New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

EC0-479 EC-Council Certified Security Analyst (ECSA) Questions and Answers

Questions 4

Julia is a senior security analyst for Berber Consulting group. She is currently working on a contract for a small accounting firm in Florida. They have given her permission to perform social engineering attacks on the company to see if their in-house training did any good. Julia calls the main number for the accounting firm and talks to the receptionist. Julia says that she is an IT technician from the company's main office in Iowa. She states that she needs the receptionist's network username and password to troubleshoot a problem they are having. Julia says that Bill Hammond, the CEO of the company, requested this information. After hearing the name of the CEO, the receptionist gave Julia all the information she asked for.

What principal of social engineering did Julia use?

Options:

A.

Reciprocation

B.

Friendship/Liking

C.

Social Validation

D.

Scarcity

Buy Now
Questions 5

Meyer Electronics Systems just recently had a number of laptops stolen out of their office. On these laptops contained sensitive corporate information regarding patents and company strategies. A month after the laptops were stolen, a competing company was found to have just developed products that almost exactly duplicated products that Meyer produces. What could have prevented this information from being stolen from the laptops?

Options:

A.

SDW Encryption

B.

EFS Encryption

C.

DFS Encryption

D.

IPS Encryption

Buy Now
Questions 6

You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud by printing cheques that have not been authorizeD. You have exhaustively searched all data files on a bitmap image of the target computer, but have found no evidence. You suspect the files may not have been saveD. What should you examine next in this case?

Options:

A.

The registry

B.

Theswapfile

C.

The recycle bin

D.

The metadata

Buy Now
Questions 7

Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM file on a computer. Where should Harold navigate on the computer to find the file?

Options:

A.

%systemroot%\LSA

B.

%systemroot%\repair

C.

%systemroot%\system32\drivers\etc

D.

%systemroot%\system32\LSA

Buy Now
Questions 8

During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore you report this evidence. This type of evidence is known as:

Options:

A.

Inculpatory evidence

B.

mandatory evidence

C.

exculpatory evidence

D.

Terrible evidence

Buy Now
Questions 9

What TCP/UDP port does the toolkit program netstat use?

Options:

A.

Port 7

B.

Port 15

C.

Port 23

D.

Port 69

Buy Now
Questions 10

What header field in the TCP/IP protocol stack involves the hacker exploit known as the Ping of Death?

Options:

A.

ICMP header field

B.

TCP header field

C.

IP header field

D.

UDP header field

Buy Now
Questions 11

In a FAT32 system, a 123 KB file will use how many sectors?

Options:

A.

34

B.

246

C.

11

D.

56

Buy Now
Questions 12

Which of the following should a computer forensics lab used for investigations have?

Options:

A.

isolation

B.

restricted access

C.

open access

D.

an entry log

Buy Now
Questions 13

E-mail logs contain which of the following information to help you in your investigation? (Select up to 4)

Options:

A.

user account that was used to send the account

B.

attachments sent with the e-mail message

C.

unique message identifier

D.

contents of the e-mail message

E.

date and time the message was sent

Buy Now
Questions 14

In conducting a computer abuse investigation you become aware that the suspect of the investigation is using ABC Company as his Internet Service Provider (ISP). You contact ISP and request that they provide you assistance with your investigation. What assistance can the ISP provide?

Options:

A.

The ISP can investigate anyone using their service and can provide you with assistance

B.

The ISP can investigate computer abuse committed by their employees, but must preserve the privacy of their customers and therefore cannot assist you without a warrant

C.

The ISP can‟t conduct any type of investigations on anyone and therefore can‟t assist you

D.

ISP‟s never maintain log files so they would be of no use to your investigation

Buy Now
Questions 15

A suspect is accused of violating the acceptable use of computing resources, as he has visited adult websites and downloaded images. The investigator wants to demonstrate that the suspect did indeed visit these sites. However, the suspect has cleared the search history and emptied the cookie cache. Moreover, he has removed any images he might have downloadeD. What can the investigator do to prove the violation? Choose the most feasible option.

