EC-Council Certified Security Specialist v6.0

Page:    1 / 23   
Exam contains 337 questions

You work as a professional Computer Hacking Forensic Investigator for DataEnet Inc. You want to investigate e-mail information of an employee of the company. The suspected employee is using an online e-mail system such as Hotmail or Yahoo. Which of the following folders on the local computer will you review to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Download folder
  • B. History folder
  • C. Temporary Internet Folder
  • D. Cookies folder


Answer : B,C,D

John works as a Network Security Professional. He is assigned a project to test the security of www.we-are-secure.com. He is working on the Linux operating system and wants to install an Intrusion Detection System on the We-are-secure server so that he can receive alerts about any hacking attempts. Which of the following tools can John use to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Samhain
  • B. Tripwire
  • C. Snort
  • D. SARA


Answer : AC

You manage a Windows Server 2008 server named uCert1 in a domain named
PassGuide.com.
uCert1 has the Web Server (IIS) role installed and hosts an intranet Web site named
PassGuideInternal.
You want to ensure that all authentication traffic to the Web site is encrypted securely without the use of SSL. You disable Anonymous Authentication. What else should you do?

  • A. Enable Windows Authentication and Forms Authentication.
  • B. Enable Windows Authentication and Digest Authentication.
  • C. Enable Basic Authentication and Windows Authentication.
  • D. Enable Digest Authentication and Forms Authentication.


Answer : B

Which of the following password cracking attacks does not use any software for cracking e- mail passwords?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Brute force attack
  • B. Shoulder surfing
  • C. Social engineering
  • D. Dictionary attack


Answer : BC

You work as a Sales Manager for NetPerfect Inc. The company has a Windows-based network. You have to often send confidential e-mails and make online payments and purchases. You want to protect transmitted information and also to increase the security of e-mail communications. Which of the following programs or services will you use to accomplish the task?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Anonymizer
  • B. John the Ripper
  • C. THC Hydra
  • D. Pretty Good Privacy (PGP)


Answer : A,D

The IT administrator wants to implement a stronger security policy. What are the four most important security priorities for PassGuide Software Systems Pvt. Ltd.? (Click the Exhibit button on the toolbar to see the case study.)

  • A. Preventing denial-of-service attacks.
  • B. Providing two-factor authentication.
  • C. Ensuring secure authentication.
  • D. Protecting employee data on portable computers.
  • E. Implementing Certificate services on Texas office.
  • F. Preventing unauthorized network access.
  • G. Providing secure communications between the overseas office and the headquarters.
  • H. Providing secure communications between Washington and the headquarters office.


Answer : C,D,F,G

According to the Internet Crime Report 2009, which of the following complaint categories is on the top?

  • A. Identity theft
  • B. Advanced fee fraud
  • C. Non-delivered merchandise/payment
  • D. FBI scams


Answer : D

Maria works as the Chief Security Officer for PassGuide Inc. She wants to send secret messages to the CEO of the company. To secure these messages, she uses a technique of hiding a secret message within an ordinary message. The technique provides 'security through obscurity'. What technique is Maria using?

  • A. Steganography
  • B. Public-key cryptography
  • C. Encryption
  • D. RSA algorithm


Answer : A

Which of the following is a documentation of guidelines that computer forensics experts use to handle evidences?

  • A. Incident response policy
  • B. Chain of custody
  • C. Chain of evidence
  • D. Evidence access policy


Answer : B

Peter works as a System Administrator for TechSoft Inc. The company uses Linux-based systems.
Peter's manager suspects that someone is trying to log in to his computer in his absence.
Which of the following commands will Peter run to show the last unsuccessful login attempts, as well as the users who have last logged in to the manager's system?
Each correct answer represents a complete solution. Choose two.

  • A. rwho -a
  • B. lastb
  • C. last
  • D. pwd


Answer : BC

John works as a Security Administrator for NetPerfect Inc. The company uses Windows- based systems. A project has been assigned to John to track malicious hackers and to strengthen the company's security system. John configures a computer system to trick malicious hackers into thinking that it is the company's main server, which in fact is a decoy system to track hackers.
Which system is John using to track the malicious hackers?

  • A. Honeypot
  • B. Intrusion Detection System (IDS)
  • C. Bastion host
  • D. Honeytokens


Answer : A

Which of the following can be used to perform session hijacking?
Each correct answer represents a complete solution. Choose all that apply.

  • A. ARP spoofing
  • B. Cross-site scripting
  • C. Session fixation
  • D. Session sidejacking


Answer : B,C,D

In which of the following techniques does an attacker take network traffic coming towards a host at one port and forward it from that host to another host?

  • A. Snooping
  • B. UDP port scanning
  • C. Port redirection
  • D. Firewalking


Answer : C

Which of the following is used to authenticate asymmetric keys?

  • A. Digital signature
  • B. MAC Address
  • C. Password
  • D. Demilitarized zone (DMZ)


Answer : A

Which of the following programs is used for bypassing normal authentication for securing remote access to a computer?

  • A. Worm
  • B. Adware
  • C. Backdoor
  • D. Spyware


Answer : C

Page:    1 / 23   
Exam contains 337 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy