検証済みのECSS試験問題集PDF [2024年最新] 成功の秘訣はここにある [Q30-Q48]

Share

検証済みのECSS試験問題集PDF [2024年最新] 成功の秘訣はここにある

ベストを体験せよ!ECSS試験問題トレーニングを提供していますFast2test


ECSS認定の専門家になるには、候補者は認定試験に合格する必要があります。この試験は、ネットワークセキュリティ、オペレーティングシステムのセキュリティ、アプリケーションセキュリティ、データ保護など、さまざまなセキュリティ分野の候補者の知識とスキルをテストするように設計されています。この試験は、複数の選択の質問で構成されており、タイミングが合っており、スコアが70%です。認証は3年間有効であり、認定ステータスを維持するためにその期間以降に更新する必要があります。

 

質問 # 30
Sandra, a hacker, targeted Johana, a software professional, to steal her banking details. She started sending frequent, random pop-up messages with malicious links to her social media page. Johana accidentally clicked on a link, causing a malicious program to get installed in her system. Subsequently, when Johana attempted to access her banking website, the URL directed her to a malicious website controlled by Sandra. Johana entered her banking credentials on the fake website, which Sandra then captured.
Identify the type of attack performed by Sandra on Johana.

  • A. Pharming
  • B. Shoulder surfing
  • C. Dumpster diving
  • D. Tailgating

正解:A

解説:
The attack performed by Sandra on Johana is known as pharming. Pharming is a type of social engineering cyberattack where criminals redirect internet users trying to reach a specific website to a different, fake site.
These "spoofed" sites aim to capture a victim's personally identifiable information (PII) and login credentials, such as passwords, social security numbers, and account numbers. In Johana's case, Sandra manipulated the URL to direct her to a malicious website where she entered her banking credentials, which Sandra then captured1.
References:
* EC-Council Certified Security Specialist (E|CSS) documents and study guide.
* EC-Council Certified Security Specialist (E|CSS) course materials.


質問 # 31
Which of the following statements is true about a honeyfarm?

  • A. It is a computer system used to attract hackers to identify them.
  • B. It is a firewall.
  • C. It is a centralized collection of honeypots.
  • D. It is a computer system that has no security.

正解:C


質問 # 32
Rick works as a Computer Forensic Investigator for BlueWells Inc. He has been informed that some confidential information is being leaked out by an employee of the company. Rick suspects that someone is sending the information through email. He checks the emails sent by some employees to other networks. Rick finds out that Sam, an employee of the Sales department, is continuously sending text files that contain special symbols, graphics, and signs. Rick suspects that Sam is using the Steganography technique to send data in a disguised form. Which of the following techniques is Sam using?
Each correct answer represents a part of the solution. Choose all that apply.

  • A. Linguistic steganography
  • B. Text Semagrams
  • C. Perceptual masking
  • D. Technical steganography

正解:A、B


質問 # 33
Which of the following cryptographic system services ensures that information will not be disclosed to any unauthorized person on a local network?

  • A. Non-repudiation
  • B. Authentication
  • C. Integrity
  • D. Confidentiality

正解:D


質問 # 34
Which of the following ports can be used for IP spoofing?

  • A. POP 110
  • B. Rlogin 513
  • C. NNTP 119
  • D. Whois 43

正解:B


質問 # 35
You work as a Network Administrator for Tech Perfect Inc. The company has a Windows Active Directory-based single domain single forest network. The functional level of the forest is Windows Server 2003. The company has recently provided fifty laptops to its sales team members. You are required to configure an 802.11 wireless network for the laptops. The sales team members must be able to use their data placed at a server in a cabled network. The planned network should be able to handle the threat of unauthorized access and data interception by an unauthorized user.
You are also required to prevent the sales team members from communicating directly to one another. Which of the following actions will you take to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Implement the open system authentication for the wireless network.
  • B. Implement the IEEE 802.1X authentication for the wireless network.
  • C. Using group policies, configure the network to allow the wireless computers to connect to the ad hoc networks only.
  • D. Configure the wireless network to use WEP encryption for the data transmitted over a wireless network.
  • E. Using group policies, configure the network to allow the wireless computers to connect to the infrastructure networks only.

正解:B、D、E


質問 # 36
Which of the following malware spread through the Internet and caused a large DoS attack in
1988?

  • A. SQL slammer worm
  • B. Morris worm
  • C. LoveLetter worm
  • D. Klez worm

正解:B


質問 # 37
Which of the following terms is used for the process of securing a system or a device on a network infrastructure?

  • A. Sanitization
  • B. Authentication
  • C. Hardening
  • D. Cryptography

正解:C


質問 # 38
Which of the following password cracking attacks does not use any software for cracking e-mail passwords?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Brute force attack
  • B. Shoulder surfing
  • C. Social engineering
  • D. Dictionary attack

正解:B、C


質問 # 39
Which of the following Linux rootkits is installed via stolen SSH keys?

