Winter Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

412-79 EC-Council Certified Security Analyst (ECSA) Questions and Answers

Questions 4

The police believe that Mevin Mattew has been obtaining unauthorized access to computers belonging to numerous computer software and computer operating systems manufacturers, cellular telephone manufacturers, Internet Service Providers and Educational Institutions. They also suspect that he has been stealing, copying and misappropriating proprietary computer software belonging to the several victim companies. What is preventing the police from breaking down the suspects door and searching his home and seizing all of his computer equipment if they have not yet obtained a warrant?

Options:

A.

The Fourth Amendment

B.

The USA patriot Act

C.

The Good Samaritan Laws

D.

The Federal Rules of Evidence

Buy Now
Questions 5

You setup SNMP in multiple offices of your company. Your SNMP software manager is not receiving data from other offices like it is for your main office. You suspect that firewall changes are to blame. What ports should you open for SNMP to work through Firewalls (Select 2)

Options:

A.

162

B.

160

C.

163

D.

161

Buy Now
Questions 6

Click on the Exhibit Button

Paulette works for an IT security consulting company that is currently performing an audit for the firm ACE Unlimited. Paulette's duties include logging on to all the company's network equipment to ensure IOS versions are up-to-date and all the other security settings are as stringent as possible. Paulette presents the following screenshot to her boss so he can inform the client about necessary changes need to be made. From the screenshot, what changes should the client company make?

Exhibit:

412-79 Question 6

Options:

A.

The banner should not state "only authorized IT personnel may proceed"

B.

Remove any identifying numbers, names, or version information

C.

The banner should have more detail on the version numbers for the network equipment

D.

The banner should include the Cisco tech support contact information as well

Buy Now
Questions 7

You are running through a series of tests on your network to check for any security vulnerabilities. After normal working hours, you initiate a DoS attack against your external firewall. The firewall quickly freezes up and becomes unusable. You then initiate an FTP connection from an external IP into your internal network. The connection is successful even though you have FTP blocked at the external firewall. What has happened?

Options:

A.

The firewall failed-open

B.

The firewall failed-bypass

C.

The firewall failed-closed

D.

The firewall ACL has been purged

Buy Now
Questions 8

What does mactime, an essential part of the coroner‟s toolkit do?

Options:

A.

It traverses the file system and produces a listing of all files based on the modification, access and change timestamps

B.

It can recover deleted file space and search it for datA. However, it does not allow the investigator t preview them

C.

The tools scans for i-node information, which is used by other tools in the tool kit

D.

It is tool specific to the MAC OS and forms a core component of the toolkit

Buy Now
Questions 9

Frank is working on a vulnerability assessment for a company on the West coast. The company hired Frank to assess its network security through scanning, pen tests, and vulnerability assessments. After discovering numerous known vulnerabilities detected by a temporary IDS he set up, he notices a number of items that show up as unknown but questionable in the logs. He looks up the behavior on the Internet, but cannot find anything related. What organization should Frank submit the log to find out if it is a new vulnerability or not?

Options:

A.

RIPE

B.

CVE

C.

IANA

D.

APIPA

Buy Now
Questions 10

You are working in the security Department of law firm. One of the attorneys asks you about the topic of sending fake email because he has a client who has been charged with doing just that. His client alleges that he is innocent and that there is no way for a fake email to actually be sent. You inform the attorney that his client is mistaken and that fake email is possibility and that you can prove it. You return to your desk and craft a fake email to the attorney that appears to come from his boss. What port do you send the email to on the company SMTP server?

Options:

A.

10

B.

25

C.

110

D.

135

Buy Now
Questions 11

Julia is a senior security analyst for Berber Consulting group. She is currently working on a contract for a small accounting firm in Florida. They have given her permission to perform social engineering attacks on the company to see if their in-house training did any good. Julia calls the main number for the accounting firm and talks to the receptionist. Julia says that she is an IT technician from the company's main office in Iowa. She states that she needs the receptionist's network username and password to troubleshoot a problem they are having. Julia says that Bill Hammond, the CEO of the company, requested this information. After hearing the name of the CEO, the receptionist gave Julia all the information she asked for.

What principal of social engineering did Julia use?

Options:

A.

Reciprocation

B.

Friendship/Liking

C.

Social Validation

D.

Scarcity

Buy Now
Questions 12

On Linux/Unix based Web servers, what privilege should the daemon service be run under?

Options:

A.

You cannot determine what privilege runs the daemon service

B.

Guest

C.

Root

D.

Something other than root

Buy Now
Questions 13

What are the security risks of running a "repair" installation for Windows XP?

Options:

A.

Pressing Shift+F10 gives the user administrative rights

B.

Pressing Ctrl+F10 gives the user administrative rights

C.

There are no security risks when running the "repair" installation for Windows XP

D.

