Valentine Day Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

ECCouncil ECSS EC-Council Certified Security Specialist Exam Practice Test

Page: 1 / 34
Total 337 questions

EC-Council Certified Security Specialist Questions and Answers

Question 1

Brutus is a password cracking tool that can be used to crack the following authentications:

·HTTP (Basic Authentication)

·HTTP (HTML Form/CGI)

·POP3 (Post Office Protocol v3)

·FTP (File Transfer Protocol)

·SMB (Server Message Block)

·Telnet

Which of the following attacks can be performed by Brutus for password cracking?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Hybrid attack

B.

Dictionary attack

C.

Brute force attack

D.

Man-in-the-middle attack

E.

Replay attack

Question 2

Mark works as a Network Administrator for Infonet Inc. The company has a Windows 2000 Active Directory domain-based network. The domain contains one hundred Windows XP Professional client computers. Mark is deploying an 802.11 wireless LAN on the network. The wireless LAN will use Wired Equivalent Privacy (WEP) for all the connections. According to the company's security policy, the client computers must be able to automatically connect to the wireless LAN. However, the unauthorized computers must not be allowed to connect to the wireless LAN and view the wireless network. Mark wants to configure all the wireless access points and client computers to act in accordance with the company's security policy. What will he do to accomplish this?

Each correct answer represents a part of the solution. Choose three.

Options:

A.

Configure the authentication type for the wireless LAN to Open system.

B.

Disable SSID Broadcast and enable MAC address filtering on all wireless access points.

C.

On each client computer, add the SSID for the wireless LAN as the preferred network.

D.

Install a firewall software on each wireless access point.

E.

Broadcast SSID to connect to the access point (AP).

F.

Configure the authentication type for the wireless LAN to Shared Key.

Question 3

An attacker wants to launch an attack on a wired Ethernet. He wants to accomplish the following tasks:

· Sniff data frames on a local area network.

· Modify the network traffic.

· Stop the network traffic frequently.

Which of the following techniques will the attacker use to accomplish the task?

Options:

A.

ARP spoofing

B.

IP spoofing

C.

Eavesdropping

D.

Session hijacking

Question 4

Which of the following types of authentication messages are supported by the TACACS+ protocol by default?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Telnet

B.

Kerberos

C.

Username/password

D.

ARP

E.

PAP

F.

CHAP

G.

SLIP

Question 5

You work as a Desktop Technician for Umbrella Inc. The company has a Windows-based network.

You receive an e-mail from the network administrator's e-mail ID asking you to provide your password so that he can make changes to your profile. You suspect that someone is trying to hack your password after you have confirmed that the network administrator did not send any such type of e-mail. Which of the following types of attacks have been executed?

Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Buffer-overflow attack

B.

Social engineering

C.

Zero-day attack

D.

E-mail spoofing

Question 6

Which of the following statutes is enacted in the U.S., which prohibits creditors from collecting data from applicants, such as national origin, caste, religion etc?

Options:

A.

The Equal Credit Opportunity Act (ECOA)

B.

The Fair Credit Reporting Act (FCRA)

C.

The Privacy Act

D.

The Electronic Communications Privacy Act

Question 7

Andrew works as a Forensic Investigator for PassGuide Inc. The company has a Windows-based environment. The company's employees use Microsoft Outlook Express as their e-mail client program. E-mails of some employees have been deleted due to a virus attack on the network. Andrew is therefore assigned the task to recover the deleted mails. Which of the following tools can Andrew use to accomplish the task?

Each correct answer represents a complete solution. Choose two.

Options:

A.

EventCombMT

B.

eMailTrackerPro

C.

FINALeMAIL

D.

R-mail

Question 8

Which method would provide the highest level of protection for all data transmitted on the internal network only?

(Click the Exhibit button on the toolbar to see the case study.)

Options:

A.

IPSec tunnel mode

B.

SSL

C.

PPTP

D.

IPSec transport mode

E.

SMB

Question 9

Which of the following Trojans is used by attackers to modify the Web browser settings?

Options:

A.

