New Year Special - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: spcl70

ECSS PDF

$33

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

ECSS PDF + Testing Engine

$52.8

$175.99

3 Months Free Update

  • Exam Name: EC-Council Certified Security Specialist (ECSSv10)Exam
  • Last Update: Jan 13, 2025
  • Questions and Answers: 100
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

ECSS Engine

$39.6

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

ECSS Practice Exam Questions with Answers EC-Council Certified Security Specialist (ECSSv10)Exam Certification

Question # 6

Kalley, a network administrator of an organization, has installed a traffic monitoring system to capture and report suspicious traffic signatures. In this process, she detects traffic containing password cracking, sniffing, and brute-forcing attempts.

Which of the following categories of suspicious traffic signature were identified by Kalley through the installed monitoring system?

A.

Reconnaissance signatures

B.

Informational signatures

C.

Unauthorized access signatures

D.

Denial of service (DoS) signatures

Full Access
Question # 7

Paola, a professional hacker, was hired to break into the target organization's network and extract sensitive data. In this process, Paola found that the target organization has purchased new hardware. She accessed the new hardware while it was in transit and tampered with the hardware to make it vulnerable to attacks.

Identify the class of attack Paola has performed on the target organization.

A.

Distribution attack

B.

insider attack

C.

Passive attack

D.

Active attack

Full Access
Question # 8

Bob, a security professional, was recruited by an organization to ensure that application services are being delivered as expected without any delay. To achieve this. Bob decided to maintain different backup servers for the same resources so that if one backup system fails, another will serve the purpose.

Identify the IA principle employed by Bob in the above scenario.

A.

Integrity

B.

Confidentiality

C.

Authentication

D.

Availability

Full Access
Question # 9

John, from a remote location, was monitoring his bedridden grandfather’s health condition at his home. John has placed a smart wearable ECC on his grandfather's wrist so that he can receive alerts to his mobile phone and can keep a track over his grandfather's health condition periodically.

Which of the following types of loT communication model was demonstrated in the above scenario?

A.

Cloud-lo-cloud communication model

B.

Device to gateway model

C.

Device to device model

D.

Device-to-cloud model

Full Access
Question # 10

Daniel, a professional hacker, targeted Alice and lured her into downloading a malicious app from a third-party app store. Upon installation, the core malicious code inside the application started infecting other legitimate apps in Alice's mobile device. Daniel overloaded Alice's device with irrelevant and fraudulent advertisements through the infected app for financial gain.

Identify the type of attack Daniel has launched in the above scenario.

A.

Agent Smith attack

B.

Bluebugging attack

C.

SMiShing attack

D.

SIM card attack

Full Access
Question # 11

Cheryl, a forensic expert, was recruited to investigate a malicious activity performed by an anonymous hackers’ group on an organization’s systems. Using an automated tool, Cheryl was able to extract the malware file and analyze the assembly code instructions, which helped him understand the malware’s purpose.

Which of the following tools helped Cheryl extract and analyze the assembly code of the malware?

A.

Virtual Box

B.

OllyDbg

C.

QualNet

D.

VMware vSphere

Full Access
Question # 12

John, a professional penetration tester, was hired by an organization for conducting a penetration test on their IT infrastructure. He was assigned the task of identifying risks, rather than finding vulnerabilities. In this process, he defined the goal before initiating the penetration test and performed multiple parallel processes to achieve the goal.

Identify the type of penetration assessment performed by John in the above scenario.

A.

Red team oriented penetration testing approach

B.

Objective-oriented penetration testing approach

C.

Adversarial goal based assessment

D.

Compliance oriented penetration testing approach

Full Access
Question # 13

Michael, a forensic expert, was assigned to investigate an incident that involved unauthorized intrusion attempts. In this process, Michael identified all the open ports on a system and disabled them because these open ports can allow attackers to install malicious services and compromise the security of the system or network.

Which of the following commands assisted Michael in identifying open ports in the above scenario?

A.

nmap -sT localhost

B.

netstat -i

C.

ilconfig promise

D.

netstat rn

Full Access
Question # 14

Ben, a computer user, applied for a digital certificate. A component of PKI verifies Ben's identity using the credentials provided and passes that request on behalf of Ben to grant the digital certificate.

Which of the following PKI components verified Ben as being legitimate to receive the certificate?

A.

Certificate directory

B.

Validation authority (VA)

C.

Certificate authority (CA)

D.

Registration authority (RA)

Full Access
Question # 15

Jack, a forensic investigator, was appointed to investigate a Windows-based security incident. In this process, he employed an Autopsy tool to recover the deleted files from unallocated space, which helps in gathering potential evidence.

Which of the following functions of Autopsy helped Jack recover the deleted files?

A.

Timeline analysis

B.

Web artifacts

C.

Data carving

D.

Multimedia

Full Access
Question # 16

Which of the following techniques is referred to as a messaging feature that originates from a server and enables the delivery of data or a message from an application to a mobile device without any explicit request from the user?

A.

Geofencing

B.

PIN feature

C.

Containerization

D.

Push notification

Full Access
Question # 17

Which of the following layers of the loT architecture is responsible for delivering services to respective users from different sectors such as building, industrial, manufacturing, automobile, security, and healthcare?

A.

Middleware layer

B.

Access gateway layer

C.

Application layer

D.