Options:

A.

Image the disk and try to recover deleted files

B.

Seek the help of co-workers who are eye-witnesses

C.

Check the Windows registry for connection data (You may or may not recover)

D.

Approach the websites for evidence

Buy Now
Questions 16

Which part of the Windows Registry contains the user‟s password file?

Options:

A.

HKEY_LOCAL_MACHINE

B.

HKEY_CURRENT_CONFIGURATION

C.

HKEY_USER

D.

HKEY_CURRENT_USER

Buy Now
Questions 17

You are called in to assist the police in an investigation involving a suspected drug dealer. The suspects house was searched by the police after a warrant was obtained and they located a floppy disk in the suspects bedroom. The disk contains several files, but they appear to be password protecteD. What are two common methods used by password cracking software that you can use to obtain the password?

Options:

A.

Limited force and library attack

B.

Brute Force and dictionary Attack

C.

Maximum force and thesaurus Attack

D.

Minimum force and appendix Attack

Buy Now
Questions 18

Paula works as the primary help desk contact for her company.Paula has just received a call from a user reporting that his computer just displayed a Blue Screen of Death screen and he can no longer work.Paula

walks over to the user‟s computer and sees the Blue Screen of Death screen.The user‟s computer is running

Windows XP, but the Blue Screen looks like a familiar one that Paula had seen on Windows 2000 computers periodically. The user said he stepped away from his computer for only 15 minutes and when he got back, the Blue Screen was there.Paula also noticed that the hard drive activity light was flashing, meaning that the computer was processing something.Paula knew this should not be the case since the computer should be completely frozen during a Blue Screen. She checks the network IDS live log entries and notices numerous nmap scan alerts.

What is Paula seeing happen on this computer?

Options:

A.

Paula‟s network was scanned using Floppyscan

B.

There was IRQ conflict in Paula‟s PC

C.

Paula‟s network was scanned using Dumpsec

D.

Tools like Nessus will cause BSOD

Buy Now
Questions 19

When you carve an image, recovering the image depends on which of the following skills?

Options:

A.

Recognizing the pattern of the header content

B.

Recovering the image from a tape backup

C.

Recognizing the pattern of a corrupt file

D.

Recovering the image from the tape backup

Buy Now
Questions 20

What is the advantage in encrypting the communication between the agent and the monitor in an Intrusion Detection System?

Options:

A.

Encryption of agent communications will conceal the presence of the agents

B.

Alerts are sent to the monitor when a potential intrusion is detected

C.

An intruder could intercept and delete data or alerts and the intrusion can go undetected

D.

The monitor will know if counterfeit messages are being generated because they will not be encrypted

Buy Now
Questions 21

____________________ is simply the application of Computer Investigation and analysis techniques in the interests of determining potential legal evidence.

Options:

A.

Network Forensics

B.

Computer Forensics

C.

Incident Response

D.

Event Reaction

Buy Now
Questions 22

A law enforcement officer may only search for and seize criminal evidence with _____________, which are facts or circumstances that would lead a reasonable person to believe a crime has been committed or is about to be committed, evidence of the specific crime exists and the evidence of the specific crime exists at the place to be searcheD.

Options:

A.

Mere Suspicion

B.

A preponderance of the evidence

C.

Probable cause

D.

Beyond a reasonable doubt

Buy Now
Questions 23

What does mactime, an essential part of the coroner‟s toolkit do?

Options:

A.

It traverses the file system and produces a listing of all files based on the modification, access and change timestamps

B.

It can recover deleted file space and search it for datA. However, it does not allow the investigator t preview them

C.

The tools scans for i-node information, which is used by other tools in the tool kit

D.

It is tool specific to the MAC OS and forms a core component of the toolkit

Buy Now
Questions 24

Printing under a Windows Computer normally requires which one of the following files types to be created?

Options:

A.

EME

B.

MEM

C.

EMF

D.

