ECCouncil ECSS EC-Council Certified Security Specialist Exam Practice Test

Which of the following functions does the RSA Digital Signature combine with public key algorithm to create a more secure signature?

You work as a Network Security Analyzer. You got a suspicious email while working on a forensic project. Now, you want to know the IP address of the sender so that you can analyze various information such as the actual location, domain information, operating system being used, contact information, etc. of the email sender with the help of various tools and resources. You also want to check whether this email is fake or real. You know that analysis of email headers is a good starting point in such cases. The email header of the suspicious email is given below:

What is the IP address of the sender of this email?

Which of the following techniques is used to log network traffic?

RRD Job World wants to upgrade its network. The company decides to implement a TCP/IP-based network. According to the case study, RRD Job World is concerned about security. Which of the following methods should the on-site employees use to communicate securely with the headquarters?

(Click the Exhibit button on the toolbar to see the case study.)

Which of the following programs is used to identify unknown open ports on a computer system?

Which of the following law does not protect intellectual property?

Which of the following commands is used in Mac OS X to exit Open Firmware and to continue the booting process?

Which of the following standards defines wireless access for local area networking?

Which of the following is an example of a low-interaction production honeypot that is developed and sold by the Swiss company Netsec?

What is the size of Master Boot Record (MBR)?

You have made a program secure.c to display which ports are open and what types of services are running on these ports. You want to write the program's output to standard output and simultaneously copy it into a specified file. Which of the following commands will you use to accomplish the task?

Which of the following statements are true about routers?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following laws was formed by the legislative branch of the United States government?

Which of the following is an example of a worm used in the Linux operating system?

Which of the following protocols is used the most by web servers?

Andrew, a bachelor student of Faulkner University, creates a gmail account. He uses 'Faulkner' as the password for the gmail account. After a few days, he starts receiving a lot of e-mails stating that his gmail account has been hacked. He also finds that some of his important mails have been deleted by someone. Which of the following methods has the attacker used to crack Andrew's password?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following is the name given to expert groups that handle computer security incidents?

Which of the following statements are correct about spoofing and session hijacking?

Each correct answer represents a complete solution. Choose all that apply.

John works as a Security Administrator for NetPerfect Inc. The company uses Windows-based

systems. A project has been assigned to John to track malicious hackers and to strengthen the company's security system. John configures a computer system to trick malicious hackers into thinking that it is the company's main server, which in fact is a decoy system to track hackers.

Which system is John using to track the malicious hackers?

Which of the following is used to authenticate asymmetric keys?

Which of the following statements are TRUE about Demilitarized zone (DMZ)?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following is a name, symbol, or slogan with which a product is identified?

Peter works as a System Administrator for TechSoft Inc. The company uses Linux-based systems.

Peter's manager suspects that someone is trying to log in to his computer in his absence. Which of the following commands will Peter run to show the last unsuccessful login attempts, as well as the users who have last logged in to the manager's system?

Each correct answer represents a complete solution. Choose two.

According to the Internet Crime Report 2009, which of the following complaint categories is on the top?

Andrew works as a System Administrator for NetPerfect Inc. All client computers on the network run on Mac OS X. The Sales Manager of the company complains that his MacBook is not able to boot. Andrew wants to check the booting process. He suspects that an error persists in the bootloader of Mac OS X. Which of the following is the default bootloader on Mac OS X that he should use to resolve the issue?

Which of the following programs is used for bypassing normal authentication for securing remote access to a computer?

You are responsible for security at a company that uses a lot of Web applications. You are most concerned about flaws in those applications allowing some attacker to get into your network. What method would be best for finding such flaws?

Which of the following Incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an enterprise?

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. John notices that the We-are-secure network is vulnerable to a man-in-the-middle attack since the key exchange process of the cryptographic algorithm it is using does not authenticate participants. Which of the following cryptographic algorithms is being used by the We-are-secure server?

Jason, a Malicious Hacker, is a student of Baker university. He wants to perform remote hacking on the server of DataSoft Inc. to hone his hacking skills. The company has a Windows-based network. Jason successfully enters the target system remotely by using the advantage of vulnerability. He places a Trojan to maintain future access and then disconnects the remote session.

The employees of the company complain to Mark, who works as a Professional Ethical Hacker for DataSoft Inc., that some computers are very slow. Mark diagnoses the network and finds that some irrelevant log files and signs of Trojans are present on the computers. He suspects that a malicious hacker has accessed the network. Mark takes the help from Forensic Investigators and catches Jason. Which of the following mistakes made by Jason helped the Forensic Investigators catch him?

A digital signature is a type of public key cryptography. Which of the following statements are true about digital signatures?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following types of firewall functions by creating two different communications, one between the client and the firewall, and the other between the firewall and the end server?

In a complex network, Router transfers data packets by observing some form of parameters or metrics provided in the routing table. Which of the following metrics is NOT included in the routing table?

Who among the following are security experts who specialize in penetration testing and other testing methodologies to ensure that their company's information systems are secure?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following Trojans is used by attackers to modify the Web browser settings?

Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system?

You work as a Desktop Technician for Umbrella Inc. The company has a Windows-based network.

You receive an e-mail from the network administrator's e-mail ID asking you to provide your password so that he can make changes to your profile. You suspect that someone is trying to hack your password after you have confirmed that the network administrator did not send any such type of e-mail. Which of the following types of attacks have been executed?

Each correct answer represents a part of the solution. Choose all that apply.

You work as a Network Administrator for Maverick Inc. The company has a Linux-based network.

You are working on a Linux computer. You want to see the environment variables that are set on your computer. Which of the following commands will you use?

Cola Co. manufactures, markets, sells, and distributes non-alcoholic potables such as Lemcaa and Thunder Up under its brand name Cola and uses green and red logo. Mola Co., a new company, starts manufacturing, marketing, selling, and distributing non-alcoholic potables like Lumca and Cloud Up under its brand name Mola and uses green and red logo. Which of the following violations has been committed by Mola Co.?

Which of the following is an example of a low-interaction production honeypot that is developed and sold by the Swiss company Netsec?

Brutus is a password cracking tool that can be used to crack the following authentications:

·HTTP (Basic Authentication)

·HTTP (HTML Form/CGI)

·POP3 (Post Office Protocol v3)

·FTP (File Transfer Protocol)

·SMB (Server Message Block)

·Telnet

Which of the following attacks can be performed by Brutus for password cracking?

Each correct answer represents a complete solution. Choose all that apply.

Which of the following user authentications are supported by the SSH-1 protocol but not by the SSH-2 protocol?

Each correct answer represents a complete solution. Choose all that apply.

Which two security components should you implement on the sales personnel portable computers to increase security?

(Click the Exhibit button on the toolbar to see the case study.)

Each correct answer represents a complete solution. Choose two.

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He performs Web vulnerability scanning on the We-are-secure server.

The output of the scanning test is as follows:

C.\whisker.pl -h target_IP_address

-- whisker / v1.4.0 / rain forest puppy / www.wiretrip.net -- = - = - = - = - =

= Host: target_IP_address

= Server: Apache/1.3.12 (Win32) ApacheJServ/1.1

mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22

+ 200 OK: HEAD /cgi-bin/printenv

John recognizes /cgi-bin/printenv vulnerability ('Printenv' vulnerability) in the We_are_secure server. Which of the following statements about 'Printenv' vulnerability are true?

Each correct answer represents a complete solution. Choose all that apply.

Which method would provide the highest level of protection for all data transmitted on the internal network only?

(Click the Exhibit button on the toolbar to see the case study.)

Which of the following is the correct order of digital investigations Standard Operating Procedure (SOP)?

You enter the following URL on your Web browser:

http://www.we-are-secure.com/scripts/..%co%af../..%co%

af../windows/system32/cmd.exe?/c+dir+c:\

What kind of attack are you performing?

Adam works as a Security Analyst for Umbrella Inc. He is retrieving large amount of log data from syslog servers and network devices such as Router and switches. He is facing difficulty in analyzing the logs that he has retrieved. To solve this problem, Adam decides to use software called Sawmill. Which of the following statements are true about Sawmill?

Each correct answer represents a complete solution. Choose all that apply.

Adam works as a Computer Hacking Forensic Investigator for a garment company in the United States. A project has been assigned to him to investigate a case of a disloyal employee who is suspected of stealing design of the garments, which belongs to the company and selling those garments of the same design under different brand name. Adam investigated that the company does not have any policy related to the copy of design of the garments. He also investigated that the trademark under which the employee is selling the garments is almost identical to the original trademark of the company. On the grounds of which of the following laws can the employee be prosecuted?

Which of the following is a form of cheating or copying someone else's work or idea without acknowledging the source?