[Dec 05, 2024] Get New ECSS Practice Test Questions Answers
ECSS Dumps and Exam Test Engine
EC-COUNCIL ECSS certification exam is a challenging exam that measures the candidate's knowledge and skills in the field of computer security. ECSS exam consists of 50 multiple-choice questions that cover a wide range of topics related to computer security. Candidates who pass the exam will be awarded the EC-COUNCIL ECSS certification, which is a prestigious certification for IT professionals.
NEW QUESTION # 26
Mark, an attacker, aims to access an organization's internal server, but the local firewall implementation restricted him from achieving this objective. To overcome this issue, he started sending specially crafted requests to the public server, through which he gained access to the local server.
Identify the type of attack initiated by Mark in the above scenario.
- A. Web cache poisoning attack
- B. SSRF attack
- C. SSH brute-force attack
- D. TTP response-splitting attack
Answer: B
Explanation:
Mark's actions align with a Server-Side Request Forgery (SSRF) attack. In SSRF, an attacker manipulates the target web server into making requests to unintended locations. In this case, Mark sent specially crafted requests to the public server, which allowed him to access the internal server. SSRF vulnerabilities can lead to sensitive information disclosure, unauthorized access to internal systems, and other dangerous attacks12.
References:
* EC-Council Certified Security Specialist (E|CSS) documents and study guide.
* EC-Council Certified Security Specialist (E|CSS) course materials34.
NEW QUESTION # 27
Which of the following password cracking attacks is implemented by calculating all the possible hashes for a set of characters?
- A. SQL injection attack
- B. Dictionary attack
- C. Brute force attack
- D. Rainbow attack
Answer: D
NEW QUESTION # 28
Fill in the blank with the appropriate layer name of the OSI model.
Secure Socket Layer (SSL) operates at the________ layer of the OSI model.
- A. transport
Answer: A
NEW QUESTION # 29
Which of the following malware spread through the Internet and caused a large DoS attack in
1988?
- A. SQL slammer worm
- B. LoveLetter worm
- C. Klez worm
- D. Morris worm
Answer: D
NEW QUESTION # 30
Which of the following is an example of a worm used in the Linux operating system?
- A. Love Bug
- B. Ramen
- C. Sircam
- D. Melissa
Answer: B
NEW QUESTION # 31
Which of the following malicious codes is used by a hacker to get control over the system files of a victim?
- A. Macro virus
- B. Trojan
- C. Worm
- D. Multipartite virus
Answer: B
NEW QUESTION # 32
Kevin, an attacker, is attempting to compromise a cloud server. In this process, Kevin intercepted the SOAP messages transmitted between a user and the server, manipulated the body of the message, and then redirected it to the server as a legitimate user to gain access and run malicious code on the cloud server.
Identify the attack initiated by Kevin on the target cloud server.
- A. Wrapping attack
- B. Cross guest VM breaches
- C. DNS spoofing
- D. Side-channel attack
Answer: A
Explanation:
The attack described involves intercepting and manipulating SOAP messages, which is characteristic of a wrapping attack. In a wrapping attack, the attacker intercepts the SOAP message and alters the body content to perform unauthorized actions, such as running malicious code on the server. This type of attack exploits the XML signature or encryption of SOAP messages, allowing the attacker to impersonate a legitimate user and gain unauthorized access.
References: The information is based on common knowledge regarding SOAP vulnerabilities and attacks, as described in resources like the EC-Council's Certified Security Specialist (E|CSS) program and other cybersecurity literature. Specific details about SOAP message security and wrapping attacks can be found in the EC-Council's E|CSS study materials and official courseware.
NEW QUESTION # 33
Victor works as a network administrator for DataSecu Inc. He uses a dual firewall Demilitarized Zone (DMZ) to insulate the rest of the network from the portions that is available to the Internet.
Which of the following security threats may occur if DMZ protocol attacks are performed?
Each correct answer represents a complete solution. Choose all that apply.
- A. The attacker managing to break the first firewall defense can access the internal network without breaking the second firewall if it is different.
- B. The attacker can perform a Zero Day attack by delivering a malicious payload that is not a part of the intrusion detection/prevention systems guarding the network.
- C. The attacker can gain access to the Web server in a DMZ and exploit the database.
- D. The attacker can exploit any protocol used to go into the internal network or intranet of thecompany.
Answer: B,C,D
NEW QUESTION # 34
Which of the following practices makes web applications vulnerable to SQL injection attacks?
- A. Use the most restrictive SQL account types for applications
- B. Never build Transact SQL statements directly from user input
- C. A Accept entries that contain binary data, escape sequences, and comment characters
- D. Avoid constructing dynamic SQL with concatenated input values
Answer: D
Explanation:
SQL Injection (SQLi) is a prevalent vulnerability in web applications that occurs when an attacker can insert or manipulate SQL queries using untrusted user input. This vulnerability is exploited by constructing dynamic SQL statements that include user-provided data without proper validation or sanitization. When applications concatenate user input values directly into SQL queries, they become susceptible to SQLi, as attackers can craft input that alters the intended SQL command structure, leading to unauthorized access or manipulation of the database.
