Pre-Winter Special Sale - Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 575363r9

Welcome To DumpsPedia

412-79 Sample Questions Answers

Questions 4

Kyle is performing the final testing of an application he developed for the accounting department. His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following command. What is he testing at this point?

#include

#include

int main(int argc, char *argv[])

{

char buffer[10];

if (argc < 2)

{

fprintf(stderr, "USAGE: %s string\n", argv[0]);

return 1;

}

strcpy(buffer, argv[1]);

return 0;

}

Options:

A.

Buffer overflow

B.

Format string bug

C.

Kernal injection

D.

SQL injection

Buy Now
Questions 5

John is using Firewalk to test the security of his Cisco PIX firewall. He is also utilizing a sniffer located on a subnet that resides deep inside his network. After analyzing the sniffer log files, he does not see any of the traffic produced by Firewalk. Why is that?

Options:

A.

Firewalk sets all packets with a TTL of zero

B.

Firewalk cannot pass through Cisco firewalls

C.

Firewalk sets all packets with a TTL of one

D.

Firewalk cannot be detected by network sniffers

Buy Now
Questions 6

After passively scanning the network of Department of Defense (DoD), you switch over to active scanning to identify live hosts on their network. DoD is a lage organization and should respond to any number of scans. You start an ICMP ping sweep by sending an IP packet to the broadcast address. Only five hosts responds to your ICMP pings; definitely not the number of hosts you were expecting. Why did this ping sweep only produce a few responses?

Options:

A.

A switched network will not respond to packets sent to the broadcast address

B.

Only IBM AS/400 will reply to this scan

C.

Only Unix and Unix-like systems will reply to this scan

D.

Only Windows systems will reply to this scan

Buy Now
Questions 7

You setup SNMP in multiple offices of your company. Your SNMP software manager is not receiving data from other offices like it is for your main office. You suspect that firewall changes are to blame. What ports should you open for SNMP to work through Firewalls (Select 2)

Options:

A.

162

B.

160

C.

163

D.

161

Buy Now
Questions 8

How many possible sequence number combinations are there in TCP/IP protocol?

Options:

A.

320 billion

B.

32 million

C.

4 billion

D.

1 billion

Buy Now
Questions 9

Software firewalls work at which layer of the OSI model?

Options:

A.

Transport

B.

Application

C.

Network

D.

Data Link

Buy Now
Questions 10

You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company's clients. You have rummaged through their trash and found very little information. You do not want to set off any alarms on their network, so you plan on performing passive footprinting against their Web servers. What tool should you use?

Options:

A.

Ping sweep

B.

Netcraft

C.

Dig

D.

Nmap

Buy Now
Questions 11

Software firewalls work at which layer of the OSI model?

Options:

A.

Data Link

B.

Network

C.

Transport

D.

Application

Buy Now
Questions 12

After passing her CEH exam, Carol wants to ensure that her network is completely secure. She implements a DMZ, statefull firewall, NAT, IPSEC, and a packet filtering firewall. Since all security measures were taken, none of the hosts on her network can reach the Internet. Why is that?

Options:

A.

Statefull firewalls do not work with packet filtering firewalls

B.

NAT does not work with statefull firewalls

C.

NAT does not work with IPSEC

D.

IPSEC does not work with packet filtering firewalls

Buy Now
Questions 13

What will the following URL produce in an unpatched IIS Web Server? http://www.thetargetsite.com/scripts/..%co%af../..%co%af../windows/system32/cmd.exe?/c+dir+c:\

Options:

A.

Execute a buffer flow in the C: drive of the web server

B.

Insert a Trojan horse into the C: drive of the web server

C.

Directory listing of the C:\windows\system32 folder on the web server

D.

Directory listing of C: drive on the web server

Buy Now
Questions 14

You are a security analyst performing a penetration tests for a company in the Midwest. After some initial reconnaissance, you discover the IP addresses of some Cisco routers used by the company. You type in the following URL that includes the IP address of one of the routers:

http://172.168.4.131/level/99/exec/show/config

After typing in this URL, you are presented with the entire configuration file for that router. What have you discovered?

Options:

A.

URL Obfuscation Arbitrary Administrative Access Vulnerability

B.

Cisco IOS Arbitrary Administrative Access Online Vulnerability

C.

HTTP Configuration Arbitrary Administrative Access Vulnerability

D.

HTML Configuration Arbitrary Administrative Access Vulnerability

Buy Now
Questions 15

James is testing the ability of his routers to withstand DoS attacks. James sends ICMP ECHO requests to the broadcast address of his network. What type of DoS attack is James testing against his network?

Options:

A.

Fraggle

B.

SYN flood

C.

Trinoo

D.

Smurf

Buy Now
Questions 16

You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?

Options:

A.

0:1000, 150

B.

0:1709, 150

C.

1:1709, 150

D.