Pressing Shift+F1 gives the user administrative rights

Buy Now
Questions 14

You are a security analyst performing reconnaissance on a company you will be carrying out a penetration test for. You conduct a search for IT jobs on Dice.com and find the following information for an open position:

7+ years experience in Windows Server environment

5+ years experience in Exchange 2000/2003 environment

Experience with Cisco Pix Firewall, Linksys 1376 router, Oracle 11i and MYOB v3.4 Accounting software are required MCSA desired,

MCSE, CEH preferred

No Unix/Linux Experience needed

What is this information posted on the job website considered?

Options:

A.

Information vulnerability

B.

Social engineering exploit

C.

Trade secret

D.

Competitive exploit

Buy Now
Questions 15

Why are Linux/Unix based computers better to use than Windows computers for idle scanning?

Options:

A.

Windows computers will not respond to idle scans

B.

Linux/Unix computers are constantly talking

C.

Linux/Unix computers are easier to compromise

D.

Windows computers are constantly talking

Buy Now
Questions 16

John and Hillary works at the same department in the company. John wants to find out Hillary's network password so he can take a look at her documents on the file server. He enables Lophtcrack program to sniffing mode. John sends Hillary an email with a link to Error! Reference source not found. What information will he be able to gather from this?

Options:

A.

The SID of Hillary's network account

B.

The network shares that Hillary has permissions

C.

The SAM file from Hillary's computer

D.

Hillary's network username and password hash

Buy Now
Questions 17

George is performing security analysis for Hammond and Sons LLC. He is testing security vulnerabilities of their wireless network. He plans on remaining as "stealthy" as possible during the scan. Why would a scanner like Nessus is not recommended in this situation?

Options:

A.

Nessus is too loud

B.

There are no ways of performing a "stealthy" wireless scan

C.

Nessus cannot perform wireless testing

D.

Nessus is not a network scanner

Buy Now
Questions 18

To test your website for vulnerabilities, you type in a quotation mark (? for the username field. After you click Ok, you receive the following error message window:

What can you infer from this error window?

Exhibit:

412-79 Question 18

Options:

A.

SQL injection is not possible

B.

SQL injection is possible

C.

The user for line 3306 in the SQL database has a weak password

D.

The quotation mark (? is a valid username

Buy Now
Questions 19

You are working on a thesis for your doctorate degree in Computer Science. Your thesis is based on HTML, DHTML, and other web-based languages and how they have evolved over the years. You navigate to archive.org and view the HTML code of news.com. You then navigate to the current news.com website and copy over the source code. While searching through the code, you come across something abnormal:

What have you found?

Options:

A.

Trojan.downloader

B.

Blind bug

C.

Web bug

D.

CGI code

Buy Now
Questions 20

Which is a standard procedure to perform during all computer forensics investigations?

Options:

A.

with the hard drive removed from the suspect PC, check the date and time in the system‟s CMOS

B.

with the hard drive in the suspect PC, check the date and time in the File Allocation Table

C.

with the hard drive removed from the suspect PC, check the date an d time in the system‟s RAM

D.

with the hard drive in the suspect PC, check the date and time in the system‟s CMOS

Buy Now
Questions 21

You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company clients. You have rummaged through their trash and found very little information. You do not want to set off any alarms on their network, so you plan on performing passive footprinting against their Web servers. What tool should you use?

Options:

A.

Nmap

B.

Netcraft

C.

Ping sweep

D.

Dig

Buy Now
Questions 22

Paula works as the primary help desk contact for her company.Paula has just received a call from a user reporting that his computer just displayed a Blue Screen of Death screen and he can no longer work.Paula

walks over to the user‟s computer and sees the Blue Screen of Death screen.The user‟s computer is running

Windows XP, but the Blue Screen looks like a familiar one that Paula had seen on Windows 2000 computers periodically. The user said he stepped away from his computer for only 15 minutes and when he got back, the Blue Screen was there.Paula also noticed that the hard drive activity light was flashing, meaning that the computer was processing something.Paula knew this should not be the case since the computer should be completely frozen during a Blue Screen. She checks the network IDS live log entries and notices numerous nmap scan alerts.

What is Paula seeing happen on this computer?

Options:

A.

Paula‟s network was scanned using Floppyscan

B.

There was IRQ conflict in Paula‟s PC

C.

Paula‟s network was scanned using Dumpsec

D.

Tools like Nessus will cause BSOD

Buy Now
Questions 23

How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?

Options:

A.

128

B.

64

C.

32

D.

