New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

412-79 EC-Council Certified Security Analyst (ECSA) Questions and Answers

Questions 4

When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?

Options:

A.

NIPS

B.

Passive IDS

C.

Progressive IDS

D.

Active IDS

Buy Now
Questions 5

You setup SNMP in multiple offices of your company. Your SNMP software manager is not receiving data from other offices like it is for your main office. You suspect that firewall changes are to blame. What ports should you open for SNMP to work through Firewalls (Select 2)

Options:

A.

162

B.

160

C.

163

D.

161

Buy Now
Questions 6

After undergoing an external IT audit, George realizes his network is vulnerable to DDoS attacks. What countermeasures could he take to prevent DDoS attacks?

Options:

A.

Enable BGP

B.

Disable BGP

C.

Enable direct broadcasts

D.

Disable direct broadcasts

Buy Now
Questions 7

You are running through a series of tests on your network to check for any security vulnerabilities. After normal working hours, you initiate a DoS attack against your external firewall. The firewall quickly freezes up and becomes unusable. You then initiate an FTP connection from an external IP into your internal network. The connection is successful even though you have FTP blocked at the external firewall. What has happened?

Options:

A.

The firewall failed-open

B.

The firewall failed-bypass

C.

The firewall failed-closed

D.

The firewall ACL has been purged

Buy Now
Questions 8

The MD5 program is used to:

Options:

A.

wipe magnetic media before recycling it

B.

make directories on a evidence disk

C.

view graphics files on an evidence drive

D.

verify that a disk is not altered when you examine it

Buy Now
Questions 9

If you come across a sheepdip machine at your client site, what would you infer?

Options:

A.

Asheepdip coordinates several honeypots

B.

Asheepdip computer is another name for a honeypot

C.

Asheepdip computer is used only for virus-checking.

D.

Asheepdip computer defers a denial of service attack

Buy Now
Questions 10

When examining the log files from a Windows IIS Web Server, how often is a new log file created?

Options:

A.

the same log is used at all times

B.

a new log file is created everyday

C.

a new log file is created each week

D.

a new log is created each time the Web Server is started

Buy Now
Questions 11

A law enforcement officer may only search for and seize criminal evidence with _____________, which are facts or circumstances that would lead a reasonable person to believe a crime has been committed or is about to be committed, evidence of the specific crime exists and the evidence of the specific crime exists at the place to be searcheD.

Options:

A.

Mere Suspicion

B.

A preponderance of the evidence

C.

Probable cause

D.

Beyond a reasonable doubt

Buy Now
Questions 12

You are assisting a Department of Defense contract company to become compliant with the stringent security policies set by the DoD. One such strict rule is that firewalls must only allow incoming connections that were first initiated by internal computers. What type of firewall must you implement to abide by this policy?

Options:

A.

Circuit-level proxy firewall

B.

Packet filtering firewall

C.

Application-level proxy firewall

D.

Statefull firewall

Buy Now
Questions 13

Terri works for a security consulting firm that is currently performing a penetration test on First National Bank in Tokyo. Terri's duties include bypassing firewalls and switches to gain access to the network. Terri sends an IP packet to one of the company's switches with ACK bit and the source address of her machine set. What is Terri trying to accomplish by sending this IP packet?

Options:

A.

Poison the switch's MAC address table by flooding it with ACK bits

B.

Enable tunneling feature on the switch

C.

Trick the switch into thinking it already has a session with Terri's computer

D.

Crash the switch with a DoS attack since switches cannot send ACK bits

Buy Now
Questions 14

An "idle" system is also referred to as what?

Options:

A.

PC not being used

B.

PC not connected to the Internet

C.

Bot

D.

Zombie

Buy Now
Questions 15

What should you do when approached by a reporter about a case that you are working on or have worked on?

Options:

A.

Refer the reporter to the attorney that retained you

B.

Say, “no comment”

C.

Answer all the reporters questions as completely as possible

D.

Answer only the questions that help your case

Buy Now
Questions 16

To test your website for vulnerabilities, you type in a quotation mark (? for the username field. After you click Ok, you receive the following error message window:

What can you infer from this error window?

Exhibit:

Options:

A.

SQL injection is not possible

B.

SQL injection is possible

C.

The user for line 3306 in the SQL database has a weak password

D.

The quotation mark (? is a valid username

Buy Now
Questions 17

On Linux/Unix based Web servers, what privilege should the daemon service be run under?

Options:

A.

Guest

B.

You cannot determine what privilege runs the daemon service

C.

Root

D.

Something other than root

Buy Now
Questions 18

A (n) ____________ is one that‟s performed by a computer program rather than the attacker manually performing the steps in the attack sequence.

Options:

A.

blackout attack

B.

automated attack

C.

distributed attack

D.

central processing attack

Buy Now
Questions 19

When examining a file with a Hex Editor, what space does the file header occupy?

Options:

A.

the last several bytes of the file

B.

the first several bytes of the file

C.

none, file headers are contained in the FAT

D.

one byte at the beginning of the file

Buy Now
Questions 20

In General, ______________ Involves the investigation of data that can be retrieved from the hard disk or other disks of a computer by applying scientific methods to retrieve the datA.

Options:

A.

Network Forensics

B.

Data Recovery

C.

Disaster Recovery

D.

