Winter Sale- Special Discount Limited Time 65% Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

ECCouncil ECSS EC-Council Certified Security Specialist Exam Practice Test

Page: 1 / 34
Total 337 questions

EC-Council Certified Security Specialist Questions and Answers

Question 1

Which of the following functions does the RSA Digital Signature combine with public key algorithm to create a more secure signature?

Options:

A.

%

B.

$

C.

#

D.

*

Question 2

You work as a Network Security Analyzer. You got a suspicious email while working on a forensic project. Now, you want to know the IP address of the sender so that you can analyze various information such as the actual location, domain information, operating system being used, contact information, etc. of the email sender with the help of various tools and resources. You also want to check whether this email is fake or real. You know that analysis of email headers is a good starting point in such cases. The email header of the suspicious email is given below:

What is the IP address of the sender of this email?

Options:

A.

209.191.91.180

B.

141.1.1.1

C.

172.16.10.90

D.

216.168.54.25

Question 3

Which of the following techniques is used to log network traffic?

Options:

A.

IP address spoofing

B.

Tunneling

C.

Sniffing

D.

Cracking

Question 4

RRD Job World wants to upgrade its network. The company decides to implement a TCP/IP-based network. According to the case study, RRD Job World is concerned about security. Which of the following methods should the on-site employees use to communicate securely with the headquarters?

(Click the Exhibit button on the toolbar to see the case study.)

Options:

A.

L2TP over IPSec

B.

Windows NT Challenge/Response (NTLM) authentication

C.

DNS security and group policies

D.

Basic (Clear Text) authentication using SSL

Question 5

Which of the following programs is used to identify unknown open ports on a computer system?

Options:

A.

TCPView

B.

Keylogger

C.

Fport

D.

Ethereal

Question 6

Which of the following law does not protect intellectual property?

Options:

A.

Murphy's law

B.

Trademark

C.

Patent law

D.

Copyright

Question 7

Which of the following commands is used in Mac OS X to exit Open Firmware and to continue the booting process?

Options:

A.

mac-load

B.

boot

C.

load

D.

mac-boot

Question 8

Which of the following standards defines wireless access for local area networking?

Options:

A.

IEEE 802.11

B.

IEEE 802.9

C.

IEEE 802.10

D.

IEEE 802.8

Question 9

Which of the following is an example of a low-interaction production honeypot that is developed and sold by the Swiss company Netsec?

Options:

A.

ManTrap

B.

Specter

C.

KFSensor

D.

Honeyd

Question 10

What is the size of Master Boot Record (MBR)?

Options:

A.

512 bytes

B.

256 bytes

C.

1 KB

D.

2 KB

Question 11

You have made a program secure.c to display which ports are open and what types of services are running on these ports. You want to write the program's output to standard output and simultaneously copy it into a specified file. Which of the following commands will you use to accomplish the task?

Options:

A.

less

B.

tee

C.

cat

D.

more

Question 12

Which of the following statements are true about routers?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Routers are responsible for making decisions about which of several paths network (or Internet) traffic will follow.

B.

Routers organize addresses into classes, which are used to determine how to move packets from one network to another.

C.

Routers do not limit physical broadcast traffic.

D.

Routers act as protocol translators and bind dissimilar networks.

Question 13

Which of the following laws was formed by the legislative branch of the United States government?

Options:

A.

Business law

B.

Statutory law

C.

Study law

D.

Administrative law

Question 14

Which of the following is an example of a worm used in the Linux operating system?

Options:

A.

Ramen

B.

Sircam

C.

Love Bug

D.

Melissa

Question 15

Which of the following protocols is used the most by web servers?

Options:

A.

COM

B.

FTP

C.

HTTP

D.

ORG

Question 16

Andrew, a bachelor student of Faulkner University, creates a gmail account. He uses 'Faulkner' as the password for the gmail account. After a few days, he starts receiving a lot of e-mails stating that his gmail account has been hacked. He also finds that some of his important mails have been deleted by someone. Which of the following methods has the attacker used to crack Andrew's password?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Brute force attack

B.

Dictionary-based attack

C.

Rainbow attack

D.

Zero-day attack

E.

Password guessing

F.

Social engineering

G.

