Summer Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

EC-Council Certified Security Specialist Question and Answers

EC-Council Certified Security Specialist

Last Update Jun 17, 2024
Total Questions : 100

We are offering FREE ECSS ECCouncil exam questions. All you do is to just go and sign up. Give your details, prepare ECSS free exam questions and then go for complete pool of EC-Council Certified Security Specialist test questions that will help you more.

ECSS pdf

ECSS PDF

$35  $99.99
ECSS Engine

ECSS Testing Engine

$42  $119.99
ECSS PDF + Engine

ECSS PDF + Testing Engine

$56  $159.99
Questions 1

Peter, a network defender, was instructed to protect the corporate network from unauthorized access. To achieve this, he employed a security solution for wireless communication that uses dragonfly key exchange for authentication, which is the strongest encryption algorithm that protects the network from dictionary and key recovery attacks.

Identify the wireless encryption technology implemented in the security solution selected by Peter in the above scenario.

Options:

A.  

WPA

B.  

WPA3

C.  

WEP

D.  

EAP

Discussion 0
Questions 2

Alana, an employee in an organization, took a short break after spending exhausting hours on a project. For relaxation, she went to a cafeteria with her laptop, where she connected to the public Internet. While browsing the web, she received a project modifications file on her mail and reverted with another file that contained the required changes.

Which of the following BYOD risks has emerged from the above scenario?

Options:

A.  

Mixing personal and private data

B.  

Endpoint security issue

C.  

Improper disposing of devices

D.  

Sharing confidential data on unsecured networks

Discussion 0
Questions 3

Mark, an attacker, aims to access an organization's internal server, but the local firewall implementation restricted him from achieving this objective. To overcome this issue, he started sending specially crafted requests to the public server, through which he gained access to the local server.

Identify the type of attack initiated by Mark in the above scenario.

Options:

A.  

Web cache poisoning attack

B.  

SSRF attack

C.  

TTP response-splitting attack

D.  

SSH brute-force attack

Discussion 0
Questions 4

Carol is a new employee at ApTech Sol Inc., and she has been allocated a laptop to fulfill his job activities. Carol tried to install certain applications on the company’s laptop but could not complete the installation as she requires administrator privileges to initiate the installation process. The administrator imposed an access policy on the company’s laptop that only users with administrator privileges have installation rights.

Identify the access control model demonstrated in the above scenario.

Options:

A.  

Mandatory access control {MAC)

B.  

Rule based access control (RB-RBAC)

C.  

Discretionary access control (DAC)

D.  

Role based access control (RBAC)

Discussion 0
Questions 5

James is a professional hacker attempting to gain access to an industrial system through a remote control device. In this process, he used a specially designed radio transceiver device to sniff radio commands and inject arbitrary code into the firmware of the remote controllers to maintain persistence.

Which of the following attacks is performed by James in the above scenario?

Options:

A.  

Malicious reprogramming attack

B.  

Re pairing with a malicious RF controller

C.  

Command injection

D.  

Abusing reprogramming attack

Discussion 0
Questions 6

Below is an extracted Apache error log entry.

"(Wed Aug 28 13:35:38.878945 2020] (core:error] (pid 12356:tid 8689896234] (client 10.0.0.8] File not found: /images/folder/pic.jpg"

Identify the element in the Apache error log entry above that represents the IP address from which the request was made.

Options:

A.  

10.0.0.8

B.  

8689896234

C.  

13:35:38.878945

D.  

12356

Discussion 0
Questions 7

Below is the syntax of a command-line utility that displays active TCP connections and ports on which the computer is listening.

netstat [ a] [e] [-nJ [-o] [ p Protocol] [-r] [-s] [interval]

Identify the netstat parameter that displays active TCP connections and includes the process ID (PID) for each connection.

Options:

A.  

l-S]

B.  

[-O]

C.  

[-n]

D.  

[-r]

Discussion 0
Questions 8

Alice was working on her major project: she saved all her confidential files and locked her laptop. Bob wanted to access Alice’s laptop for his personal use but was unable to access the laptop due to biometric authentication.

Which of the following network defense approaches was employed by Alice on her laptop?

Options:

A.  

Reactive approach

B.  

Proactive approach

C.  

Preventive approach

D.  

Retrospective approach

Discussion 0
Questions 9

Which of the following MAC forensic data components saves file information and related events using a token with a binary structure?

Options:

A.  

Kexts

B.  

User account

C.  

Command-line inputs

D.  

