ECSS Online Practice Questions and Answers

Fill in the blank with the appropriate layer name of the OSI model.

Secure Socket Layer (SSL) operates at the _______ layer of the OSI model.

Fill in the blank with the command to complete the statement below. Do not enter the full path of the command. The command is used to remove the print jobs that have been queued for printing by using a secure connection.

John, a malicious hacker, forces a router to stop forwarding packets by flooding it with many open connections simultaneously so that all hosts behind it are effectively disabled. Which of the following attacks is John performing?

A. Replay attack

B. DoS attack

C. ARP spoofing

D. Rainbow attack

Which of the following is an example of a social engineering attack?

A. Phishing

B. Man-in-the-middle attack

C. Browser Sniffing

D. E-mail bombing

Jason, a Malicious Hacker, is a student of Baker university. He wants to perform remote hacking on the server of DataSoft Inc. to hone his hacking skills. The company has a Windows-based network. Jason successfully enters the target system remotely by using the advantage of vulnerability. He places a Trojan to maintain future access and then disconnects the remote session.

The employees of the company complain to Mark, who works as a Professional Ethical Hacker for DataSoft Inc., that some computers are very slow. Mark diagnoses the network and finds that some irrelevant log files and signs of Trojans are present on the computers. He suspects that a malicious hacker has accessed the network. Mark takes the help from Forensic Investigators and catches Jason. Which of the following mistakes made by Jason helped the Forensic Investigators catch him?

A. Jason did not perform a vulnerability assessment.

B. Jason did not perform port scanning.

C. Jason did not perform covering tracks.

D. Jason did not perform foot printing.

E. Jason did not perform OS fingerprinting.

Which of the following is the phase of Incident handling process in which the distinction between an event and an incident is made?

A. Identification phase

B. Preparation phase

C. Eradication phase

D. Differential phase

TCP FIN scanning is a type of stealth scanning through which the attacker sends a FIN packet to the target port. If the port is closed, the victim assumes that this packet was sent mistakenly by the attacker and sends the RST packet to the attacker. If the port is open, the FIN packet will be ignored and the port will drop the packet. Which of the following operating systems can be easily identified with the help of TCP FIN scanning?

A. Red Hat

B. Windows

C. Knoppix

D. Solaris

In which of the following techniques does an attacker take network traffic coming towards a host at one port and forward it from that host to another host?

A. Port redirection

B. Snooping

C. UDP port scanning

D. Firewalking

Which of the following attacks is used to hack simple alphabetical passwords?

A. Man-in-the-middle attack

B. Dictionary-based attack

C. Black hat attack

D. Sniffing

Which of the following statements are true about firewalking?

Each correct answer represents a complete solution. Choose all that apply.

A. To use firewalking, the attacker needs the IP address of the last known gateway before the firewall and the IP address of a host located behind the firewall.

B. In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall.

C. Firewalking works on the UDP packets.

D. A malicious attacker can use firewalking to determine the types of ports/protocols that can bypass the firewall.

Which of the following technologies is used to detect unauthorized attempts to access and manipulate computer systems locally or through the Internet or an intranet?

A. Demilitarized zone (DMZ)

B. Intrusion detection system (IDS)

C. Firewall

D. Packet filtering

Rick, the Network Administrator of the Fimbry Hardware Inc., wants to design the initial test model for Internet Access. He wants to fulfill the following goals:

·No external traffic should be allowed into the network.

·Administrators should be able to restrict the websites which can be accessed by the internal users.

Which of the following technologies should he use to accomplish the above goals?

(Click the Exhibit button on the toolbar to see the case study.)

A. Firewall

B. Network Address Translator (NAT)

C. Proxy Server

D. Internet Connection Sharing (ICS)

E. Routing and Remote Access Service (RRAS)

You work as a Network Security Analyzer. You got a suspicious email while working on a forensic project. Now, you want to know the IP address of the sender so that you can analyze various information such as the actual location, domain information, operating system being used, contact information, etc. of the email sender with the help of various tools and resources. You also want to check whether this email is fake or real. You know that analysis of email headers is a good starting point in such cases. The email header of the suspicious email is given below:

What is the IP address of the sender of this email?

A. 216.168.54.25

B. 209.191.91.180

C. 172.16.10.90

D. 141.1.1.1

Which of the following software helps in protecting the computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software?

Each correct answer represents a complete solution. Choose all that apply.

A. BitDefender

B. Windows Defender

C. John the Ripper

D. THC Hydra

Peter works as a professional Computer Hacking Forensic Investigator for eLaw-Suit law firm. He is working on a case of a cyber crime. Peter knows that the good investigative report should not only communicate the relevant facts, but also present expert opinion. This report should not include the cases in which the expert acted as a lay witness. Which of the following type of witnesses is a lay witness?

A. One who can give a firsthand account of something seen, heard, or experienced.

B. One with special knowledge of the subject about which he or she is testifying.

C. One who observes an event.

D. One who is not qualified as an expert witness.