Computer Forensics

Buy Now
Questions 21

What does the acronym POST mean as it relates to a PC?

Options:

A.

Primary Operations Short Test

B.

Power On Self Test

C.

Pre Operational Situation Test

D.

Primary Operating System Test

Buy Now
Questions 22

Printing under a Windows Computer normally requires which one of the following files types to be created?

Options:

A.

EME

B.

MEM

C.

EMF

D.

CME

Buy Now
Questions 23

Chris has been called upon to investigate a hacking incident reported by one of his clients. The company suspects the involvement of an insider accomplice in the attack. Upon reaching the incident scene, Chris secures the physical area, records the scene using visual mediA. He shuts the system down by pulling the power plug so that he does not disturb the system in any way. He labels all cables and connectors prior to disconnecting any. What do you think would be the next sequence of events?

Options:

A.

Connect the target media; prepare the system for acquisition; Secure the evidence; Copy the media

B.

Prepare the system for acquisition; Connect the target media; copy the media; Secure the evidence

C.

Connect the target media; Prepare the system for acquisition; Secure the evidence; Copy the media

D.

Secure the evidence; prepare the system for acquisition; Connect the target media; copy the media

Buy Now
Questions 24

This is original file structure database that Microsoft originally designed for floppy disks. It is written to the outermost track of a disk and contains information about each file stored on the drive.

Options:

A.

Master Boot Record (MBR)

B.

Master File Table (MFT)

C.

File Allocation Table (FAT)

D.

Disk Operating System (DOS)

Buy Now
Questions 25

You are working as Computer Forensics investigator and are called by the owner of an accounting firm to investigate possible computer abuse by one of the firms employees. You meet with the owner of the firm and discover that the company has never published a policy stating that they reserve the right to inspect their computing assets at will.

What do you do?

Options:

A.

Inform the owner that conducting an investigation without a policy is not a problem because the company is privately owned

B.

Inform the owner that conducting an investigation without a policy is a violation of the 4th amendment

C.

Inform the owner that conducting an investigation without a policy is a violation of the employees expectation of privacy

D.

Inform the owner that conducting an investigation without a policy is not a problem because a policy is only necessary for government agencies

Buy Now
Questions 26

Why should you note all cable connections for a computer you want to seize as evidence?

Options:

A.

to know what outside connections existed

B.

in case other devices were connected

C.

to know what peripheral devices exist

D.

to know what hardware existed

Buy Now
Questions 27

Microsoft Outlook maintains email messages in a proprietary format in what type of file?

Options:

A.

.email

B.

.mail

C.

.pst

D.

.doc

Buy Now
Questions 28

Office documents (Word, Excel, PowerPoint) contain a code that allows tracking the MAC, or unique identifier, of the machine that created the document. What is that code called?

Options:

A.

the Microsoft Virtual Machine Identifier

B.

the Personal Application Protocol

C.

the Globally Unique ID

D.

the Individual ASCII String

Buy Now
Questions 29

When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?

Options:

A.

a write-blocker

B.

a protocol analyzer

C.

a firewall

D.

a disk editor

Buy Now
Questions 30

You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company clients. You have rummaged through their trash and found very little information. You do not want to set off any alarms on their network, so you plan on performing passive footprinting against their Web servers. What tool should you use?

Options:

A.

Nmap

B.

Netcraft

C.

Ping sweep

D.

Dig

Buy Now
Questions 31

You are the security analyst working for a private company out of France. Your current assignment is to obtain credit card information from a Swiss bank owned by that company. After initial reconnaissance, you discover that the bank security defenses are very strong and would take too long to penetrate. You decide to get the information by monitoring the traffic between the bank and one of its subsidiaries in London. After monitoring some of the traffic, you see a lot of FTP packets traveling back and forth. You want to sniff the traffic and extract usernames and passwords. What tool could you use to get this information?

Options:

A.

RaidSniff

B.

Snort

C.

Ettercap

D.

Airsnort

Buy Now
Questions 32

You have used a newly released forensic investigation tool, which doesn‟t meet the Daubert T

est, during a case. The case has ended-up in court. What argument could the defense make to weaken your case?

Options:

A.

The tool hasn‟t been tested by the International Standards Organization (ISO)

B.

Only the local law enforcement should use the tool

C.

The total has not been reviewed and accepted by your peers

D.

You are not certified for using the tool

Buy Now
Questions 33

With Regard to using an Antivirus scanner during a computer forensics investigation, You should:

Options:

A.

Scan the suspect hard drive before beginning an investigation

B.

Never run a scan on your forensics workstation because it could change your systems configuration

C.

Scan your forensics workstation at intervals of no more than once every five minutes during an investigation

D.

Scan your Forensics workstation before beginning an investigation

Buy Now
Questions 34

During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore you report this evidence. This type of evidence is known as:

Options:

A.

Inculpatory evidence

B.

mandatory evidence

C.

exculpatory evidence

D.

Terrible evidence

Buy Now
Exam Code: 412-79
Exam Name: EC-Council Certified Security Analyst (ECSA)
Last Update: Dec 26, 2024
Questions: 203
412-79 pdf

412-79 PDF

$25.5  $84.99
412-79 Engine

412-79 Testing Engine

$30  $99.99
412-79 PDF + Engine

412-79 PDF + Testing Engine

$40.5  $134.99