Eccouncil ECSS Exam Questions Instant Access

Question 1

John, a forensic officer, was working on a criminal case. He employed imaging software to create a copy of data from the suspect device on a storage medium for further investigation. For developing an image of the original data, John used a software application that does not allow an unauthorized user to alter the image content on storage media, thereby retaining an unaltered image copy.

Identify the data acquisition step performed by John in the above scenario.

AValidated data acquisition

BPlanned for contingency

CSanitized the target media

DEnabled write protection on the evidence media

Answer : D

In digital forensics, write protection is a crucial step during data acquisition to ensure that the data being imaged cannot be altered during the process. This is essential to maintain the integrity of the evidence. John's use of imaging software that prevents unauthorized alteration indicates that he enabled write protection, which is a standard practice to safeguard the original data on storage media.

Question 2

Identify the backup mechanism that is performed within the organization using external devices such as hard disks and requires human interaction to perform the backup operations, thus, making it suspect able to theft or natural disasters.

AOffsite data backup

BCloud data backup

COnline data backup

DOnsite data backup

Answer : D

The backup mechanism described in the scenario, which involves using external devices (such as hard disks) and requires human interaction for backup operations, is known asonsite data backup. In this approach, backups are stored within the organization's premises, making them susceptible to theft, damage, or natural disasters. It is essential to consider additional offsite or cloud-based backup solutions to enhance data resilience and security.

Question 3

Mark, a network administrator in an organization, was assigned the task of preventing data from falling into the wrong hands. In this process, Mark implemented authentication techniques and performed full memory encryption for the data stored on RAM.

In which of the following states has Steve encrypted the data in the above scenario?

AData in transit

BData in rest

CData in use

DData inactive

Answer : C

Mark implemented full memory encryption for the data stored in RAM. This means that the data is encrypted while it is actively being used by the system (e.g., during processing, execution, or manipulation). Data in use refers to the state when data resides in memory and is accessible by running processes. By encrypting data in use, Mark ensures that even if an attacker gains access to the system's memory, they won't be able to read sensitive information directly.

EC-Council Certified Encryption Specialist (E|CES) documents and study guide1.

EC-Council Certified Encryption Specialist (E|CES) course materials2.

Question 4

Which of the following cloud computing threats arises from authentication vulnerabilities, user-provisioning and de-provisioning vulnerabilities, hypervisor vulnerabilities, unclear roles and responsibilities, and misconfigurations?

ASupply-chain failure

BIsolation failure

CSubpoena and e discovery

DPrivilege escalation

Answer : D

The cloud computing threat described in the question arises from various vulnerabilities and misconfigurations related to authentication, user provisioning, hypervisors, and roles.Privilege escalationoccurs when an attacker gains more privileges than initially acquired. In this context, it refers to unauthorized elevation of access rights within a cloud environment.The mentioned vulnerabilities contribute to this risk, allowing an attacker to escalate their privileges beyond what is intended.Reference: EC-Council Certified Security Specialist (E|CSS) documents and study guide12.

Question 5

Robert, a security specialist, was appointed to strengthen the security of the organization's network. To prevent multiple login attempts from unknown sources, Robert implemented a security strategy of issuing alerts or warning messages when multiple failed login attempts are made.

Which of the following security risks is addressed by Robert to make attempted break-ins unsuccessful?

AIndefinite session timeout

BAbsence of account lockout for invalid session IDs

CSmall session-ID generation

DWeak session-ID generation

Answer : B

Robert's strategy of issuing alerts or warning messages when multiple failed login attempts occur is aimed at addressing the risk ofabsence of account lockout for invalid session IDs.By locking out accounts temporarily after a certain number of failed login attempts, Robert prevents attackers from repeatedly guessing passwords or trying different session IDs to gain unauthorized access.Reference: EC-Council Certified Security Specialist (E|CSS) documents and study guide12.

Question 6

Daniel, a professional hacker, targeted Alice and lured her into downloading a malicious app from a third-party app store. Upon installation, the core malicious code inside the application started infecting other legitimate apps in Alice's mobile device. Daniel overloaded Alice's device with irrelevant and fraudulent advertisements through the infected app for financial gain.

Identify the type of attack Daniel has launched in the above scenario.

AAgent Smith attack

BBluebugging attack

CSMiShing attack

DSIM card attack

Answer : A

The scenario closely resembles the behavior of the Agent Smith malware campaign:

Agent Smith Modus Operandi:

Initial Compromise:Users are tricked into downloading seemingly benign apps from unofficial app stores, which contain the malicious payload.

Lateral Spread:Agent Smith infects other legitimate apps on the device, replacing their functionality.

Ad Fraud:The infected apps are used to display excessive, intrusive ads, generating revenue for the attacker.

Scenario Match:

Alice downloads from a third-party store, a common Agent Smith vector.

The malware spreads to other apps, a key feature of Agent Smith.

Ad-based profit motivates the attack, again aligning with Agent Smith.

Question 7

Jennifer, a forensics investigation team member, was inspecting a compromised system. After gathering all the evidence related to the compromised system, she disconnected the system from the network to stop the spread of the incident to other systems.

Identify the role played by Jennifer in the forensics investigation.

AEvidence manager

BExpert witness

CIncident responder

DIncident analyzer

Answer : C

Jennifer's role as an incident responder involves handling and mitigating security incidents. In this scenario, she inspected the compromised system, gathered evidence, and disconnected it from the network to prevent further spread. Incident responders take immediate action to contain and manage security incidents.

Eccouncil EC-Council Certified Security Specialist (ECSSv10) ECSS Exam Questions