March Special Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 2493360325

Good News !!! EC0-479 EC-Council Certified Security Analyst (ECSA) is now Stable and With Pass Result

EC0-479 Practice Exam Questions and Answers

EC-Council Certified Security Analyst (ECSA)

Last Update 1 day ago
Total Questions : 232

EC0-479 is stable now with all latest exam questions are added 1 day ago. Just download our Full package and start your journey with ECCouncil EC-Council Certified Security Analyst (ECSA) certification. All these ECCouncil EC0-479 practice exam questions are real and verified by our Experts in the related industry fields.

EC0-479 PDF

EC0-479 PDF (Printable)
$48
$119.99

EC0-479 Testing Engine

EC0-479 PDF (Printable)
$56
$139.99

EC0-479 PDF + Testing Engine

EC0-479 PDF (Printable)
$70.8
$176.99
Question # 1

Simon is a former employee of Trinitron XML Inc. He feels he was wrongly terminated and wants to hack into his former company's network. Since Simon remembers some of the server names, he attempts to run the axfr and ixfr commands using DI

G.  

What is Simon trying to accomplish here?

Options:

A.  

Perform a zone transfer

B.  

Perform DNS poisoning

C.  

Send DOS commands to crash the DNS servers

D.  

Enumerate all the users in the domain

Discussion 0
Question # 2

You are working on a thesis for your doctorate degree in Computer Science. Your thesis is based on HTML, DHTML, and other web-based languages and how they have evolved over the years. You navigate to archive.org and view the HTML code of news.com. You then navigate to the current news.com website and copy over the source code. While searching through the code, you come across something abnormal:

What have you found?

Options:

A.  

Trojan.downloader

B.  

Blind bug

C.  

Web bug

D.  

CGI code

Discussion 0
Question # 3

You are carrying out the last round of testing for your new website before it goes live. The website has many dynamic pages and connects to a SQL backend that accesses your product inventory in a database. You come across a web security site that recommends inputting the following code into a search field on web pages to check for vulnerabilities:

When you type this and click on search, you receive a pop-up window that says:

"This is a test."

What is the result of this test?

Options:

A.  

Your website is vulnerable to web bugs

B.  

Your website is vulnerable to CSS

C.  

Your website is not vulnerable

D.  

Your website is vulnerable to SQL injection

Discussion 0
Question # 4

You are a security analyst performing reconnaissance on a company you will be carrying out a penetration test for. You conduct a search for IT jobs on Dice.com and find the following information for an open position:

7+ years experience in Windows Server environment

5+ years experience in Exchange 2000/2003 environment

Experience with Cisco Pix Firewall, Linksys 1376 router, Oracle 11i and MYOB v3.4 Accounting software are required MCSA desired,

MCSE, CEH preferred

No Unix/Linux Experience needed

What is this information posted on the job website considered?

Options:

A.  

Information vulnerability

B.  

Social engineering exploit

C.  

Trade secret

D.  

Competitive exploit

Discussion 0
Question # 5

What is the following command trying to accomplish?

Question # 5

Options:

A.  

Verify that NETBIOS is running for the 192.168.0.0 network

B.  

Verify that TCP port 445 is open for the 192.168.0.0 network

C.  

Verify that UDP port 445 is open for the 192.168.0.0 network

D.  

Verify that UDP port 445 is closed for the 192.168.0.0 network

Discussion 0
Question # 6

Harold is a web designer who has completed a website for ghttech.net. As part of the maintenance agreement he signed with the client, Harold is performing research online and seeing how much exposure the site has received so far. Harold navigates to google.com and types in the following search.

link:www.ghttech.net

What will this search produce?

Options:

A.  

All sites that link to ghttech.net

B.  

Sites that contain the code: link:www.ghttech.net

C.  

All sites that ghttech.net links to

D.  

All search engines that link to .net domains

Discussion 0
Question # 7

On Linux/Unix based Web servers, what privilege should the daemon service be run under?

Options:

A.  

Guest

B.  

You cannot determine what privilege runs the daemon service

C.  

Root

D.  

Something other than root

Discussion 0
Question # 8

After passing her CEH exam, Carol wants to ensure that her network is completely secure. She implements a DMZ, statefull firewall, NAT, IPSEC, and a packet filtering firewall. Since all security measures were taken, none of the hosts on her network can reach the Internet. Why is that?

Options:

A.  

Statefull firewalls do not work with packet filtering firewalls

B.  

NAT does not work with statefull firewalls

C.  

NAT does not work with IPSEC

D.  

