Eccouncil 212-82 Certified Cybersecurity Technician (CCT) Exam Practice Test

Page: 1 / 14
Total 161 questions
Question 1

You work in a Multinational Company named Vector Inc. on Hypervisors and Virtualization Software. You are using the Operating System (OS) Virtualization and you have to handle the Security risks associated with the OS virtualization. How can you mitigate these security risks?



Answer : A

Mitigating security risks associated with OS virtualization involves a comprehensive approach. Here's a breakdown of the steps:

Implement Least Privilege Access Control for Users Managing VMs:

Limit access to only those users who need it.

Ensure that users have only the permissions necessary to perform their tasks.

Regularly Patch and Update the Hypervisor Software for Security Fixes:

Keep the hypervisor and virtualization software up-to-date to protect against known vulnerabilities.

Regular patching minimizes the risk of exploitation.

Disable Security Features on Virtual Machines to Improve Performance:

Note: This is actually a security risk. The correct approach is to enable and configure security features to protect VMs, despite the potential minor impact on performance.

Comprehensive Approach:

A holistic security strategy includes enforcing least privilege, maintaining updated systems, and enabling security features on VMs to protect against a wide range of threats.


EC-Council Certified Ethical Hacker (CEH) materials.

Best practices for virtualization security from NIST and other cybersecurity frameworks.

Question 2

Ruben, a crime investigator, wants to retrieve all the deleted files and folders in the suspected media without affecting the original files. For this purpose, he uses a method that involves the creation of a cloned copy of the entire media and prevents the contamination of the original media.

Identify the method utilized by Ruben in the above scenario.



Answer : B

Bit-stream imaging is the method utilized by Ruben in the above scenario. Bit-stream imaging is a method that involves creating a cloned copy of the entire media and prevents the contamination of the original media. Bit-stream imaging copies all the data on the media, including deleted files and folders, hidden partitions, slack space, etc., at a bit level. Bit-stream imaging preserves the integrity and authenticity of the digital evidence and allows further analysis without affecting the original media. Sparse acquisition is a method that involves creating a partial copy of the media by skipping empty sectors or blocks. Drive decryption is a method that involves decrypting an encrypted drive or partition using a password or a key. Logical acquisition is a method that involves creating a copy of the logical files and folders on the media using file system commands.


Question 3

Anderson, a security engineer, was Instructed to monitor all incoming and outgoing traffic on the organization's network to identify any suspicious traffic. For this purpose, he employed an analysis technique using which he analyzed packet header fields such as IP options, IP protocols, IP fragmentation flags, offset, and identification to check whether any fields are altered in transit.

Identify the type of attack signature analysis performed by Anderson in the above scenario.



Answer : D

Content-based signature analysis is the type of attack signature analysis performed by Anderson in the above scenario. Content-based signature analysis is a technique that analyzes packet header fields such as IP options, IP protocols, IP fragmentation flags, offset, and identification to check whether any fields are altered in transit. Content-based signature analysis can help detect attacks that manipulate packet headers to evade detection or exploit vulnerabilities . Context-based signature analysis is a technique that analyzes packet payloads such as application data or commands to check whether they match any known attack patterns or signatures. Atomic-signature-based analysis is a technique that analyzes individual packets to check whether they match any known attack patterns or signatures. Composite-signature-based analysis is a technique that analyzes multiple packets or sessions to check whether they match any known attack patterns or signatures.


Question 4

A software company is developing a new software product by following the best practices for secure application development. Dawson, a software analyst, is checking the performance of the application on the client's network to determine whether end users are facing any issues in accessing the application.

Which of the following tiers of a secure application development lifecycle involves checking the performance of the application?



Answer : B

The testing tier of a secure application development lifecycle involves checking the performance of the application on the client's network to determine whether end users are facing any issues in accessing the application. Testing is a crucial phase of software development that ensures the quality, functionality, reliability, and security of the application.Testing can be done manually or automatically using various tools and techniques, such as unit testing, integration testing, system testing, regression testing, performance testing, usability testing, security testing, and acceptance testing


Question 5

Paul, a computer user, has shared information with his colleague using an online application. The online application used by Paul has been incorporated with the latest encryption mechanism. This mechanism encrypts data by using a sequence of photons that have a spinning trait while traveling from one end to another, and these photons keep changing their shapes during their course through filters: vertical, horizontal, forward slash, and backslash.

Identify the encryption mechanism demonstrated in the above scenario.



Answer : A

Quantum cryptography is the encryption mechanism demonstrated in the above scenario. Quantum cryptography is a branch of cryptography that uses quantum physics to secure data transmission and communication. Quantum cryptography encrypts data by using a sequence of photons that have a spinning trait, called polarization, while traveling from one end to another. These photons keep changing their shapes, called states, during their course through filters: vertical, horizontal, forward slash, and backslash. Quantum cryptography ensures that any attempt to intercept or tamper with the data will alter the quantum states of the photons and be detected by the sender and receiver . Homomorphic encryption is a type of encryption that allows computations to be performed on encrypted data without decrypting it first. Rivest Shamir Adleman (RSA) encryption is a type of asymmetric encryption that uses two keys, public and private, to encrypt and decrypt data. Elliptic curve cryptography (ECC) is a type of asymmetric encryption that uses mathematical curves to generate keys and perform encryption and decryption.


Question 6

A global financial Institution experienced a sophisticated cyber-attack where attackers gained access to the internal network and exfiltrated sensitive data over several months. The attack was complex, involving a mix of phishing, malware, and exploitation of system vulnerabilities. Once discovered, the institution initiated its incident response process. Considering the nature and severity of the incident, what should be the primary focus of the incident response team's initial efforts?



Answer : C

Isolating Affected Systems:

Containment: Immediately isolate compromised systems to prevent further data exfiltration and limit the spread of the attack.

Minimize Impact: This step helps to mitigate ongoing damage and protect unaffected systems.

Analyzing Network Traffic:

Identify Anomalies: Analyze network traffic to identify any anomalies or patterns indicative of the attack. This helps to understand the attack vector and extent of the breach.

Gather Evidence: Collect evidence that can be used to trace the attacker's methods and identify vulnerabilities.

Additional Steps:

After containment and analysis, the incident response team can proceed with notifying law enforcement, conducting a system audit, and managing public relations.


Incident response best practices: NIST Computer Security Incident Handling Guide

Strategies for cyber incident containment: SANS Institute

Top of Form

Bottom of Form

Question 7

A web application, www.moviescope.com, was found to be prone to SQL injection attacks. You are tasked to exploit the web application and fetch the user dat

a. Identify the contact number (Contact) of a user, Steve, in the moviescope database. Note: You already have an account on the web application, and your credentials are sam/test. (Practical Question)



Answer : A

SQL Injection Basics:

SQL injection is a code injection technique that exploits vulnerabilities in an application's software by inserting malicious SQL statements into an input field for execution.


Exploiting SQL Injection:

To find Steve's contact number, you need to perform an SQL injection attack to extract the specific data from the database.

Example payload: ' OR 1=1; SELECT contact FROM users WHERE name='Steve';--

Execution Process:

Log in to the application with the provided credentials (sam/test).

Locate an input field vulnerable to SQL injection, such as a search or login field.

Inject the SQL payload to extract the contact number for Steve.

Extracting Data:

The payload modifies the SQL query executed by the application, making it return the desired data (Steve's contact number).

After performing the injection and extracting the data, you find that Steve's contact number is 1-202-509-7316.

Page:    1 / 14   
Total 161 questions