EC-COUNCIL ECSS Guide Provider, Free EC-COUNCIL ECSS Practice Test Are The Best Materials

Flydumps provides you with the most reliable practice exams to master EC-COUNCIL ECSS Certification. Our Microsoft questions and answers are certified by the senior lecturer and experienced technical experts in the Microsoft field. These EC-COUNCIL test questions provide you with the experience of taking the actual test.

Firewalking is a technique that can be used to gather information about a remote network protected by a firewall. This technique can be used effectively to perform information gathering attacks. In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall. Which of the following are pre-requisites for an attacker to conduct firewalking?
Each correct answer represents a complete solution. Choose all that apply.
A. ICMP packets leaving the network should be allowed.
B. An attacker should know the IP address of the last known gateway before the firewall.
C. There should be a backdoor installed on the network.
D. An attacker should know the IP address of a host located behind the firewall.

Correct Answer: ABD QUESTION 2
Which of the following security protocols are based on the 802.11i standard? Each correct answer represents a complete solution. Choose all that apply.

Correct Answer: BC QUESTION 3
Which of the following OSI layers is responsible for protocol conversion, data encryption/decryption, and data compression?
A. Transport layer
B. Presentation layer
C. Data-link layer
D. Network layer

Correct Answer: B QUESTION 4
You are responsible for security at a company that uses a lot of Web applications. You are most concerned about flaws in those applications allowing some attacker to get into your network. What method would be best for finding such flaws?
A. Vulnerability scanning
B. Manual penetration testing
C. Automated penetration testing
D. Code review

Correct Answer: A QUESTION 5
Which of the following representatives of incident response team takes forensic backups of the systems that are the focus of the incident?
A. Lead investigator
B. Information security representative
C. Technical representative
D. Legal representative

Correct Answer: C QUESTION 6
Which of the following statements are true about routers?
Each correct answer represents a complete solution. Choose all that apply.

A. Routers are responsible for making decisions about which of several paths network (orInternet)traffic will follow.
B. Routers do not limit physical broadcast traffic.
C. Routers organize addresses into classes, which are used to determine how to move packets fromone network to another.
D. Routers act as protocol translators and bind dissimilar networks.

Correct Answer: ACD QUESTION 7
Which of the following types of attacks cannot be prevented by technical measures only?
A. Brute force
B. Ping flood attack
C. Smurf DoS
D. Social engineering

Correct Answer: D QUESTION 8
You work as a Network Administrator for Tech Perfect Inc. The company requires a secure wireless network. To provide security, you are configuring ISA Server 2006 as a firewall. While configuring ISA Server 2006, which of the following is NOT necessary?
A. Defining how ISA Server would cache Web contents
B. Defining ISA Server network configuration
C. Setting up of monitoring on ISA Server
D. Configuration of VPN access

Correct Answer: D QUESTION 9
Which of the following attacks CANNOT be detected by an Intrusion Detection System (IDS)? Each correct answer represents a complete solution. Choose all that apply.
A. Denial-of-Service (DoS) attack
B. E-mail spoofing
C. Port scan attack
D. Shoulder surfing

Correct Answer: BD QUESTION 10
Which of the following statements best describes a certification authority?
A. A certification authority is a type of encryption that uses a public key and a private key pair fordata encryption.
B. A certification authority is an entity that issues digital certificates for use by other parties.
C. A certification authority is a technique to authenticate digital documents by using computercryptography.
D. A certification authority is a type of encryption that uses a single key to encrypt and decryp t data.

Correct Answer: B QUESTION 11
You have just set up a wireless network for customers at a coffee shop. Which of the following are good security measures to implement?
Each correct answer represents a complete solution. Choose two.
A. Using WEP encryption
B. Using WPA encryption
C. Not broadcasting SSID
D. MAC filtering the router

Correct Answer: AB QUESTION 12
Linux traffic monitoring tools are used to monitor and quickly detect faults in the network or a system. Which of the following tools are used to monitor traffic of the Linux operating system? Each correct answer represents a complete solution. Choose all that apply.
A. PsExec
B. IPTraf
D. PsLogList
E. Ntop

Correct Answer: BCE QUESTION 13
John works as an Office Assistant in DataSoft Inc. He has received an e-mail from [email protected] with the following message:
The DueSoft Lottery Incorporation
This is to inform you that you have just won a prize of $7,500.00 for this year’s Annual Lottery promotion, which was organized by Msn/Yahoo Lottery in conjunction with DueSoft. We collect active online e-mails and select five people every year as our winners through an electronic balloting machine. Please reply within three days of receiving this e-mail with your full details like Name, Address, Sex, Occupation, Age, State, Telephone number, and Country to claim your prize.
If John replies to this e-mail, which of the following attacks may he become vulnerable to?
A. Salami attack
B. Man-in-the-Middle attack
C. Phishing attack
D. DoS attack