IPSEC does not work with packet filtering firewalls

Discussion 0
Question # 9

After undergoing an external IT audit, George realizes his network is vulnerable to DDoS attacks. What countermeasures could he take to prevent DDoS attacks?

Options:

A.  

Enable BGP

B.  

Disable BGP

C.  

Enable direct broadcasts

D.  

Disable direct broadcasts

Discussion 0
Question # 10

On Linux/Unix based Web servers, what privilege should the daemon service be run under?

Options:

A.  

You cannot determine what privilege runs the daemon service

B.  

Guest

C.  

Root

D.  

Something other than root

Discussion 0
Question # 11

Software firewalls work at which layer of the OSI model?

Options:

A.  

Transport

B.  

Application

C.  

Network

D.  

Data Link

Discussion 0
Question # 12

What will the following URL produce in an unpatched IIS Web Server? http://www.thetargetsite.com/scripts/..%co%af../..%co%af../windows/system32/cmd.exe?/c+dir+c:\

Options:

A.  

Execute a buffer flow in the C: drive of the web server

B.  

Insert a Trojan horse into the C: drive of the web server

C.  

Directory listing of the C:\windows\system32 folder on the web server

D.  

Directory listing of C: drive on the web server

Discussion 0
Question # 13

At what layer of the OSI model do routers function on?

Options:

A.  

5

B.  

1

C.  

4

D.  

3

Discussion 0
Question # 14

When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?

Options:

A.  

NIPS

B.  

Passive IDS

C.  

Progressive IDS

D.  

Active IDS

Discussion 0
Question # 15

Which legal document allows law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime?

Options:

A.  

bench warrant

B.  

wire tap

C.  

subpoena

D.  

search warrant

Discussion 0
Question # 16

The newer Macintosh Operating System is based on:

Options:

A.  

OS/2

B.  

BSD Unix

C.  

Linux

D.  

Microsoft Windows

Discussion 0
Question # 17

What does the acronym POST mean as it relates to a PC?

Options:

A.  

Primary Operations Short Test

B.  

Power On Self Test

C.  

Pre Operational Situation Test

D.  

Primary Operating System Test

Discussion 0
Question # 18

In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?

Options:

A.  

rules of evidence

B.  

law of probability

C.  

chain of custody

D.  

policy of separation

Discussion 0
Question # 19

If you come across a sheepdip machine at your client site, what would you infer?

Options:

A.  

Asheepdip coordinates several honeypots

B.  

Asheepdip computer is another name for a honeypot

C.  

Asheepdip computer is used only for virus-checking.

D.  

Asheepdip computer defers a denial of service attack

Discussion 0
Question # 20

While working for a prosecutor, What do you think you should do if the evidence you found appears to be exculpatory and is not being released to the defense ?

Options:

A.  

Keep the information of file for later review

B.  

Destroy the evidence

C.  

Bring the information to the attention of the prosecutor, his or her supervisor or finally to the judge

D.  

Present the evidence to the defense attorney

Discussion 0
Question # 21

Paula works as the primary help desk contact for her company.Paula has just received a call from a user reporting that his computer just displayed a Blue Screen of Death screen and he can no longer work.Paula

walks over to the user‟s computer and sees the Blue Screen of Death screen.The user‟s computer is running

Windows XP, but the Blue Screen looks like a familiar one that Paula had seen on Windows 2000 computers periodically. The user said he stepped away from his computer for only 15 minutes and when he got back, the Blue Screen was there.Paula also noticed that the hard drive activity light was flashing, meaning that the computer was processing something.Paula knew this should not be the case since the computer should be completely frozen during a Blue Screen. She checks the network IDS live log entries and notices numerous nmap scan alerts.

What is Paula seeing happen on this computer?

Options:

A.  

Paula‟s network was scanned using Floppyscan

B.  

There was IRQ conflict in Paula‟s PC

C.  

Paula‟s network was scanned using Dumpsec

D.  

Tools like Nessus will cause BSOD

Discussion 0
Question # 22

A law enforcement officer may only search for and seize criminal evidence with _____________, which are facts or circumstances that would lead a reasonable person to believe a crime has been committed or is about to be committed, evidence of the specific crime exists and the evidence of the specific crime exists at the place to be searche

D.  

Options:

A.  

Mere Suspicion

B.  

A preponderance of the evidence

C.  

Probable cause

D.  

Beyond a reasonable doubt

Discussion 0
Question # 23

A state department site was recently attacked and all the servers had their disks erase

D.  

The incident response team sealed the area and commenced investigation. During evidence collection they came across a zip disks that did not have the standard labeling on it. The incident team ran the disk on an isolated system and found that the system disk was accidentally erase

D.  