WMA/TrojanDownloader.GetCodec

B.

Win32/FlyStudio

C.

Trojan.Lodear

D.

Win32/Pacex.Gen

Question 10

You work as a professional Ethical Hacker. You are assigned a project to perform blackbox testing of the security of www.we-are-secure.com. Now you want to perform banner grabbing to retrieve information about the Webserver being used by we-are-secure. Which of the following tools can you use to accomplish the task?

Options:

A.

Wget

B.

WinSSLMiM

C.

Whisker

D.

httprint

Question 11

Which of the following is a network worm that exploits the RPC sub-system vulnerability present in the Microsoft Windows operating system?

Options:

A.

WMA/TrojanDownloader.GetCodec

B.

Win32/PSW.OnLineGames

C.

Win32/Agent

D.

Win32/Conflicker

Question 12

Which of the following is an example of a low-interaction production honeypot that is developed and sold by the Swiss company Netsec?

Options:

A.

Specter

B.

KFSensor

C.

Honeyd

D.

ManTrap

Question 13

On March 6, 2003, The SCO Group asserted that there are legal uncertainties regarding the use of the Linux operating system due to alleged violations of IBM's Unix licenses in the development of Linux code at IBM. What were the claims made by SCO on IBM regarding the use of the Linux operating system?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Interference with contract

B.

Breach of the GNU General Public License (GPL)

C.

Lanham Act violation

D.

Misappropriation of trade secrets

E.

Breach of IBM software agreement

Question 14

According to the case study, the departmental stores can dial in to distribution center computers to query their order status. Which protocol should they use to provide the highest level of security?

(Click the Exhibit button on the toolbar to see the case study.)

Options:

A.

EAP

B.

MS-CHAP version 2

C.

MS-CHAP

D.

Basic Authentication

E.

PAP

Question 15

You work as a Security Administrator for DataSoft Inc. The company has a Windows-based network. You have been assigned a project to strengthen the system security and also to provide a user friendly environment to the employees so that they can work efficiently. Which of the following concepts should you take into consideration to meet the goals of your project?

Options:

A.

The security, functionality, and accessibility triangle.

B.

The security, complexity, and accessibility triangle

C.

The security, complexity, and functionality triangle

D.

The security, functionality, and ease of use triangle.

Question 16

Adam, a novice Web user is getting large amount of unsolicited commercial emails on his email address. He suspects that the emails he is receiving are the Spam. Which of the following steps will he take to stop the Spam?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Forward a copy of the spam to the ISP to make the ISP conscious of the spam.

B.

Send an email to the domain administrator responsible for the initiating IP address.

C.

Close existing email account and open new email account.

D.

Report the incident to the FTC (The U.S. Federal Trade Commission) by sending a copy of the spam message.

Question 17

Adam works as a Security Analyst for Umbrella Inc. He is retrieving large amount of log data from syslog servers and network devices such as Router and switches. He is facing difficulty in analyzing the logs that he has retrieved. To solve this problem, Adam decides to use software called Sawmill. Which of the following statements are true about Sawmill?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It is used to analyze any device or software package, which produces a log file such as Web servers, network devices (switches & routers etc.), syslog servers etc.

B.

It incorporates real-time reporting and real-time alerting.

C.

It comes only as a software package for user deployment.

D.

It is a software package for the statistical analysis and reporting of log files.

Question 18

Which of the following algorithms produces a digital signature which is used to authenticate the bit-stream images?

Options:

A.

BOINIC

B.

HashClash

C.

MD5

D.

MD6

Question 19

Which of the following codes is used to crack Windows login passwords?

Options:

A.

I love you code

B.

Glide code

C.

Code red

D.

Code blue

Question 20

According to the Sophos Security Threat Report 2009, which amongst the following countries is on the top, in hosting malware on the web?

Options:

A.

United States

B.

Russia

C.

China

D.

Germany

Question 21

Which of the following techniques is used to log network traffic?

Options:

A.

IP address spoofing

B.

Tunneling

C.

Sniffing

D.