CME

Buy Now
Questions 25

Office Documents (Word, Excel and PowerPoint) contain a code that allows tracking the MAC or unique identifier of the machine that created the document. What is that code called?

Options:

A.

Globally unique ID

B.

Microsoft Virtual Machine Identifier

C.

Personal Application Protocol

D.

Individual ASCII string

Buy Now
Questions 26

Larry is an IT consultant who works for corporations and government agencies. Larry plans on shutting down the city's network using BGP devices and ombies? What type of Penetration Testing is Larry planning to carry out?

Options:

A.

Internal Penetration Testing

B.

Firewall Penetration Testing

C.

DoS Penetration Testing

D.

Router Penetration Testing

Buy Now
Questions 27

You are assisting a Department of Defense contract company to become compliant with the stringent security policies set by the DoD. One such strict rule is that firewalls must only allow incoming connections that were first initiated by internal computers. What type of firewall must you implement to abide by this policy?

Options:

A.

Circuit-level proxy firewall

B.

Packet filtering firewall

C.

Application-level proxy firewall

D.

Statefull firewall

Buy Now
Questions 28

You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company clients. You have rummaged through their trash and found very little information. You do not want to set off any alarms on their network, so you plan on performing passive footprinting against their Web servers. What tool should you use?

Options:

A.

Nmap

B.

Netcraft

C.

Ping sweep

D.

Dig

Buy Now
Questions 29

You are employed directly by an attorney to help investigate an alleged sexual harassment case at a large pharmaceutical manufacture. While at the corporate office of the company, the CEO demands to know the status of the investigation. What prevents you from discussing the case with the CEO?

Options:

A.

the attorney-work-product rule

B.

Good manners

C.

Trade secrets

D.

ISO 17799

Buy Now
Questions 30

You are a security analyst performing reconnaissance on a company you will be carrying out a penetration test for. You conduct a search for IT jobs on Dice.com and find the following information for an open position:

7+ years experience in Windows Server environment

5+ years experience in Exchange 2000/2003 environment

Experience with Cisco Pix Firewall, Linksys 1376 router, Oracle 11i and MYOB v3.4 Accounting software are required MCSA desired,

MCSE, CEH preferred

No Unix/Linux Experience needed

What is this information posted on the job website considered?

Options:

A.

Information vulnerability

B.

Social engineering exploit

C.

Trade secret

D.

Competitive exploit

Buy Now
Questions 31

One way to identify the presence of hidden partitions on a suspect‟s hard drive is to:

Options:

A.

Add up the total size of all known partitions and compare it to the total size of the hard drive

B.

Examine the FAT and identify hidden partitions by noting an H in the partition Type field

C.

Examine the LILO and note an H in the partition Type field

D.

It is not possible to have hidden partitions on a hard drive

Buy Now
Questions 32

If an attacker's computer sends an IPID of 31400 to a zombie computer on an open port in IDLE scanning, what will be the response?

Options:

A.

31401

B.

The zombie will not send a response

C.

31402

D.

31399

Buy Now
Questions 33

An "idle" system is also referred to as what?

Options:

A.

PC not being used

B.

PC not connected to the Internet

C.

Bot

D.

Zombie

Buy Now
Questions 34

Michael works for Kimball Construction Company as senior security analyst. As part of yearly security audit, Michael scans his network for vulnerabilities. Using Nmap, Michael conducts XMAS scan and most of the ports scanned do not give a response. In what state are these ports?

Options:

A.

Filtered

B.

Stealth

C.

Closed

D.

Open

Buy Now
Exam Code: EC0-479
Exam Name: EC-Council Certified Security Analyst (ECSA)
Last Update: Dec 26, 2024
Questions: 232
EC0-479 pdf

EC0-479 PDF

$25.5  $84.99
EC0-479 Engine

EC0-479 Testing Engine

$30  $99.99
EC0-479 PDF + Engine

EC0-479 PDF + Testing Engine

$40.5  $134.99