Edge technology layer

Full Access
Question # 18

Which of the following practices makes web applications vulnerable to SQL injection attacks?

A.

Use the most restrictive SQL account types for applications

B.

Never build Transact SQL statements directly from user input

C.

Avoid constructing dynamic SQL with concatenated input values

D.

A Accept entries that contain binary data, escape sequences, and comment characters

Full Access
Question # 19

Stephen, an attacker, decided to gain access to an organization’s server. He identified a user with access to the remote server. He used sniffing programs to gain the user's credentials and captured the authentication tokens transmitted by the user. Then, he transmitted the captured tokens back tothe server to gain unauthorized access.

Identify the technique used by Stephen to gain unauthorized access to the target server.

A.

Brute-force attack

B.

Internal monologue

C.

SQL injection

D.

Replay attack

Full Access
Question # 20

Bob, a network administrator in a company, manages network connectivity to 200 employees in six different rooms. Every employee has their own laptop to connect to the Internet through a wireless network, but the company has only one broadband connection.

Which of the following types of wireless networks allows Bob to provide Internet access to every laptop and bring all the devices to a single network?

A.

Extension to wired network

B.

3G/4G hotspot

C.

Multiple wireless access points

D.

LAN to LAN wireless network

Full Access
Question # 21

Andrew, a system administrator, is performing a UEFI boot process. The current phase of the UEFI boot process consists of the initialization code that the system executes after powering on the EFI system. This phase also manages platform reset events and sets up the system so that it can find, validate, install, and run the PEI.

Which of the following UEFI boot phases is the process currently in?

A.

Pre-EFI initialization phase

B.

Security phase

C.

Boot device selection phase

D.

Driver execution environment phase

Full Access
Question # 22

Michael is an attacker who aims to hack Bob's system. He started collecting data without any active interaction with Bob’s system. Using this technique. Michael can extract sensitive information from unencrypted data.

Identify the class of attack Michael has launched in the above scenario.

A.

Ac live attack

B.

Insider attack

C.

Close in attack

D.

Passive attack

Full Access
Question # 23

Which of th© following titles of Th© Electronic Communications Privacy Act protects the privacy of the contents of files stored by service providers and records held about the subscriber by service providers, such as subscriber name, billing records, and IP addresses?

A.

Title II

B.

Title I

C.

Title IV

D.

Title III

Full Access
Question # 24

Melanie, a professional hacker, is attempting to break into a target network through an application server. In this process, she identified a logic flaw in the target web application that provided visibility into the source code. She exploited this vulnerability to launch further attacks on the target web application.

Which of the web application vulnerabilities was identified by Melanie in the above scenario?

A.

Insecure deserialization

B.

Security misconfiguration

C.

Command injection

D.

Broken authentication

Full Access
Question # 25

Finch, a security professional, was instructed to strengthen the security at the entrance. At the doorway, he implemented a security mechanism that allows employees to register their retina scan and a unique six-digit code, using which they can enter the office at any time.

Which of the following combinations of authentication mechanisms is implemented in the above scenario?

A.

Password and two-factor authentication

B.

Two-factor and smart card authentication

C.

Biometric and password authentication

D.

Smart card and password authentication

Full Access
Question # 26

Bob, a professional hacker, targeted an organization to launch attacks. Bob gathered information such as network topology and a list of live hosts. Based on the collected information, he launched further attacks over the organization's network.

Identify the type of network attack Bob initiated on the target organization in the above scenario.

A.

Session hijacking

B.

Buffer overflow

C.

Data modification

D.

Enumeration

Full Access
Question # 27

Bruce, a professional hacker, targeted an OT network. He initiated a looping strategy to recover the password of the target system. He started sending one character at a time to check whether the first character entered is correct: If so, he continued the loop for consecutive characters. Using thistechnique. Bruce identified how much time the device takes to finish one complete password authentication process, through which he determined the correct characters in the target password.

Identify the type of attack launched by Bruce on the target OT network.

A.

Code injection attack

B.

Buller overflow attack

C.

Reconnaissance attack

D.

Side-channel attack

Full Access
Question # 28

Cibel.org, an organization, wanted to develop a web application for marketing its products to the public. In this process, they consulted a cloud service provider and requested provision of development tools, configuration management, and deployment platforms for developing customized applications.

Identify the type of cloud service requested by Cibel.org in the above scenario.

A.

Security-as-a-service (SECaaS)

B.

Infrastructure-as-a-service (laaS)

C.

identity-as-a-service (IDaaS)

D.

Platform-as-a-service

Full Access
Question # 29

Clark, a security professional, was instructed to monitor and continue the backup functions without interrupting the system or application services. In this process, Clark implemented a backup mechanism that dynamically backups the data even If the system or application resources are being used.

Which of the following types of backup mechanisms has Clark implemented in the above scenario?

A.

Full backup

B.

Cold backup

C.

Hot backup

D.

Offline backup

Full Access
Question # 30

Bob has secretly installed smart CCTV devices (loT devices) outside his home and wants to access the recorded data from a remote location. These smart CCTV devices send sensed data to an intermediate device that carries out pre-processing of data online before transmitting it to the cloudfor storage and analysis. The analyzed data is then sent to Bob for initiating actions.

Identify the component of loT architecture that collects data from loT devices and performs data preprocessing.

A.

Data lakes

B.

Streaming data processor

C.

Gateway

D.

A Machine learning

Full Access