Cracking

Question 22

What level of encryption is used by syskey?

Options:

A.

128-bit

B.

256-bit

C.

64-bit

D.

32-bit

Question 23

Which of the following is NOT a Wired Equivalent Privacy authentication method?

Options:

A.

Media access authentication

B.

Shared key authentication

C.

Kerberos authentication

D.

Open system authentication

Question 24

What is the critical evaluation of the most relevant information on a given topic known as?

Options:

A.

Incident report

B.

Feasibility report

C.

Case study

D.

Investigative report

Question 25

Which of the following two cryptography methods are used by NTFS Encrypting File System (EFS) to encrypt the data stored on a disk on a file-by-file basis?

Options:

A.

Digital certificates

B.

Twofish

C.

Public key

D.

RSA

Question 26

Which of the following statements are true about firewalking?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

To use firewalking, the attacker needs the IP address of the last known gateway before thefirewall and the IP address of a host located behind the firewall.

B.

In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall.

C.

Firewalking works on the UDP packets.

D.

A malicious attacker can use firewalking to determine the types of ports/protocols that canbypass the firewall.

Question 27

RRD Job World wants to upgrade its network. The company decides to implement a TCP/IP-based network. According to the case study, RRD Job World is concerned about security. Which of the following methods should the on-site employees use to communicate securely with the headquarters?

(Click the Exhibit button on the toolbar to see the case study.)

Options:

A.

Basic (Clear Text) authentication using SSL

B.

DNS security and group policies

C.

L2TP over IPSec

D.

Windows NT Challenge/Response (NTLM) authentication

Question 28

Which of the following protocols allows a service to authenticate the identity of a user without needing to see a password?

Options:

A.

SMTP

B.

TCP/IP

C.

ICMP

D.

Kerberos

Question 29

What are the two common parts of a Remote Access Trojan (RAT)?

Options:

A.

A client component and a server component

B.

The outbound port and the inbound port

C.

The ARP cache and the CAM table

D.

The payload and the wrapper

Question 30

Which of the following statements is true about a honeyfarm?

Options:

A.

It is a computer system used to attract hackers to identify them.

B.

It is a computer system that has no security.

C.

It is a centralized collection of honeypots.

D.

It is a firewall.

Question 31

In which of the following techniques does an attacker take network traffic coming towards a host at one port and forward it from that host to another host?

Options:

A.

Firewalking

B.

Snooping

C.

Port redirection

D.

UDP port scanning

Question 32

Which of the following tools combines the functionality of the traceroute and ping programs in a single network diagnostic tool?

Options:

A.

Conky

B.

Mtr

C.

Ntop

D.

Cacti

Question 33

Which of the following laws was formed by the legislative branch of the United States government?

Options:

A.

Study law

B.

Business law

C.

Statutory law

D.

Administrative law

Question 34

Which of the following is the most important resource associated with any digital forensic investigations process?

Options:

A.

Human talent

B.

Forensic software

C.

Human experience

D.

Forensic tools

Question 35

Kerberos is a computer network authentication protocol that allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. Which of the following statements are true about the Kerberos authentication scheme?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Kerberos requires continuous availability of a central server.

B.

Kerberos builds on Asymmetric key cryptography and requires a trusted third party.

C.

Dictionary and brute force attacks on the initial TGS response to a client may reveal the subject'spasswords.

D.

Kerberos requires the clocks of the involved hosts to be synchronized.

Question 36

Who among the following are security experts who specialize in penetration testing and other testing methodologies to ensure that their company's information systems are secure?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Black hat hackers

B.

White hat hackers

C.

Script Kiddies

D.

Ethical hackers

Question 37

Which of the following attacks CANNOT be detected by an Intrusion Detection System (IDS)?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Denial-of-Service (DoS) attack

B.

E-mail spoofing

C.

Port scan attack

D.

Shoulder surfing

Question 38

Maria works as the Chief Security Officer for PassGuide Inc. She wants to send secret messages to the CEO of the company. To secure these messages, she uses a technique of hiding a secret message within an ordinary message. The technique provides 'security through obscurity'. What technique is Maria using?