Basic Security Module

Discussion 0
Questions 10

Bob has secretly installed smart CCTV devices (loT devices) outside his home and wants to access the recorded data from a remote location. These smart CCTV devices send sensed data to an intermediate device that carries out pre-processing of data online before transmitting it to the cloudfor storage and analysis. The analyzed data is then sent to Bob for initiating actions.

Identify the component of loT architecture that collects data from loT devices and performs data preprocessing.

Options:

A.  

Data lakes

B.  

Streaming data processor

C.  

Gateway

D.  

A Machine learning

Discussion 0
Questions 11

Mark, a network administrator in an organization, was assigned the task of preventing data from falling into the wrong hands. In this process, Mark implemented authentication techniques and performed full memory encryption for the data stored on RAM.

In which of the following states has Steve encrypted the data in the above scenario?

Options:

A.  

Data in transit

B.  

Data in rest

C.  

Data in use

D.  

Data inactive

Discussion 0
Questions 12

Kevin, an attacker, is attempting to compromise a cloud server. In this process, Kevin intercepted the SOAP messages transmitted between a user and the server, manipulated the body of the message, and then redirected it to the server as a legitimate user to gain access and run malicious code on the cloud server.

Identify the attack initiated by Kevin on the target cloud server.

Options:

A.  

Side-channel attack

B.  

Wrapping attack

C.  

Cross guest VM breaches

D.  

DNS spoofing

Discussion 0
Questions 13

Kalley, a network administrator of an organization, has installed a traffic monitoring system to capture and report suspicious traffic signatures. In this process, she detects traffic containing password cracking, sniffing, and brute-forcing attempts.

Which of the following categories of suspicious traffic signature were identified by Kalley through the installed monitoring system?

Options:

A.  

Reconnaissance signatures

B.  

Informational signatures

C.  

Unauthorized access signatures

D.  

Denial of service (DoS) signatures

Discussion 0
Questions 14

Bob, a security professional, was recruited by an organization to ensure that application services are being delivered as expected without any delay. To achieve this. Bob decided to maintain different backup servers for the same resources so that if one backup system fails, another will serve the purpose.

Identify the IA principle employed by Bob in the above scenario.

Options:

A.  

Integrity

B.  

Confidentiality

C.  

Authentication

D.  

Availability

Discussion 0
Questions 15

James is a professional hacker who managed to penetrate the target company’s network and tamper with software by adding a malicious script in the production that holds persistence on the network.

Which of the following phases of hacking is James currently in?

Options:

A.  

Clearing tracks

B.  

Maintaining access

C.  

Gaining access

D.  

Scanning

Discussion 0
Questions 16

Kevin logged into a banking application with his registered credentials and tried to transfer some amount from his account to Flora's account. Before transferring the amount to Flora’s account, the application sent an OTP to Kevin's mobile for confirmation.

Which of the following authentication mechanisms is employed by the banking application in the above scenario?

Options:

A.  

Single sign on (SSO) authentication

B.  

Smart card authentication

C.  

Biometric authentication

D.  

Two factor authentication

Discussion 0
Questions 17

Roxanne is a professional hacker hired by an agency to disrupt the business services of their rival company. Roxanne employed a special type of malware that consumes a server's memory and network bandwidth when triggered. Consequently, the target server is overloaded and stops responding.

Identify the type of malware Roxanne has used in the above scenario.

Options:

A.  

Rootkit

B.  

Armored virus

C.  

worm

D.  

Spyware

Discussion 0
Questions 18

Messy, a network defender, was hired to secure an organization's internal network. He deployed an IDS in which the detection process depends on observing and comparing the observed events with the normal behavior and then detecting any deviation from it.

Identify the type of IDS employed by Messy in the above scenario.

Options:

A.  

Stateful protocol analysis

B.  

Anomaly-based

C.  

Signature-based

D.  

Application proxy

Discussion 0
Questions 19

Melissa, an ex-employee of an organization, was fired because of misuse of resources and security violations. She sought revenge against the company and targeted its network, as she is already aware of its network topology.

Which of the following categories of insiders does Melissa belong to?

Options:

A.  

Malicious insider

B.  

Professional insider

C.  

Compromised insider

D.  

Negligent insider

Discussion 0
Questions 20

Bruce, a professional hacker, targeted an OT network. He initiated a looping strategy to recover the password of the target system. He started sending one character at a time to check whether the first character entered is correct: If so, he continued the loop for consecutive characters. Using thistechnique. Bruce identified how much time the device takes to finish one complete password authentication process, through which he determined the correct characters in the target password.

Identify the type of attack launched by Bruce on the target OT network.

Options:

A.  

Code injection attack

B.  

Buller overflow attack

C.  

Reconnaissance attack

D.  

Side-channel attack

Discussion 0
Questions 21

Finch, a security professional, was instructed to strengthen the security at the entrance. At the doorway, he implemented a security mechanism that allows employees to register their retina scan and a unique six-digit code, using which they can enter the office at any time.

Which of the following combinations of authentication mechanisms is implemented in the above scenario?

Options:

A.  

Password and two-factor authentication

B.  

Two-factor and smart card authentication

C.  

Biometric and password authentication

D.  

Smart card and password authentication

Discussion 0
Questions 22

Sam is working as a loan agent for a financial institution. He frequently receives a number of emails from clients providing their personal details for loan approval. As these emails contain sensitive data. Sam had set up a feature that directly downloads the emails on his device without storing a copy on the mail server.

Which of the following protocols provides the above-discussed email features?

Options:

A.  

SHA-1

B.  

ICMP

C.  

SNMP

D.  

POP3

Discussion 0
Questions 23

Sandra, a hacker, targeted Johana, a software professional, to steal her banking details. She started sending frequent, random pop-up messages with malicious links to her social media page. Johana accidentally clicked on a link, causing a malicious program to get installed in her system. Subsequently, when Johana attempted to access her banking website, the URL directed her to a malicious website controlled by Sandra. Johana entered her banking credentials on the fake website, which Sandra then captured.

Identify the type of attack performed by Sandra on Johana.

Options:

A.  

Shoulder surfing

B.  

Pharming

C.  

Tailgating

D.  

Dumpster diving

Discussion 0
Questions 24

Kevin, a security team member, was instructed to share a policy document with the employees. As it was supposed to be shared within the network, he used a simple algorithm to encrypt the document that just rearranges the same characters to produce the ciphertext.

Identify the type of cipher employed by Kevin in the above scenario.

Options:

A.  

Transposition cipher

B.  

Stream cipher

C.  

Block cipher

D.  

Substitution cipher

Discussion 0
Questions 25

Jay, a network administrator, was monitoring traffic flowing through an IDS. Unexpectedly, he received an event triggered as an alarm, although there is no active attack in progress.

Identify the type of IDS alert Jay has received in the above scenario.

Options:

A.  

True negative alert

B.  

False negative alert

C.  

True positive alert

D.  

False positive alert

Discussion 0
Questions 26

Clark, a security professional, was instructed to monitor and continue the backup functions without interrupting the system or application services. In this process, Clark implemented a backup mechanism that dynamically backups the data even If the system or application resources are being used.

Which of the following types of backup mechanisms has Clark implemented in the above scenario?

Options:

A.  

Full backup

B.  

Cold backup

C.  

Hot backup

D.  

Offline backup

Discussion 0
Questions 27

Jacob, a network defender in an organization, was instructed to improve the physical security measures to prevent unauthorized intrusion attempts. In this process, Jacob implemented certain physical security controls by using warning messages and signs that notify legal consequences to discourage hackers from making intrusion attempts.

Which of the following type of physical security controls has Jacob implemented in the above scenario?

Options:

A.  

Detective control

B.  

Preventive controls

C.  

Deterrent controls

D.  

Recovery controls

Discussion 0
Questions 28

Williams, a forensic specialist, was tasked with performing a static malware analysis on a suspect system in an organization. For this purpose, Williams used an automated tool to perform a string search and saved all the identified strings in a text file. After analyzing the strings, he determined all the harmful actions that were performed by malware.

Identify the tool employed by Williams in the above scenario.

Options:

A.  

ResourcesExlract

B.  

Snagit

C.  

Ezvid

D.  

R-Drive Image

Discussion 0
Questions 29

Steve, a professional pen tester, was hired by an organization to assess its cybersecurity. The organization provided Steve with details such as network topology documents, asset inventory, and valuation information. This information helped Steve complete the penetration test successfully, and he provided a snapshot of the organization's current security posture.

Identify the penetration testing strategy followed by Steve in the above scenario.

Options:

A.  

White-box testing

B.  

Goal oriented penetration testing

C.  

Black box testing

D.  

Grey box testing

Discussion 0
Questions 30

Which of the following standards and criteria version of SWCDE mandates that any action with the potential to alter, damage, or destroy any aspect of original evidence must be performed by qualified persons in a forensically sound manner?

Options:

A.  

Standards and Criteria 11

B.  

Standards and Criteria 13

C.  

Standards and Criteria 17

D.  

Standards and Criteria 15

Discussion 0