system found at a crime scene. In this process, Bob extracted subkeys containing information such as SAM. Security, and software using an automated tool called FTK Imager.
Which of the following Windows Registry hives' subkeys provide the above information to Bob?
Below are the various steps involved in establishing a network connection using the shared key authentication process.
l.The AP sends a challenge text to the station.
2.The station connects to the network.
3.The station encrypts the challenge text using its configured 128-bit key and sends the encrypted text to the AP.
4.The station sends an authentication frame to the AP.
5.The AP uses its configured WEP key to decrypt the encrypted text and compares it with the original challenge text.
What is the correct sequence of steps involved in establishing a network connection using the shared key authentication process?
Jennifer, a forensics investigation team member, was inspecting a compromised system. After gathering all the evidence related to the compromised system, she disconnected the system from the network to stop the spread of the incident to other systems.
Identify the role played by Jennifer in the forensics investigation.
Which of the following MAC forensic data components saves file information and related events using a token with a binary structure?
Steve, a professional pen tester, was hired by an organization to assess its cybersecurity. The organization provided Steve with details such as network topology documents, asset inventory, and valuation information. This information helped Steve complete the penetration test successfully, and he provided a snapshot of the organization's current security posture.
Identify the penetration testing strategy followed by Steve in the above scenario.
Harry, a security professional, was hired to identify the details of an attack that was initiated on a Windows system. In this process, Harry decided to check the logs of currently running applications and the information related to previously uninstalled or removed applications for suspicious events.
Which of the following folders in a Windows system stores information on applications run on the system?
An organization decided to strengthen the security of its network by studying and analyzing the behavior of attackers. For this purpose. Steven, a security analyst, was instructed to deploy a device to bait attackers. Steven selected a solution that appears to contain very useful information to lure attackers and find their locationsand techniques.
Identify the type of device deployed by Steven in the above scenario.
Sarah was accessing confidential office files from a remote location via her personal computer connected to the public Internet. Accidentally, a malicious file was downloaded onto Sarah’s computer without her knowledge. This download might be due to the free Internet access and the absence of network defense solutions.
Identify the Internet access policy demonstrated in the above scenario.
Which of the following cloud computing threats arises from authentication vulnerabilities, user-provisioning and de-provisioning vulnerabilities, hypervisor vulnerabilities, unclear roles and responsibilities, and misconfigurations?
Kevin logged into a banking application with his registered credentials and tried to transfer some amount from his account to Flora's account. Before transferring the amount to Flora’s account, the application sent an OTP to Kevin's mobile for confirmation.
Which of the following authentication mechanisms is employed by the banking application in the above scenario?
John, a forensic officer, was working on a criminal case. He employed imaging software to create a copy of data from the suspect device on a storage medium for further investigation. For developing an image of the original data, John used a software application that does not allow an unauthorized user to alter the image content on storage media, thereby retaining an unaltered image copy.
Identify the data acquisition step performed by John in the above scenario.
Michael, a forensic expert, was assigned to investigate an incident that involved unauthorized intrusion attempts. In this process, Michael identified all the open ports on a system and disabled them because these open ports can allow attackers to install malicious services and compromise the security of the system or network.
Which of the following commands assisted Michael in identifying open ports in the above scenario?
Jessica, a user, wanted to access the Internet from her laptop and therefore sends a connection request to the access point. To identify the wireless client, the access point forwarded that request to a RADIUS server. The RADIUS server transmitted authentication keys to both the access point and Jessica's laptop. This key helps the access point identify a particular wireless client.
Identify the authentication method demonstrated in the above scenario.
Which of the following standards and criteria version of SWCDE mandates that any action with the potential to alter, damage, or destroy any aspect of original evidence must be performed by qualified persons in a forensically sound manner?
Clark, a security professional, was instructed to monitor and continue the backup functions without interrupting the system or application services. In this process, Clark implemented a backup mechanism that dynamically backups the data even If the system or application resources are being used.
Which of the following types of backup mechanisms has Clark implemented in the above scenario?
James is a professional hacker attempting to gain access to an industrial system through a remote control device. In this process, he used a specially designed radio transceiver device to sniff radio commands and inject arbitrary code into the firmware of the remote controllers to maintain persistence.
Which of the following attacks is performed by James in the above scenario?
Below are the various steps involved in forensic readiness planning.
l.Keep an incident response team ready to review the incident and preserve the evidence.
2.Create a process for documenting the procedure.
3.ldentify the potential evidence required for an incident.
4.Determine the sources of evidence.
5.Establish a legal advisory board to guide the investigation process.
6.ldentify if the incident requires full or formal investigation.
7.Establish a policy for securely handling and storing the collected evidence.
8.Define a policy that determines the pathway to legally extract electronic evidence with minimal disruption. Identify the correct sequence of steps involved in forensic readiness planning.
Williams, a forensic specialist, was tasked with performing a static malware analysis on a suspect system in an organization. For this purpose, Williams used an automated tool to perform a string search and saved all the identified strings in a text file. After analyzing the strings, he determined all the harmful actions that were performed by malware.
Identify the tool employed by Williams in the above scenario.
Alice was working on her major project: she saved all her confidential files and locked her laptop. Bob wanted to access Alice’s laptop for his personal use but was unable to access the laptop due to biometric authentication.
Which of the following network defense approaches was employed by Alice on her laptop?