16

Buy Now
Questions 24

From the following spam mail header, identify the host IP that sent this spam? From jie02@netvigator.com jie02@netvigator.com Tue Nov 27 17:27:11 2001 Received: from viruswall.ie.cuhk.edu.hk (viruswall [137.189.96.52]) by eng.ie.cuhk.edu.hk (8.11.6/8.11.6) with ESMTP id fAR9RAP23061 for ; Tue, 27 Nov 2001 17:27:10 +0800 (HKT) Received: from mydomain.com (pcd249020.netvigator.com [203.218.39.20]) by viruswall.ie.cuhk.edu.hk (8.12.1/8.12.1) with SMTP id fAR9QXwZ018431 for ; Tue, 27 Nov 2001 17:26:36 +0800 (HKT) Message-Id: >200111270926.fAR9QXwZ018431@viruswall.ie.cuhk.edu.hk

From: “china hotel web”

To: “Shlam”

Subject: SHANGHAI (HILTON HOTEL) PACKAGE Date: Tue, 27 Nov 2001 17:25:58 +0800 MIME-Version: 1.0 X-Priority: 3 X-MSMail- Priority: Normal Reply-

To: “china hotel web”

Options:

A.

137.189.96.52

B.

8.12.1.0

C.

203.218.39.20

D.

203.218.39.50

Buy Now
Questions 25

If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?

Options:

A.

The system files have been copied by a remote attacker

B.

The system administrator has created an incremental backup

C.

The system has been compromised using a t0rnrootkit

D.

Nothing in particular as these can be operational files

Buy Now
Questions 26

When using Windows acquisitions tools to acquire digital evidence, it is important to use a well- tested hardware write-blocking device to:

Options:

A.

Automate Collection from image files

B.

Avoiding copying data from the boot partition

C.

Acquire data from host-protected area on a disk

D.

Prevent Contamination to the evidence drive

Buy Now
Questions 27

The MD5 program is used to:

Options:

A.

wipe magnetic media before recycling it

B.

make directories on a evidence disk

C.

view graphics files on an evidence drive

D.

verify that a disk is not altered when you examine it

Buy Now
Questions 28

Which legal document allows law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime?

Options:

A.

bench warrant

B.

wire tap

C.

subpoena

D.

search warrant

Buy Now
Questions 29

What happens when a file is deleted by a Microsoft operating system using the FAT file system?

Options:

A.

only the reference to the file is removed from the FAT

B.

the file is erased and cannot be recovered

C.

a copy of the file is stored and the original file is erased

D.

the file is erased but can be recovered

Buy Now
Questions 30

Study the log given below and answer the following question: Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169 Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482 Apr 24 18:01:05 [4663]: IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53 Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 -> 172.16.1.107:21 Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53 Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111 Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80 Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53 Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53 Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by (uid=0) Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506) Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080 Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558 Precautionary measures to prevent this attack would include writing firewall rules. Of these firewall rules,

which among the following would be appropriate?

Options:

A.

Disallow UDP53 in from outside to DNS server

B.

Allow UDP53 in from DNS server to outside

C.

Disallow TCP53 in from secondaries or ISP server to DNS server

D.

Block all UDP traffic

Buy Now
Questions 31

Under which Federal Statutes does FBI investigate for computer crimes involving e-mail scams and mail fraud?

Options:

A.

18 U.S.C. 1029 Possession of Access Devices

B.

18 U.S.C. 1030 Fraud and related activity in connection with computers

C.

18 U.S.C. 1343 Fraud by wire, radio or television

D.

18 U.S.C. 1361 Injury to Government Property

E.

18 U.S.C. 1362 Government communication systems

F.

18 U.S.C. 1832 Trade Secrets Act

Buy Now
Questions 32

You should make at least how many bit-stream copies of a suspect drive?

Options:

A.

1

B.

2

C.

3

D.

4

Buy Now
Questions 33

You have used a newly released forensic investigation tool, which doesn‟t meet the Daubert T

est, during a case. The case has ended-up in court. What argument could the defense make to weaken your case?

Options:

A.

The tool hasn‟t been tested by the International Standards Organization (ISO)

B.

Only the local law enforcement should use the tool

C.

The total has not been reviewed and accepted by your peers

D.

You are not certified for using the tool

Buy Now
Questions 34

You are a computer forensics investigator working with local police department and you are called to assist in an investigation of threatening emails. The complainant has printer out 27 email messages from the suspect and gives the printouts to you. You inform her that you will need to examine her computer because you need access to the ______________ in order to track the emails back to the suspect.

Options:

A.

Routing Table

B.

Firewall log

C.

Configuration files

D.

Email Header

Buy Now
Exam Code: 412-79
Exam Name: EC-Council Certified Security Analyst (ECSA)
Last Update: Dec 4, 2024
Questions: 203

PDF + Testing Engine

$57.75  $164.99

Testing Engine

$43.75  $124.99
buy now 412-79 testing engine

PDF (Q&A)

$36.75  $104.99
buy now 412-79 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 04 Dec 2024