Eccouncil ECSS EC-Council Certified Security Specialist (ECSSv10) Exam Practice Test

Page: 1 / 14
Total 100 questions
Question 1

Jessica, a user, wanted to access the Internet from her laptop and therefore sends a connection request to the access point. To identify the wireless client, the access point forwarded that request to a RADIUS server. The RADIUS server transmitted authentication keys to both the access point and Jessica's laptop. This key helps the access point identify a particular wireless client.

Identify the authentication method demonstrated in the above scenario.



Answer : D

The scenario described involves the use of a RADIUS (Remote Authentication Dial-In User Service) server.RADIUS is a client-server protocol that provides centralized network authentication12. In this case, the access point (client) forwards the connection request to the RADIUS server, which then sends authentication keys to both the access point and the user's laptop (supplicant).This process helps the access point identify the wireless client12.

RADIUS servers are also known as AAA (Authentication, Authorization, and Accounting) servers because they provide these three services1. The authentication process begins when a user attempts to log into the network.Their device will request access either through the use of credentials or by presenting an X.509 digital certificate1.The RADIUS server then compares the user's information with a list of users stored in a directory or IDP (Identity Provider)1.

Therefore, the authentication method demonstrated in the scenario iscentralized authentication(Option D), where a central server (in this case, the RADIUS server) handles the authentication of users.


Question 2

Kevin logged into a banking application with his registered credentials and tried to transfer some amount from his account to Flora's account. Before transferring the amount to Flora's account, the application sent an OTP to Kevin's mobile for confirmation.

Which of the following authentication mechanisms is employed by the banking application in the above scenario?



Answer : D

In the given scenario, the banking application employstwo-factor authentication (2FA). Here's why:

Registered Credentials: Kevin logs in with hisregistered credentials(username and password).

OTP (One-Time Password): The application sends anOTP to Kevin's mobilefor confirmation. This OTP serves as thesecond factorof authentication.


EC-Council Certified Security Specialist (E|CSS) documents and study guide.

EC-Council Certified Security Specialist (E|CSS) course materials12

Two-factor authentication enhances security by requiring users to provide two different authentication factors (usually something they know, like a password, and something they have, like an OTP) before granting access. It helps protect against unauthorized access even if one factor is compromised.

Question 3

Below are the various steps involved in an email crime investigation.

1.Acquiring the email data

2.Analyzing email headers

3.Examining email messages

4.Recovering deleted email messages

5.Seizing the computer and email accounts

6.Retrieving email headers

What is the correct sequence of steps involved in the investigation of an email crime?



Answer : D

Seizing the computer and email accounts (Step 5): This is the initial step to secure potential evidence. It involves physically or remotely seizing the suspect's computer and email accounts to prevent tampering.

Acquiring the email data (Step 1): After seizing the devices, investigators acquire the email data. This includes collecting email files, attachments, and metadata.

Retrieving email headers (Step 6): Email headers contain valuable information such as sender IP addresses, timestamps, and routing details. Retrieving headers helps trace the email's origin.

Analyzing email headers (Step 2): Investigators analyze the headers to identify any anomalies, spoofing, or suspicious patterns.

Examining email messages (Step 3): Investigators review the actual email content, attachments, and any embedded links. This step helps understand the context and intent.

Recovering deleted email messages (Step 4): Deleted emails may contain critical evidence. Investigators use specialized tools to recover deleted messages.


EC-Council Certified Security Specialist (E|CSS) documents and study guide.

EC-Council Certified Security Specialist (E|CSS) course materials123

Question 4

Stella, a mobile user, often ignores the messages received from the manufacturer for updates. One day, she found that files in her device are being replaced, she immediately rushed to the nearest service center for inquiry. They tested the device and identified vulnerabilities in it as it ran with an obsolete OS version.

Identify the mobile device security risk raised on Stella's device in the above scenario.



Answer : D

Stella's mobile device running an obsolete operating system (OS) version poses asystem-based risk. Outdated OS versions may lack critical security patches, leaving the device vulnerable to exploits and attacks. Regular OS updates are essential to address security vulnerabilities and maintain the device's security posture.


EC-Council Certified Security Specialist (E|CSS) course materials and study guide12.

EC-Council Certified Security Specialist (ECSS) program information1.

EC-Council ECSS Certification Syllabus and Prep Guide3.

EC-Council ECSS Certification Sample Questions and Practice Exam4.

EC-Council ECSS brochure5.

Question 5

Jay, a network administrator, was monitoring traffic flowing through an IDS. Unexpectedly, he received an event triggered as an alarm, although there is no active attack in progress.

Identify the type of IDS alert Jay has received in the above scenario.



Answer : D

In the given scenario, Jay received an alarm from the IDS even though there was no active attack. This situation corresponds to afalse positive alert. A false positive occurs when the IDS incorrectly identifies benign or legitimate traffic as malicious or suspicious. It can lead to unnecessary alerts and additional workload for network administrators.


Question 6

Clark is an unskilled hacker attempting to perform an attack on a target organization to gain popularity. He downloaded and used freely available hacking tools and software developed by other professional hackers for this purpose.

Identify the type of threat actor described in the above scenario.



Answer : A

Ascript kiddieis an unskilled individual who uses pre-written hacking tools and software to perform attacks without fully understanding the underlying techniques.They often seek attention or popularity by exploiting vulnerabilities using readily available tools.Reference: EC-Council Certified Security Specialist (E|CSS) documents and study guide12.


Question 7

Sandra, a hacker, targeted Johana, a software professional, to steal her banking details. She started sending frequent, random pop-up messages with malicious links to her social media page. Johana accidentally clicked on a link, causing a malicious program to get installed in her system. Subsequently, when Johana attempted to access her banking website, the URL directed her to a malicious website controlled by Sandra. Johana entered her banking credentials on the fake website, which Sandra then captured.

Identify the type of attack performed by Sandra on Johana.



Answer : B

The attack performed by Sandra on Johana is known aspharming. Pharming is a type of social engineering cyberattack where criminals redirect internet users trying to reach a specific website to a different, fake site. These ''spoofed'' sites aim to capture a victim's personally identifiable information (PII) and login credentials, such as passwords, social security numbers, and account numbers.In Johana's case, Sandra manipulated the URL to direct her to a malicious website where she entered her banking credentials, which Sandra then captured1.


EC-Council Certified Security Specialist (E|CSS) documents and study guide.

EC-Council Certified Security Specialist (E|CSS) course materials.

Page:    1 / 14   
Total 100 questions