Options:

A.

Steganography

B.

Public-key cryptography

C.

Encryption

D.

RSA algorithm

Question 39

Adam works as a Security Analyst for Umbrella Inc. He is retrieving large amount of log data from various resources such as Apache log files, IIS logs, streaming servers, and some FTP servers. He is facing difficulty in analyzing the logs that he has retrieved. To solve this problem, Adam decides to use AWStats application. Which of the following statements are true about AWStats?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It generates advanced Web, streaming, mail server statistics graphically.

B.

It can analyze log files server tools such as Apache log files, WebStar, IIS and other Web, proxy, and some ftp servers.

C.

It can work with all Web hosting providers, which allow Perl, CGI and log access.

D.

It works only as a CGI and shows all possible information contained in log.

Question 40

Which of the following statements best describes a certification authority?

Options:

A.

A certification authority is a type of encryption that uses a public key and a private key pair fordata encryption.

B.

A certification authority is an entity that issues digital certificates for use by other parties.

C.

A certification authority is a technique to authenticate digital documents by using computercryptography.

D.

A certification authority is a type of encryption that uses a single key to encrypt and decryp t data.

Question 41

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. John notices that the We-are-secure network is vulnerable to a man-in-the-middle attack since the key exchange process of the cryptographic algorithm it is using does not authenticate participants. Which of the following cryptographic algorithms is being used by the We-are-secure server?

Options:

A.

RSA

B.

Twofish

C.

Blowfish

D.

Diffie-Hellman

Question 42

You are responsible for security at a company that uses a lot of Web applications. You are most concerned about flaws in those applications allowing some attacker to get into your network. What method would be best for finding such flaws?

Options:

A.

Vulnerability scanning

B.

Manual penetration testing

C.

Automated penetration testing

D.

Code review

Question 43

Which of the following types of firewall functions by creating two different communications, one between the client and the firewall, and the other between the firewall and the end server?

Options:

A.

Stateful firewall

B.

Packet filter firewall

C.

Proxy-based firewall

D.

Endian firewall

Question 44

Which of the following parameters are required to be followed on receiving a suspicious mail according to the Department of Justice?

Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Call

B.

Look

C.

Identify

D.

Stop

Question 45

Which of the following OSI layers is responsible for protocol conversion, data encryption/decryption, and data compression?

Options:

A.

Transport layer

B.

Presentation layer

C.

Data-link layer

D.

Network layer

Question 46

In which of the following DoS attacks does an attacker send an ICMP packet larger than 65,536 bytes to the target system?

Options:

A.

Fraggle

B.

Jolt

C.

Teardrop

D.

Ping of death

Question 47

According to the Internet Crime Report 2009, which of the following complaint categories is on the top?

Options:

A.

Identity theft

B.

Advanced fee fraud

C.

Non-delivered merchandise/payment

D.

FBI scams

Question 48

Which of the following security policies will you implement to keep safe your data when you connect your Laptop to the office network over IEEE 802.11 WLANs?

Each correct answer represents a complete solution. Choose two.

Options:

A.

Using a protocol analyzer on your Laptop to monitor for risks.

B.

Using an IPSec enabled VPN for remote connectivity.

C.

Using portscanner like nmap in your network.

D.

Using personal firewall software on your Laptop.

Question 49

John works as a Network Security Administrator for NetPerfect Inc. The manager of the company has told John that the company's phone bill has increased drastically. John suspects that the company's phone system has been cracked by a malicious hacker. Which attack is used by malicious hackers to crack the phone system?

Options:

A.

Sequence++ attack

B.

Phreaking

C.

Man-in-the-middle attack

D.

War dialing

Question 50

You work as a Network Administrator for Infonet Inc. The company uses Wired Equivalent Privacy (WEP) for wireless security. Who among the following can authenticate from the access point of the network?

Options:

A.

Only users within the company.

B.

Only users with the correct WEP key.

C.

Only the administrator.

D.

Anyone can authenticate.

Page: 1 / 34
Total 337 questions