ECSS Exam Details

  • Exam Code
    :ECSS
  • Exam Name
    :EC-Council Certified Security Specialist (ECSS) v10
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :337 Q&As
  • Last Updated
    :Jul 08, 2026

EC-COUNCIL ECSS Online Questions & Answers

  • Question 111:

    In which of the following complaint types does a fraudulent transaction take place?

    A. Overpayment Fraud
    B. FBI scams
    C. Auction fraud
    D. Computer damage

  • Question 112:

    Which of the following statutes is enacted in the U.S., which prohibits creditors from collecting data from applicants, such as national origin, caste, religion etc?

    A. The Equal Credit Opportunity Act (ECOA)
    B. The Fair Credit Reporting Act (FCRA)
    C. The Privacy Act
    D. The Electronic Communications Privacy Act

  • Question 113:

    RRD Job World wants to upgrade its network. The company decides to implement a TCP/IP- based network. According to the case study, RRD Job World is concerned about security. Which of the following methods should the on-site employees use to communicate securely with the headquarters?

    (Click the Exhibit button on the toolbar to see the case study.)

    A. Basic (Clear Text) authentication using SSL
    B. DNS security and group policies
    C. L2TP over IPSec
    D. Windows NT Challenge/Response (NTLM) authentication

  • Question 114:

    Victor works as a network administrator for DataSecu Inc. He uses a dual firewall Demilitarized Zone (DMZ) to insulate the rest of the network from the portions that is available to the Internet. Which of the following security threats may occur if DMZ protocol attacks are performed? Each correct answer represents a complete solution. Choose all that apply.

    A. The attacker can exploit any protocol used to go into the internal network or intranet of thecompany.
    B. The attacker can gain access to the Web server in a DMZ and exploit the database.
    C. The attacker can perform a Zero Day attack by delivering a malicious payload that is not a part of the intrusion detection/prevention systems guarding the network.
    D. The attacker managing to break the first firewall defense can access the internal network without breaking the second firewall if it is different.

  • Question 115:

    John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He performs Web vulnerability scanning on the We-are-secure

    server.

    The output of the scanning test is as follows:

    A. The countermeasure to 'printenv' vulnerability is to remove the CGI script.
    B. 'Printenv' vulnerability maintains a log file of user activities on the Website, which may be useful for the attacker.
    C. With the help of 'printenv' vulnerability, an attacker can input specially crafted links and/or other malicious scripts.
    D. This vulnerability helps in a cross site scripting attack.

  • Question 116:

    Which of the following commands is most useful for viewing large files in Linux?

    A. less
    B. cp
    C. touch
    D. cat

  • Question 117:

    Which of the following protocols of the TCP/IP suite is used in the application layer of the OSI model?

    A. DCAP
    B. OSPF
    C. ARP
    D. Telnet

  • Question 118:

    Which of the following agencies is responsible for handling computer crimes in the United States?

    A. The FBI only
    B. The Federal Bureau of Investigation (FBI) and the Secret Service
    C. The Central Intelligence Agency (CIA)
    D. The National Security Agency (NSA)

  • Question 119:

    Which of the following statements are true about session hijacking?

    Each correct answer represents a complete solution. Choose all that apply.

    A. TCP session hijacking is when a hacker takes over a TCP session between two machines.
    B. It is used to slow the working of victim's network resources.
    C. Use of a long random number or string as the session key reduces session hijacking.
    D. It is the exploitation of a valid computer session to gain unauthorized access to informationor services in a computer system.

  • Question 120:

    You work as a Desktop Technician for Umbrella Inc. The company has a Windows-based network.

    You receive an e-mail from the network administrator's e-mail ID asking you to provide your password so that he can make changes to your profile. You suspect that someone is trying to hack your password after you have confirmed that the

    network administrator did not send any such type of e-mail. Which of the following types of attacks have been executed?

    Each correct answer represents a part of the solution. Choose all that apply.

    A. Buffer-overflow attack
    B. Social engineering
    C. Zero-day attack
    D. E-mail spoofing

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your ECSS exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.