EC-COUNCIL EC-COUNCIL Certifications ECSS Questions & Answers

• Question 141:

  Which of the following statements are true about firewalking?

  Each correct answer represents a complete solution. Choose all that apply.

  A. To use firewalking, the attacker needs the IP address of the last known gateway before thefirewall and the IP address of a host located behind the firewall.

  B. In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall.

  C. Firewalking works on the UDP packets.

  D. A malicious attacker can use firewalking to determine the types of ports/protocols that canbypass the firewall.

  Correct Answer: ABD

• Question 142:

  John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using a tool to crack the wireless encryption keys. The description of the tool is as follows:

  

  Which of the following tools is John using to crack the wireless encryption keys?

  A. Cain

  B. Kismet

  C. PsPasswd

  D. AirSnort

  Correct Answer: D

• Question 143:

  Adam works as a Computer Hacking Forensic Investigator for a garment company in the United States. A project has been assigned to him to investigate a case of a disloyal employee who is suspected of stealing design of the garments, which belongs to the company and selling those garments of the same design under different brand name. Adam investigated that the company does not have any policy related to the copy of design of the garments. He also investigated that the trademark under which the employee is selling the garments is almost identical to the original trademark of the company. On the grounds of which of the following laws can the employee be prosecuted?

  A. Copyright law

  B. Cyber law

  C. Espionage law

  D. Trademark law

  Correct Answer: D

• Question 144:

  Which of the following commands is used to make traceroute wait 5 seconds for a response to a packet?

  A. traceroute -T

  B. traceroute -q

  C. traceroute -r

  D. traceroute -w

  Correct Answer: D

• Question 145:

  In which of the following techniques does an attacker take network traffic coming towards a host at one port and forward it from that host to another host?

  A. Port redirection

  B. Snooping

  C. UDP port scanning

  D. Firewalking

  Correct Answer: A

• Question 146:

  Which of the following statements are true about routers?

  Each correct answer represents a complete solution. Choose all that apply.

  A. Routers are responsible for making decisions about which of several paths network (or Internet) traffic will follow.

  B. Routers organize addresses into classes, which are used to determine how to move packets from one network to another.

  C. Routers do not limit physical broadcast traffic.

  D. Routers act as protocol translators and bind dissimilar networks.

  Correct Answer: ABD

• Question 147:

  John, a malicious hacker, forces a router to stop forwarding packets by flooding it with many open connections simultaneously so that all hosts behind it are effectively disabled. Which of the following attacks is John performing?

  A. DoS attack

  B. Rainbow attack

  C. ARP spoofing

  D. Replay attack

  Correct Answer: A

• Question 148:

  Peter works as a Technical Representative in a CSIRT for SecureEnet Inc. His team is called to investigate the computer of an employee, who is suspected for classified data theft. Suspect's computer runs on Windows operating system. Peter wants to collect data and evidences for further analysis. He knows that in Windows operating system, the data is searched in pre-defined steps for proper and efficient analysis. Which of the following is the correct order for searching data on a Windows based system?

  A. Volatile data, file slack, registry, system state backup, internet traces, file system, memory dumps

  B. Volatile data, file slack, registry, memory dumps, file system, system state backup, interne t traces

  C. Volatile data, file slack, file system, registry, memory dumps, system state backup, interne t traces

  D. Volatile data, file slack, internet traces, registry, memory dumps, system state backup, file system

  Correct Answer: C

• Question 149:

  Which of the following environmental variables represents the PID value of the last child process?

  A. $?

  B. $!

  C. $$

  D. $!!

  Correct Answer: B

• Question 150:

  Adam works as a Security Analyst for Umbrella Inc. He is retrieving large amount of log data from syslog servers and network devices such as Router and switches. He is facing difficulty in analyzing the logs that he has retrieved. To solve this problem, Adam decides to use software called Sawmill. Which of the following statements are true about Sawmill?

  Each correct answer represents a complete solution. Choose all that apply.

  A. It incorporates real-time reporting and real-time alerting.

  B. It comes only as a software package for user deployment.

  C. It is a software package for the statistical analysis and reporting of log files.

  D. It is used to analyze any device or software package, which produces a log file such as Web servers, network devices (switches and routers etc.), syslog servers etc.

  Correct Answer: ACD