To mitigate SQL injection risks, it's crucial to avoid creating dynamic SQL queries by concatenating input values. Instead, best practices such as using prepared statements with parameterized queries, employing stored procedures, and implementing proper input validation and sanitization should be followed. These measures help ensure that user input is treated as data rather than part of the SQL code, thus preserving the integrity of the SQL statement and preventing injection attacks.
* SQL Injection (SQLi):This common web application vulnerability arises when untrusted user input is directly used to construct SQL queries. Attackers can manipulate the input to alter the structure of the query, leading to data exposure, modification, or even deletion.
* Dynamic SQL and Concatenation:Dynamically constructing SQL statements by concatenating user input is highly dangerous. Consider this example:
SQL
SELECT*FROMusersWHEREusername=userInput ;
An attacker can provide input like:' OR '1'='1'--resulting in this query:
SQL
SELECT*FROMusersWHEREusername=''OR'1'='1'-- ;
This query will always return true due to theORcondition and the comment (--) effectively bypassing authentication.
NEW QUESTION # 35
You work as a Network Security Analyzer. You got a suspicious email while working on a forensic project. Now, you want to know the IP address of the sender so that you can analyze various information such as the actual location, domain information, operating system being used, contact information, etc. of the email sender with the help of various tools and resources. You also want to check whether this email is fake or real. You know that analysis of email headers is a good starting point in such cases. The email header of the suspicious email is given below:
What is the IP address of the sender of this email?
- A. 172.16.10.90
- B. 141.1.1.1
- C. 209.191.91.180
- D. 216.168.54.25
Answer: D
NEW QUESTION # 36
Which of the following is a form of cheating or copying someone else's work or idea without acknowledging the source?
- A. Plagiarism
- B. Copyright
- C. Turnitin
- D. Patent
Answer: A
NEW QUESTION # 37
Sam, a bank employee, develops a program and uploads it to the bank's server. He deducts $1 a month from the account of every customer using the program. Probably no account holder will notice this type of illegal debit, but Sam will make a good amount of money every month. Which of the following types of cybercrime is Sam performing?
- A. Data diddling
- B. Web defacement
- C. Salami attack
- D. Web jacking
Answer: C
NEW QUESTION # 38
Which of the following attacks is used by attackers to access a company's internal network through its remote access system?
- A. Denial-of-Service (DoS) attack
- B. Trojan horse
- C. Land attack
- D. War dialer
Answer: D
NEW QUESTION # 39
Peter works as a professional Computer Hacking Forensic Investigator for eLaw-Suit law firm. He is working on a case of a cyber crime. Peter knows that the good investigative report should not only communicate the relevant facts, but also present expert opinion. This report should not include the cases in which the expert acted as a lay witness. Which of the following type of witnesses is a lay witness?
- A. One with special knowledge of the subject about which he or she is testifying.
- B. One who can give a firsthand account of something seen, heard, or experienced.
- C. One who is not qualified as an expert witness.
- D. One who observes an event.
Answer: C
NEW QUESTION # 40
In a complex network, Router transfers data packets by observing some form of parameters or metrics provided in the routing table. Which of the following metrics is NOT included in the routing table?
- A. Load
- B. Bandwidth
- C. Delay
- D. Frequency
Answer: D
NEW QUESTION # 41
Fill in the blank with the command to complete the statement below. Do not enter the full path of the command
The ___ command is used to remove the print jobs that have been queued for printing by using a secure connection.
- A. lprm -E
Answer: A
NEW QUESTION # 42
James, a forensic specialist, was appointed to investigate an incident in an organization. As part of the investigation, James is attempting to identify whether any external storage devices are connected to the internal systems. For this purpose, he employed a utility to capture the list of all devices connected to the local machine and removed suspicious devices.
Identify the tool employed by James in the above scenario.
- A. Promise Detect
- B. ProcDump
- C. ESEDatabaseView
- D. DriveLetlerView
Answer: D
Explanation:
In the given scenario, James employed the DriveLetterView utility to capture the list of all devices connected to the local machine. DriveLetterView is a tool that displays a list of drive letters assigned to drives on a computer, including external storage devices. By using this utility, James can identify any suspicious devices connected to the internal systems. References: EC-Council Certified Security Specialist (E|CSS) documents and study guide12.
NEW QUESTION # 43
A type of malware allows an attacker to trick the target entity into performing a predefined action, and upon its activation, it grants the attacker unrestricted access to all the data stored on the compromised system.
Which of the following is this type of malware?
- A. Botnet
- B. Key log ger
- C. Trojan
- D. Worm
Answer: C
Explanation:
A Trojan (short for "Trojan horse") is one of the most insidious types of malware. Trojans disguise themselves as legitimate software programs, such as a game or utility, while secretly damaging the host device. Unlike viruses and worms, Trojans mainly use social engineering techniques to replicate themselves, fooling victims into downloading and installing them.
References:
* EC-Council Certified Security Specialist (E|CSS) course materials and study guide12.
NEW QUESTION # 44
......
2024 New FreeCram ECSS PDF Recently Updated Questions: https://www.freecram.com/EC-COUNCIL-certification/ECSS-exam-dumps.html
EC-COUNCIL ECSS DUMPS WITH REAL EXAM QUESTIONS: https://drive.google.com/open?id=17_07x_RYHw9w_1JKX_ubUPheEXFH6FhQ