Higher Test Marks with Free Online ECSS Exam Practice

Messy, a network defender, was hired to secure an organization's internal network. He deployed an IDS in

which the detection process depends on observing and comparing the observed events with the normal

behavior and then detecting any deviation from it.

Identify the type of IDS employed by Messy in the above scenario.

Bob, a forensic investigator, is investigating a live Windows system found at a crime scene. In this process,

Bob extracted subkeys containing information such as SAM. Security, and software using an automated tool

called FTK Imager.

Which of the following Windows Registry hives' subkeys provide the above information to Bob?

Bob, a forensic investigator, was instructed to review a Windows machine and identify any anonymous

activities performed using it. In this process. Bob used the command “netstat -ano" to view all the active

connections in the system and determined that the connections established by the Tor browser were closed.

Which of the following states of the connections established by Tor indicates that the Tor browser is closed?

Michael, a forensic expert, was assigned to investigate an incident that involved unauthorized intrusion

attempts. In this process, Michael identified all the open ports on a system and disabled them because these

open ports can allow attackers to install malicious services and compromise the security of the system or

network.

Which of the following commands assisted Michael in identifying open ports in the above scenario?

Identify the backup mechanism that is performed within the organization using external devices such as hard

disks and requires human interaction to perform the backup operations, thus, making it suspect able to theft or

natural disasters.