Correct Answer: C QUESTION 14
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of He is using a tool to crack the wireless encryption keys. The description of the
tool is as follows:
Which of the following tools is John using to crack the wireless encryption keys?
A. AirSnort
B. Kismet
C. PsPasswd
D. Cain

Correct Answer: A
Which of the following proxy servers is also referred to as transparent proxies or forced proxies?
A. Intercepting proxy server
B. Anonymous proxy server
C. Reverse proxy server
D. Tunneling proxy server

Correct Answer: A
Which of the following security policies will you implement to keep safe your data when you connect your Laptop to the office network over IEEE 802.11 WLANs?
Each correct answer represents a complete solution. Choose two.
A. Using a protocol analyzer on your Laptop to monitor for risks.
B. Using an IPSec enabled VPN for remote connectivity.
C. Using portscanner like nmap in your network.
D. Using personal firewall software on your Laptop.

Correct Answer: BD
Which of the following is the first computer virus that was used to infect the boot sector of storage media formatted with the DOS File Allocation Table (FAT) file system?
A. I love you
B. Melissa
C. Tequila
D. Brain
Correct Answer: D
Which of the following needs to be documented to preserve evidences for presentation in court?
A. Incident response policy
B. Account lockout policy
C. Separation of duties
D. Chain of custody

Correct Answer: D

Kerberos is a computer network authentication protocol that allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. Which of the following statements are true about the Kerberos authentication scheme?
Each correct answer represents a complete solution. Choose all that apply.
A. Kerberos requires continuous availability of a central server.
B. Kerberos builds on Asymmetric key cryptography and requires a trusted third party.
C. Dictionary and brute force attacks on the initial TGS response to a client may reveal the subject’spasswords.
D. Kerberos requires the clocks of the involved hosts to be synchronized.

Correct Answer: ACD QUESTION 20
Which of the following is used in asymmetric encryption?
A. Public key and user key
C. Public key and private key

Correct Answer: C QUESTION 21
Sam, a malicious hacker, targets the electric power grid of Umbrella Inc. and gains access to the electronic control systems. Which of the following types of cybercrime has Sam performed?
A. Cyber defamation
B. Cybertrespass
C. Cyberterrorism
D. Cybertheft

Correct Answer: C QUESTION 22
Maria works as a Desktop Technician for PassGuide Inc. She has received an e-mail from the MN
Compensation Office with the following message:
Dear Sir/Madam,
My name is Edgar Rena, the director of compensation here at the MN Compensation Office in Chicago.

We receive so many complaints about fraudulent activities that have been taking place in your region for the past few years. Due to the high volume loss of money, the MN compensation department has had an agreement with the appropriate authority to compensate each victim with a sum of USD$500,000.00.
You were selected among the list of people to be paid this sum. To avoid any imperative mood by intending scammers, your payment has been transmuted into an International bank draft which can be cashed at any local bank in your country.
Please fill the below details and send it to our secretary for your compensation bank draft.
Full name:


Fill & Send to:
Dr. Michael Brown
MN Compensation Office, IL
Tel: +1-866-233-8434
Email: [email protected]
Further instructions shall be given to you by our secretary as soon as you contact him. To avoid losing your

compensation, you are requested to pay the sum of $350 for Insurance Premium to our secretary.
Thanks and God bless.
If Maria replies to this mail, which of the following attacks may she become vulnerable to?

A. Phishing attack
B. SYN attack
C. CookieMonster attack
D. Mail bombing

Correct Answer: A QUESTION 23
Victor works as a network administrator for DataSecu Inc. He uses a dual firewall Demilitarized Zone (DMZ) to insulate the rest of the network from the portions that is available to the Internet.
Which of the following security threats may occur if DMZ protocol attacks are performed? Each correct answer represents a complete solution. Choose all that apply.
A. The attacker can exploit any protocol used to go into the internal network or intranet of thecompany.
B. The attacker can gain access to the Web server in a DMZ and exploit the database.
C. The attacker can perform a Zero Day attack by delivering a malicious payload that is not a part of the intrusion detection/prevention systems guarding the network.
D. The attacker managing to break the first firewall defense can access the internal network without breaking the second firewall if it is different.

Correct Answer: ABC QUESTION 24
Which of the following Linux rootkits is installed via stolen SSH keys?
A. Phalanx2
B. Beastkit
C. Adore
D. Linux.Ramen

Correct Answer: A QUESTION 25
Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?
A. Snooping
B. Copyright
C. Utility model
D. Patent

Correct Answer: D EC-COUNCIL practice tests hold the key importance and provide a considerable gain for your knowledge base. You can rely on our products with unwavering confidence; Get the profound knowledge and become a pro with assistance.