They decided to call in the FBI for further investigation. Meanwhile, they short listed possible suspects including three summer interns. Where did the incident team go wrong?

Options:

A.  

They examined the actual evidence on an unrelated system

B.  

They attempted to implicate personnel without proof

C.  

They tampered with evidence by using it

D.  

They called in the FBI without correlating with the fingerprint data

Discussion 0
Question # 24

You have been asked to investigate after a user has reported a threatening e-mail they have received from an external source. Which of the following are you most interested in when trying to trace the source of the message?

Options:

A.  

The X509 Address

B.  

The SMTP reply Address

C.  

The E-mail Header

D.  

The Host Domain Name

Discussion 0
Question # 25

What does mactime, an essential part of the coroner‟s toolkit do?

Options:

A.  

It traverses the file system and produces a listing of all files based on the modification, access and change timestamps

B.  

It can recover deleted file space and search it for dat

A.  

However, it does not allow the investigator t preview them

C.  

The tools scans for i-node information, which is used by other tools in the tool kit

D.  

It is tool specific to the MAC OS and forms a core component of the toolkit

Discussion 0
Question # 26

You are working as a Computer forensics investigator for a corporation on a computer abuse case. You discover evidence that shows the subject of your investigation is also embezzling money from the company. The company CEO and the corporate legal counsel advise you to contact law enforcement and provide them with the evidence that you have foun

D.  

The law enforcement officer that responds requests that you put a network sniffer on your network and monitor all traffic to the subjects computer. You inform the officer that you will not be able to comply with that request because doing so would:

Options:

A.  

Violate your contract

B.  

Cause network congestion

C.  

Make you an agent of law enforcement

D.  

Write information to the subjects hard drive

Discussion 0
Question # 27

The police believe that Mevin Mattew has been obtaining unauthorized access to computers belonging to numerous computer software and computer operating systems manufacturers, cellular telephone manufacturers, Internet Service Providers and Educational Institutions. They also suspect that he has been stealing, copying and misappropriating proprietary computer software belonging to the several victim companies. What is preventing the police from breaking down the suspects door and searching his home and seizing all of his computer equipment if they have not yet obtained a warrant?

Options:

A.  

The Fourth Amendment

B.  

The USA patriot Act

C.  

The Good Samaritan Laws

D.  

The Federal Rules of Evidence

Discussion 0
Question # 28

The use of warning banners helps a company avoid litigation by overcoming an employees assumed

____________ When connecting to the company‟s intranet, network or Virtual Private Network(VPN) and will allow the company‟s investigators to monitor, search and retrieve information stored within the network.

Options:

A.  

Right to work

B.  

Right of free speech

C.  

Right to Internet Access

D.  

Right of Privacy

Discussion 0
Question # 29

You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud by printing cheques that have not been authorize

D.  

You have exhaustively searched all data files on a bitmap image of the target computer, but have found no evidence. You suspect the files may not have been save

D.  

What should you examine next in this case?

Options:

A.  

The registry

B.  

Theswapfile

C.  

The recycle bin

D.  

The metadata

Discussion 0
Question # 30

You are assisting in the investigation of a possible Web Server Hack. The company who called you stated that customers reported to them that whenever they entered the web address of the company in their browser, what they received was a porno graphic web site. The company checked the web server and nothing appears wrong. When you type in the IP address of the web site in your browser everything appears normal. What is the name of the attack that affects the DNS cache of the name resolution servers, resulting in those servers directing users to the wrong web site?

Options:

A.  

ARP Poisoning

B.  

DNS Poisoning

C.  

HTTP redirect attack

D.  

IP Spoofing

Discussion 0
Question # 31

When cataloging digital evidence, the primary goal is to:

Options:

A.  

Make bit-stream images of all hard drives

B.  

Preserve evidence integrity

C.  

Not remove the evidence from the scene

D.  

Not allow the computer to be turned off

Discussion 0
Question # 32

How many sectors will a 125 KB file use in a FAT32 file system?

Options:

A.  

32

B.  

16

C.  

250

D.  

25

Discussion 0
Question # 33

What binary coding is used most often for e-mail purposes?

Options:

A.  

MIME

B.  

Uuencode

C.  

IMAP

D.  

SMTP

Discussion 0
Question # 34

Area density refers to:

Options:

A.  

the amount of data per disk

B.  

the amount of data per partition

C.  

the amount of data per square inch

D.  

the amount of data per platter

Discussion 0
Get EC0-479 dumps and pass your exam in 24 hours!

Free Exams Sample Questions