ECCouncil ECSS - EC-Council Certified Security Specialist Exam
Page: 1 / 68
Total 337 questions
Question #1 (Topic: Topic 1)
Firewalking is a technique that can be used to gather information about a remote network
protected by a firewall. This technique can be used effectively to perform information
gathering attacks. In this technique, an attacker sends a crafted packet with a TTL value
that is set to expire one hop past the firewall. Which of the following are pre-requisites for
an attacker to conduct firewalking?
Each correct answer represents a complete solution. Choose all that apply.
protected by a firewall. This technique can be used effectively to perform information
gathering attacks. In this technique, an attacker sends a crafted packet with a TTL value
that is set to expire one hop past the firewall. Which of the following are pre-requisites for
an attacker to conduct firewalking?
Each correct answer represents a complete solution. Choose all that apply.
A. ICMP packets leaving the network should be allowed.
B. An attacker should know the IP address of the last known gateway before the firewall.
C. There should be a backdoor installed on the network.
D. An attacker should know the IP address of a host located behind the firewall.
Answer: A,B,D
Question #2 (Topic: Topic 1)
Each correct answer represents a complete solution. Choose all that apply.
A. WEP
B. WPA2
C. WPA
D. WEP2
Answer: B,C
Question #3 (Topic: Topic 1)
Which of the following OSI layers is responsible for protocol conversion, data
encryption/decryption, and data compression?
encryption/decryption, and data compression?
A. Transport layer
B. Presentation layer
C. Data-link layer
D. Network layer
Answer: B
Question #4 (Topic: Topic 1)
You are responsible for security at a company that uses a lot of Web applications. You are
most concerned about flaws in those applications allowing some attacker to get into your
network. What method would be best for finding such flaws?
most concerned about flaws in those applications allowing some attacker to get into your
network. What method would be best for finding such flaws?
A. Vulnerability scanning
B. Manual penetration testing
C. Automated penetration testing
D. Code review
Answer: A
Question #5 (Topic: Topic 1)
Which of the following representatives of incident response team takes forensic backups of
the systems that are the focus of the incident?
the systems that are the focus of the incident?
A. Lead investigator
B. Information security representative
C. Technical representative
D. Legal representative
Answer: C