Denial-of-service (DoS) attack

Question 17

Which of the following is the name given to expert groups that handle computer security incidents?

Options:

A.

Computer forensic team

B.

Z-Force

C.

Software development team

D.

CSIRT

Question 18

Which of the following statements are correct about spoofing and session hijacking?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Spoofing is an attack in which an attacker can spoof the IP address or other identity of the targetand the valid user cannot be active.

B.

Session hijacking is an attack in which an attacker takes over the session, and the valid user'ssession is disconnected.

C.

Session hijacking is an attack in which an attacker takes over the session, and the valid user'ssession is not disconnected.

D.

Spoofing is an attack in which an attacker can spoof the IP address or other identity of the targetbut the valid user can be active.

Question 19

John works as a Security Administrator for NetPerfect Inc. The company uses Windows-based

systems. A project has been assigned to John to track malicious hackers and to strengthen the company's security system. John configures a computer system to trick malicious hackers into thinking that it is the company's main server, which in fact is a decoy system to track hackers.

Which system is John using to track the malicious hackers?

Options:

A.

Honeypot

B.

Intrusion Detection System (IDS)

C.

Bastion host

D.

Honeytokens

Question 20

Which of the following is used to authenticate asymmetric keys?

Options:

A.

Digital signature

B.

MAC Address

C.

Password

D.

Demilitarized zone (DMZ)

Question 21

Which of the following statements are TRUE about Demilitarized zone (DMZ)?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

The purpose of a DMZ is to add an additional layer of security to the Local Area Network of an organization.

B.

In a DMZ configuration, most computers on the LAN run behind a firewall connected to a public network like the Internet.

C.

Hosts in the DMZ have full connectivity to specific hosts in the internal network.

D.

Demilitarized zone is a physical or logical sub-network that contains and exposes external services of an organization to a larger un-trusted network.

Question 22

Which of the following is a name, symbol, or slogan with which a product is identified?

Options:

A.

Copyright

B.

Trademark

C.

Trade secret

D.

Patent

Question 23

Peter works as a System Administrator for TechSoft Inc. The company uses Linux-based systems.

Peter's manager suspects that someone is trying to log in to his computer in his absence. Which of the following commands will Peter run to show the last unsuccessful login attempts, as well as the users who have last logged in to the manager's system?

Each correct answer represents a complete solution. Choose two.

Options:

A.

rwho -a

B.

lastb

C.

last

D.

pwd

Question 24

According to the Internet Crime Report 2009, which of the following complaint categories is on the top?

Options:

A.

Identity theft

B.

Advanced fee fraud

C.

Non-delivered merchandise/payment

D.

FBI scams

Question 25

Andrew works as a System Administrator for NetPerfect Inc. All client computers on the network run on Mac OS X. The Sales Manager of the company complains that his MacBook is not able to boot. Andrew wants to check the booting process. He suspects that an error persists in the bootloader of Mac OS X. Which of the following is the default bootloader on Mac OS X that he should use to resolve the issue?

Options:

A.

LILO

B.

GRUB

C.

NT Loader

D.

BootX

Question 26

Which of the following programs is used for bypassing normal authentication for securing remote access to a computer?

Options:

A.

Worm

B.

Adware

C.

Backdoor

D.

Spyware

Question 27

You are responsible for security at a company that uses a lot of Web applications. You are most concerned about flaws in those applications allowing some attacker to get into your network. What method would be best for finding such flaws?

Options:

A.

Vulnerability scanning

B.

Manual penetration testing

C.

Automated penetration testing

D.

Code review

Question 28

Which of the following Incident handling process phases is responsible for defining rules, collaborating human workforce, creating a back-up plan, and testing the plans for an enterprise?

Options:

A.

Eradication phase

B.

Preparation phase

C.

Recovery phase

D.

Identification phase

E.

Containment phase

Question 29

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. John notices that the We-are-secure network is vulnerable to a man-in-the-middle attack since the key exchange process of the cryptographic algorithm it is using does not authenticate participants. Which of the following cryptographic algorithms is being used by the We-are-secure server?

Options:

A.

RSA

B.

Twofish

C.

Blowfish

D.

