EC-Council ECSS EC-Council Certified Security Specialist Practice Test Online Training
EC-Council ECSS Online Training
The questions for ECSS were last updated at Mar 06,2025.
- Exam Code: ECSS
- Exam Name: EC-Council Certified Security Specialist Practice Test
- Certification Provider: EC-Council
- Latest update: Mar 06,2025
A system that a cybercriminal was suspected to have used for performing an anti-social activity through the Tor browser. James reviewed the active network connections established using specific ports via Tor.
Which of the following port numbers does Tor use for establishing a connection via Tor nodes?
- A . 1026/64666
- B . 9150/9151
- C . 3024/4092
- D . 31/456
Bob. a network specialist in an organization, is attempting to identify malicious activities in the network. In this process. Bob analyzed specific data that provided him a summary of a conversation between two network devices, including a source IP and source port, a destination IP and destination port, the duration of the conversation, and the information shared during the conversation.
Which of the following types of network-based evidence was collected by Bob in the above scenario?
- A . Statistical data
- B . Alert data
- C . Session data
- D . Full content data
Which of the following practices makes web applications vulnerable to SQL injection attacks?
- A . Use the most restrictive SQL account types for applications
- B . Never build Transact SQL statements directly from user input
- C . Avoid constructing dynamic SQL with concatenated input values
- D . A Accept entries that contain binary data, escape sequences, and comment characters
Melanie, a professional hacker, is attempting to break into a target network through an application server. In this process, she identified a logic flaw in the target web application that provided visibility into the source code. She exploited this vulnerability to launch further attacks on the target web application.
Which of the web application vulnerabilities was identified by Melanie in the above scenario?
- A . Insecure deserialization
- B . Security misconfiguration
- C . Command injection
- D . Broken authentication
Harry, a security professional, was hired to identify the details of an attack that was initiated on a Windows system. In this process, Harry decided to check the logs of currently running applications and the information related to previously uninstalled or removed applications for suspicious events.
Which of the following folders in a Windows system stores information on applications run on the system?
- A . C:Windowsdebug
- B . C:WindowsBook
- C . C:subdir
- D . C:WindowsPrefelch
Bob. a security specialist at an organization, extracted the following IIS log from a Windows-based server: “2019-12-12 06:11:41 192.168.0.10 GET /images/content/bg_body_l.jpg – 80 – 192.168.0.27 Mozilla/5.0
(Windows*NT»6.3:*WOW64)*AppleWebKit/537.36*(KHTML.*like»Cecko)*Chrome/48.0.2564.103» Safari/537.36 http://www.movie5cope.com/css/style.c5s 200 0 0 365"
Identify the element in the above IIS log entry that indicates the request was fulfilled without error.
- A . 192
- B . 80
- C . 200
- D . 537
Bob. a security specialist at an organization, extracted the following IIS log from a Windows-based server: “2019-12-12 06:11:41 192.168.0.10 GET /images/content/bg_body_l.jpg – 80 – 192.168.0.27 Mozilla/5.0
(Windows*NT»6.3:*WOW64)*AppleWebKit/537.36*(KHTML.*like»Cecko)*Chrome/48.0.2564.103» Safari/537.36 http://www.movie5cope.com/css/style.c5s 200 0 0 365"
Identify the element in the above IIS log entry that indicates the request was fulfilled without error.
- A . 192
- B . 80
- C . 200
- D . 537
Which of the following techniques is referred to as a messaging feature that originates from a server and enables the delivery of data or a message from an application to a mobile device without any explicit request from the user?
- A . Geofencing
- B . PIN feature
- C . Containerization
- D . Push notification
Johnson is a professional hacker who targeted an organization’s customers and decided to crack their system passwords. In this process, he found a list of valid customers, created a list of possible passwords, ranked the passwords from high to low probability, and started keying in each password in the target system until the correct password is discovered.
Identify the type of attack performed by Johnson in the above scenario.
- A . Password guessing
- B . Rainbow table attack
- C . Dictionary attack
- D . Brute force attack
Johnson is a professional hacker who targeted an organization’s customers and decided to crack their system passwords. In this process, he found a list of valid customers, created a list of possible passwords, ranked the passwords from high to low probability, and started keying in each password in the target system until the correct password is discovered.
Identify the type of attack performed by Johnson in the above scenario.
- A . Password guessing
- B . Rainbow table attack
- C . Dictionary attack
- D . Brute force attack
Latest ECSS Dumps Valid Version with 100 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
