ECSS Online Practice Questions and Answers

You are responsible for security at a company that uses a lot of Web applications. You are most concerned about flaws in those applications allowing some attacker to get into your network. What method would be best for finding such flaws?

A. Vulnerability scanning

B. Manual penetration testing

C. Automated penetration testing

D. Code review

Kerberos is a computer network authentication protocol that allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. Which of the following statements are true about the Kerberos authentication scheme?

Each correct answer represents a complete solution. Choose all that apply.

A. Kerberos requires continuous availability of a central server.

B. Kerberos builds on Asymmetric key cryptography and requires a trusted third party.

C. Dictionary and brute force attacks on the initial TGS response to a client may reveal the subject'spasswords.

D. Kerberos requires the clocks of the involved hosts to be synchronized.

Which of the following is a documentation of guidelines that computer forensics experts use to handle evidences?

A. Incident response policy

B. Chain of custody

C. Chain of evidence

D. Evidence access policy

John works as a Professional Ethical Hacker for NetPerfect Inc. The company has a Linux-based network. All client computers are running on Red Hat 7.0 Linux. The Sales Manager of the company complains to John that his system contains an unknown package named as tar.gz and his documents are exploited. To resolve the problem, John uses a Port scanner to enquire about the open ports and finds out that the HTTP server service port on 27374 is open. He suspects that the other computers on the network are also facing the same problem. John discovers that a malicious application is using the synscan tool to randomly generate IP addresses.

Which of the following worms has attacked the computer?

A. Code red

B. Ramen

C. LoveLetter

D. Nimda

Which of the following Linux rootkits allows attackers to hide files, processes, and network connections?

Each correct answer represents a complete solution. Choose all that apply.

A. Phalanx2

B. Adore

C. Knark

D. Beastkit

What is the major difference between a worm and a Trojan horse?

A. A worm is self replicating, while a Trojan horse is not.

B. A Trojan horse is a malicious program, while a worm is an anti-virus software.

C. A worm spreads via e-mail, while a Trojan horse does not.

D. A worm is a form of malicious program, while a Trojan horse is a utility.

You work as a Network Security Analyzer. You got a suspicious email while working on a forensic project. Now, you want to know the IP address of the sender so that you can analyze various information such as the actual location, domain information, operating system being used, contact information, etc. of the email sender with the help of various tools and resources. You also want to check whether this email is fake or real. You know that analysis of email headers is a good starting point in such cases. The email header of the suspicious email is given below:

What is the IP address of the sender of this email?

A. 209.191.91.180

B. 141.1.1.1

C. 172.16.10.90

D. 216.168.54.25

Which of the following functions does the RSA Digital Signature combine with public key algorithm to create a more secure signature?

A. %

B. $

C. #

D. *

Which of the following user authentications are supported by the SSH-1 protocol but not by the SSH-2 protocol?

Each correct answer represents a complete solution. Choose all that apply.

A. TIS authentication

B. Password-based authentication

C. Kerberos authentication

D. Rhosts (rsh-style) authentication

Which of the following refers to a computer that must be secure because it is accessible from the Internet and is vulnerable to attacks?

A. Gateway

B. LMHOSTS

C. Firewall

D. Bastion host