Diffie-Hellman

Question 30

Jason, a Malicious Hacker, is a student of Baker university. He wants to perform remote hacking on the server of DataSoft Inc. to hone his hacking skills. The company has a Windows-based network. Jason successfully enters the target system remotely by using the advantage of vulnerability. He places a Trojan to maintain future access and then disconnects the remote session.

The employees of the company complain to Mark, who works as a Professional Ethical Hacker for DataSoft Inc., that some computers are very slow. Mark diagnoses the network and finds that some irrelevant log files and signs of Trojans are present on the computers. He suspects that a malicious hacker has accessed the network. Mark takes the help from Forensic Investigators and catches Jason. Which of the following mistakes made by Jason helped the Forensic Investigators catch him?

Options:

A.

Jason did not perform a vulnerability assessment.

B.

Jason did not perform port scanning.

C.

Jason did not perform foot printing.

D.

Jason did not perform OS fingerprinting.

E.

Jason did not perform covering tracks.

Question 31

A digital signature is a type of public key cryptography. Which of the following statements are true about digital signatures?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

In order to digitally sign an electronic record, a person must use his/her public key.

B.

In order to verify a digital signature, the signer's private key must be used.

C.

In order to verify a digital signature, the signer's public key must be used.

D.

In order to digitally sign an electronic record, a person must use his/her private key.

Question 32

Which of the following types of firewall functions by creating two different communications, one between the client and the firewall, and the other between the firewall and the end server?

Options:

A.

Stateful firewall

B.

Packet filter firewall

C.

Proxy-based firewall

D.

Endian firewall

Question 33

In a complex network, Router transfers data packets by observing some form of parameters or metrics provided in the routing table. Which of the following metrics is NOT included in the routing table?

Options:

A.

Bandwidth

B.

Delay

C.

Load

D.

Frequency

Question 34

Who among the following are security experts who specialize in penetration testing and other testing methodologies to ensure that their company's information systems are secure?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Black hat hackers

B.

White hat hackers

C.

Script Kiddies

D.

Ethical hackers

Question 35

Which of the following Trojans is used by attackers to modify the Web browser settings?

Options:

A.

WMA/TrojanDownloader.GetCodec

B.

Win32/FlyStudio

C.

Trojan.Lodear

D.

Win32/Pacex.Gen

Question 36

Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system?

Options:

A.

Volatile data, file slack, registry, memory dumps, file system, system state backup, interne t traces

B.

Volatile data, file slack, registry, system state backup, internet traces, file system, memory dumps

C.

Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file system

D.

Volatile data, file slack, file system, registry, memory dumps, system state backup, interne t traces

Question 37

You work as a Desktop Technician for Umbrella Inc. The company has a Windows-based network.

You receive an e-mail from the network administrator's e-mail ID asking you to provide your password so that he can make changes to your profile. You suspect that someone is trying to hack your password after you have confirmed that the network administrator did not send any such type of e-mail. Which of the following types of attacks have been executed?

Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Buffer-overflow attack

B.

Social engineering

C.

Zero-day attack

D.

E-mail spoofing

Question 38

You work as a Network Administrator for Maverick Inc. The company has a Linux-based network.

You are working on a Linux computer. You want to see the environment variables that are set on your computer. Which of the following commands will you use?

Options:

A.

ls

B.

echo $shell

C.

rm

D.

env

Question 39

Cola Co. manufactures, markets, sells, and distributes non-alcoholic potables such as Lemcaa and Thunder Up under its brand name Cola and uses green and red logo. Mola Co., a new company, starts manufacturing, marketing, selling, and distributing non-alcoholic potables like Lumca and Cloud Up under its brand name Mola and uses green and red logo. Which of the following violations has been committed by Mola Co.?

Options:

A.

Trademark infringement

B.

Plagiarism

C.

Patent law

D.

Copyright infringement

Question 40

Which of the following is an example of a low-interaction production honeypot that is developed and sold by the Swiss company Netsec?

Options:

A.

Specter

B.

KFSensor

C.

Honeyd

D.

ManTrap

Question 41

Brutus is a password cracking tool that can be used to crack the following authentications:

·HTTP (Basic Authentication)

·HTTP (HTML Form/CGI)

·POP3 (Post Office Protocol v3)

·FTP (File Transfer Protocol)

·SMB (Server Message Block)

·Telnet

Which of the following attacks can be performed by Brutus for password cracking?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Hybrid attack

B.