  • A. Beastkit
  • B. Linux.Ramen
  • C. Phalanx2
  • D. Adore

正解:C


質問 # 40
Which of the following forensic tool suite is developed for Linux operating system?

  • A. S.M.A.R.T.
  • B. MForensicsLab
  • C. ProDiscover
  • D. Wetstone

正解:A


質問 # 41
Williams, a forensic specialist, was tasked with performing a static malware analysis on a suspect system in an organization. For this purpose, Williams used an automated tool to perform a string search and saved all the identified strings in a text file. After analyzing the strings, he determined all the harmful actions that were performed by malware.
Identify the tool employed by Williams in the above scenario.

  • A. ResourcesExlract
  • B. R-Drive Image
  • C. Ezvid
  • D. Snagit

正解:A

解説:
The scenario's focus on extracting strings from a suspect system for malware analysis aligns with the functionality of tools like ResourcesExtract:
* ResourcesExtract's Purpose: It's designed to extract specific resources, including strings, from executables and other file types. This is crucial for static malware analysis.
* String Search and Analysis: Finding and analyzing embedded strings can reveal malicious code behavior, function calls, and other clues about the malware's intent.


質問 # 42
Below are the various steps involved in an email crime investigation.
1.Acquiring the email data
2.Analyzing email headers
3.Examining email messages
4.Recovering deleted email messages
5.Seizing the computer and email accounts
6.Retrieving email headers
What is the correct sequence of steps involved in the investigation of an email crime?

  • A. 5->l->3->6-->2 >4
  • B. 2->4->3-->6->5-->l
  • C. 1->3->4->2-->5">6
  • D. 5 -> 1 -> 6 -> 2 -> 3 -> 4

正解:D

解説:
* Seizing the computer and email accounts (Step 5): This is the initial step to secure potential evidence.
It involves physically or remotely seizing the suspect's computer and email accounts to prevent tampering.
* Acquiring the email data (Step 1): After seizing the devices, investigators acquire the email data. This includes collecting email files, attachments, and metadata.
* Retrieving email headers (Step 6): Email headers contain valuable information such as sender IP addresses, timestamps, and routing details. Retrieving headers helps trace the email's origin.
* Analyzing email headers (Step 2): Investigators analyze the headers to identify any anomalies, spoofing, or suspicious patterns.
* Examining email messages (Step 3): Investigators review the actual email content, attachments, and any embedded links. This step helps understand the context and intent.
* Recovering deleted email messages (Step 4): Deleted emails may contain critical evidence.
Investigators use specialized tools to recover deleted messages.
References:
* EC-Council Certified Security Specialist (E|CSS) documents and study guide.
* EC-Council Certified Security Specialist (E|CSS) course materials123


質問 # 43
Which of the following Intrusion Detection Systems (IDS) is used to monitor rogue access points and the use of wireless attack tools?

  • A. NFR security
  • B. LogIDS 1.0
  • C. WIDS
  • D. Snort 2.1.0

正解:C


質問 # 44
A firewall is a combination of hardware and software, used to provide security to a network. It is used to protect an internal network or intranet against unauthorized access from the Internet or other outside networks. It restricts inbound and outbound access and can analyze all traffic between an internal network and the Internet. Users can configure a firewall to pass or block packets from specific IP addresses and ports. Which of the following tools works as a firewall for the Linux 2.4 kernel?

  • A. Stunnel
  • B. IPTables
  • C. OpenSSH
  • D. IPChains

正解:B


質問 # 45
According to the Sophos Security Threat Report 2009, which country amongst the following tops in producing spam (unwanted e-mails)?

  • A. Russia
  • B. China
  • C. Turkey
  • D. United States

正解:D


質問 # 46
Fill in the blank with the appropriate name of the attack.
________ takes best advantage of an existing authenticated connection

  • A. session hijacking

正解:A


質問 # 47
You work as a Network Security Analyzer. You got a suspicious email while working on a forensic project. Now, you want to know the IP address of the sender so that you can analyze various information such as the actual location, domain information, operating system being used, contact information, etc. of the email sender with the help of various tools and resources. You also want to check whether this email is fake or real. You know that analysis of email headers is a good starting point in such cases. The email header of the suspicious email is given below:
What is the IP address of the sender of this email?

  • A. 209.191.91.180
  • B. 216.168.54.25
  • C. 172.16.10.90
  • D. 141.1.1.1

正解:B


質問 # 48
......

最新の100%合格保証付きの素晴らしいECSS試験問題PDF:https://jp.fast2test.com/ECSS-premium-file.html

練習サンプルと問題集と秘訣には2024年最新のECSS有効なテスト問題集:https://drive.google.com/open?id=1EaiiLInTI3XZcNnetTXzRUbKcYm55P6Z


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어