Eccouncil ECSS Exam Practice Test Instant Access

Question 1

Clark is an unskilled hacker attempting to perform an attack on a target organization to gain popularity. He downloaded and used freely available hacking tools and software developed by other professional hackers for this purpose.

Identify the type of threat actor described in the above scenario.

AScript kiddie

Bindustrial spy

CHacktivist

DCyber terrorist

Answer : A

Ascript kiddieis an unskilled individual who uses pre-written hacking tools and software to perform attacks without fully understanding the underlying techniques.They often seek attention or popularity by exploiting vulnerabilities using readily available tools.Reference: EC-Council Certified Security Specialist (E|CSS) documents and study guide12.

Question 2

Kalley, a network administrator of an organization, has installed a traffic monitoring system to capture and report suspicious traffic signatures. In this process, she detects traffic containing password cracking, sniffing, and brute-forcing attempts.

Which of the following categories of suspicious traffic signature were identified by Kalley through the installed monitoring system?

AReconnaissance signatures

BInformational signatures

CUnauthorized access signatures

DDenial of service (DoS) signatures

Answer : C

Kalley identifiedunauthorized access signaturesthrough the installed traffic monitoring system. These signatures correspond to activities such aspassword cracking,sniffing, andbrute-forcing attempts.Unauthorized access attempts are a critical security concern, as they may indicate potential security breaches or malicious activity.Reference: EC-Council Certified Security Specialist (E|CSS) documents and study guide12.

Question 3

Harry, a security professional, was hired to identify the details of an attack that was initiated on a Windows system. In this process, Harry decided to check the logs of currently running applications and the information related to previously uninstalled or removed applications for suspicious events.

Which of the following folders in a Windows system stores information on applications run on the system?

AC:\Windows\debug

BC:\Windows\Book

CC:\subdir

DC:\Windows\Prefelch

Answer : D

The Prefetch folder in Windows is used to store information about applications that are run on the system. This data helps in optimizing the loading times of applications. The correct path is typicallyC:\Windows\Prefetch, notC:\Windows\Prefelchas listed in the options.It's important to note that while the Prefetch folder does contain logs that can be useful for understanding application behavior, it does not store logs for currently running applications or details about previously uninstalled applications1.

Question 4

While investigating a web attack on a Windows-based server, Jessy executed the following command on her system:

C:\> net view <10.10.10.11>

What was Jessy's objective in running the above command?

AVerify the users using open sessions

BCheck file space usage to look for a sudden decrease in free space

CCheck whether sessions have been opened with other systems

DReview file shares to ensure their purpose

Answer : D

Thenet viewcommand in Windows is used to display a list of resources being shared on a computer.When used with a specific computer name or IP address, as innet view <10.10.10.11>, it displays the shared resources available on that particular computer1. Jessy's objective in running this command was likely to review the file shares on the server with the IP address 10.10.10.11 to ensure that they are correctly purposed and not maliciously altered or added as part of the web attack.

This command does not verify users using open sessions, check file space usage, or check whether sessions have been opened with other systems. Instead, it specifically lists the shared resources, which can include file shares and printer shares, providing insight into what is being shared from the server in question. This information is crucial during a forensic investigation of a web attack to understand if and how the server's shared resources were compromised or utilized by the attacker.

Question 5

Clark, a digital forensic expert, was assigned to investigate a malicious activity performed on an organization's network. The organization provided Clark with all the information related to the incident. In this process, he assessed the impact of the incident on the organization, reasons for and source of the incident, steps required to tackle the incident, investigating team required to handle the case, investigative procedures, and possible outcome of the forensic process.

Identify the type of analysis performed by Clark in the above scenario.

AData analysis

BLog analysis

CTraffic analysis

DCase analysis

Answer : D

In the given scenario, Clark performed acase analysis. This involves assessing the impact of the incident, understanding its reasons and source, determining the necessary steps to address it, assembling an investigative team, defining investigative procedures, and considering potential outcomes of the forensic process. Case analysis is crucial in digital forensics to effectively handle incidents and gather relevant evidence.

https://www.eccouncil.org/train-certify/certified-soc-analyst-csa/

Question 6

Which of the following cloud computing threats arises from authentication vulnerabilities, user-provisioning and de-provisioning vulnerabilities, hypervisor vulnerabilities, unclear roles and responsibilities, and misconfigurations?

ASupply-chain failure

BIsolation failure

CSubpoena and e discovery

DPrivilege escalation

Answer : D

The cloud computing threat described in the question arises from various vulnerabilities and misconfigurations related to authentication, user provisioning, hypervisors, and roles.Privilege escalationoccurs when an attacker gains more privileges than initially acquired. In this context, it refers to unauthorized elevation of access rights within a cloud environment.The mentioned vulnerabilities contribute to this risk, allowing an attacker to escalate their privileges beyond what is intended.Reference: EC-Council Certified Security Specialist (E|CSS) documents and study guide12.

Question 7

Finch, a security professional, was instructed to strengthen the security at the entrance. At the doorway, he implemented a security mechanism that allows employees to register their retina scan and a unique six-digit code, using which they can enter the office at any time.

Which of the following combinations of authentication mechanisms is implemented in the above scenario?

APassword and two-factor authentication

BTwo-factor and smart card authentication

CBiometric and password authentication

DSmart card and password authentication

Answer : C

In the scenario described, Finch implemented a combination ofbiometric authentication(retina scan) andpassword authentication(unique six-digit code). Biometric authentication relies on unique physical or behavioral characteristics (such as retina scans) to verify identity, while password authentication requires users to enter a secret code (the six-digit code in this case).Combining these two mechanisms enhances security by requiring both something the user knows (password) and something the user is (biometric) for access.Reference: EC-Council Certified Security Specialist (E|CSS) documents and study guide12.

Eccouncil EC-Council Certified Security Specialist (ECSSv10) ECSS Exam Practice Test