Dictionary attack

C.

Brute force attack

D.

Man-in-the-middle attack

E.

Replay attack

Question 42

Which of the following user authentications are supported by the SSH-1 protocol but not by the SSH-2 protocol?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

TIS authentication

B.

Password-based authentication

C.

Kerberos authentication

D.

Rhosts (rsh-style) authentication

Question 43

Which two security components should you implement on the sales personnel portable computers to increase security?

(Click the Exhibit button on the toolbar to see the case study.)

Each correct answer represents a complete solution. Choose two.

Options:

A.

Encrypting File System (EFS)

B.

L2TP over IPSec

C.

PPTP

D.

Remote access policy

E.

Remote Authentication Dial-In User Service (RADIUS)

Question 44

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He performs Web vulnerability scanning on the We-are-secure server.

The output of the scanning test is as follows:

C.\whisker.pl -h target_IP_address

-- whisker / v1.4.0 / rain forest puppy / www.wiretrip.net -- = - = - = - = - =

= Host: target_IP_address

= Server: Apache/1.3.12 (Win32) ApacheJServ/1.1

mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22

+ 200 OK: HEAD /cgi-bin/printenv

John recognizes /cgi-bin/printenv vulnerability ('Printenv' vulnerability) in the We_are_secure server. Which of the following statements about 'Printenv' vulnerability are true?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

This vulnerability helps in a cross site scripting attack.

B.

'Printenv' vulnerability maintains a log file of user activities on the Website, which may be useful for the attacker.

C.

With the help of 'printenv' vulnerability, an attacker can input specially crafted links and/or other malicious scripts.

D.

The countermeasure to 'printenv' vulnerability is to remove the CGI script.

Question 45

Which method would provide the highest level of protection for all data transmitted on the internal network only?

(Click the Exhibit button on the toolbar to see the case study.)

Options:

A.

IPSec tunnel mode

B.

SSL

C.

PPTP

D.

IPSec transport mode

E.

SMB

Question 46

Which of the following is the correct order of digital investigations Standard Operating Procedure (SOP)?

Options:

A.

Initial analysis, request for service, data collection, data reporting, data analysis

B.

Request for service, initial analysis, data collection, data reporting, data analysis

C.

Request for service, initial analysis, data collection, data analysis, data reporting

D.

Initial analysis, request for service, data collection, data analysis, data reporting

Question 47

You enter the following URL on your Web browser:

http://www.we-are-secure.com/scripts/..%co%af../..%co%

af../windows/system32/cmd.exe?/c+dir+c:\

What kind of attack are you performing?

Options:

A.

Session hijacking

B.

Directory traversal

C.

URL obfuscating

D.

Replay

Question 48

Adam works as a Security Analyst for Umbrella Inc. He is retrieving large amount of log data from syslog servers and network devices such as Router and switches. He is facing difficulty in analyzing the logs that he has retrieved. To solve this problem, Adam decides to use software called Sawmill. Which of the following statements are true about Sawmill?

Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It is used to analyze any device or software package, which produces a log file such as Web servers, network devices (switches & routers etc.), syslog servers etc.

B.

It incorporates real-time reporting and real-time alerting.

C.

It comes only as a software package for user deployment.

D.

It is a software package for the statistical analysis and reporting of log files.

Question 49

Adam works as a Computer Hacking Forensic Investigator for a garment company in the United States. A project has been assigned to him to investigate a case of a disloyal employee who is suspected of stealing design of the garments, which belongs to the company and selling those garments of the same design under different brand name. Adam investigated that the company does not have any policy related to the copy of design of the garments. He also investigated that the trademark under which the employee is selling the garments is almost identical to the original trademark of the company. On the grounds of which of the following laws can the employee be prosecuted?

Options:

A.

Copyright law

B.

Cyber law

C.

Espionage law

D.

Trademark law

Question 50

Which of the following is a form of cheating or copying someone else's work or idea without acknowledging the source?

Options:

A.

Plagiarism

B.

Turnitin

C.

Copyright

D.

Patent

Page: 1 / 34
Total 337 questions