0:1709-1858

Buy Now
Questions 17

It takes _____________ mismanaged case/s to ruin your professional reputation as a computer forensics examiner?

Options:

A.

by law, three

B.

quite a few

C.

only one

D.

at least two

Buy Now
Questions 18

A (n) ____________ is one that‟s performed by a computer program rather than the attacker manually performing the steps in the attack sequence.

Options:

A.

blackout attack

B.

automated attack

C.

distributed attack

D.

central processing attack

Buy Now
Questions 19

What type of attack occurs when an attacker can force a router to stop forwarding packets by flooding the router with many open connections simultaneously so that all the hosts behind the router are effectively disabled?

Options:

A.

digital attack

B.

denial of service

C.

physical attack

D.

ARP redirect

Buy Now
Questions 20

When reviewing web logs, you see an entry for resource not found in the HTTP status code fileD. What is the actual error code that you would see in the log for resource not found?

Options:

A.

202

B.

404

C.

505

D.

909

Buy Now
Questions 21

What is the advantage in encrypting the communication between the agent and the monitor in an Intrusion Detection System?

Options:

A.

Encryption of agent communications will conceal the presence of the agents

B.

Alerts are sent to the monitor when a potential intrusion is detected

C.

An intruder could intercept and delete data or alerts and the intrusion can go undetected

D.

The monitor will know if counterfeit messages are being generated because they will not be encrypted

Buy Now
Questions 22

E-mail logs contain which of the following information to help you in your investigation? (Select up to 4)

Options:

A.

user account that was used to send the account

B.

attachments sent with the e-mail message

C.

unique message identifier

D.

contents of the e-mail message

E.

date and time the message was sent

Buy Now
Questions 23

While working for a prosecutor, What do you think you should do if the evidence you found appears to be exculpatory and is not being released to the defense ?

Options:

A.

Keep the information of file for later review

B.

Destroy the evidence

C.

Bring the information to the attention of the prosecutor, his or her supervisor or finally to the judge

D.

Present the evidence to the defense attorney

Buy Now
Questions 24

What happens when a file is deleted by a Microsoft operating system using the FAT file system?

Options:

A.

only the reference to the file is removed from the FAT

B.

the file is erased and cannot be recovered

C.

a copy of the file is stored and the original file is erased

D.

the file is erased but can be recovered

Buy Now
Questions 25

What type of file is represented by a colon (:) with a name following it in the Master File Table of NTFS disk?

Options:

A.

A compressed file

B.

A Data stream file

C.

An encrypted file

D.

A reserved file

Buy Now
Questions 26

An Employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the Employees Computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekenD. You detain the Employee before he leaves the building and recover the floppy disks and secure his computer. Will you be able to break the encryption so that you can verify that that the employee was in possession of the proprietary information?

Options:

A.

EFS uses a 128- bit key that can‟t be cracked, so you will not be able to recover the information

B.

When the encrypted file was copied to the floppy disk, it was automatically unencrypted, so you can recover the information

C.

The EFS Revoked Key Agent can be used on the Computer to recover the information

D.

When the Encrypted file was copied to the floppy disk, the EFS private key was also copied to the floppy disk, so you can recover the information.

Buy Now
Questions 27

A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker . Given below is an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by studying the log. Please note that you are required to infer only what is explicit in the excerpt. (Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.) 03/15-20:21:24.107053 211.185.125.124:3500 -> 172.16.1.108:111 TCP TTL:43 TOS:0×0 ID:29726 IpLen:20 DgmLen:52 DF ***A**** Seq: 0x9B6338C5 Ack: 0x5820ADD0 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 23678634 2878772 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

03/15-20:21:24.452051 211.185.125.124:789 -> 172.16.1.103:111 UDP TTL:43 TOS:0×0 ID:29733 IpLen:20 DgmLen:84 Len: 64

01 0A 8A 0A 00 00 00 00 00 00 00 02 00 01 86 A0 ……………. 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 00 ……………. 00 00 00 00 00 00 00 00 00 01 86 B8 00 00 00 01 …………….

00 00 00 11 00 00 00 00 ……..

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

03/15-20:21:24.730436 211.185.125.124:790 -> 172.16.1.103:32773 UDP TTL:43 TOS:0×0 ID:29781 IpLen:20 DgmLen:1104 Len: 1084 47 F7 9F 63 00 00 00 00 00 00 00 02 00 01 86 B8

Options:

A.

The attacker has conducted a network sweep on port 111

B.

The attacker has scanned and exploited the system using Buffer Overflow

C.

The attacker has used a Trojan on port 32773

D.

The attacker has installed a backdoor

Buy Now
Questions 28

With the standard Linux second extended file system (Ext2fs), a file is deleted when the inode internal link count reaches ________.

Options:

A.

0

B.

10

C.

100

D.

1

Buy Now
Questions 29

Paula works as the primary help desk contact for her company.Paula has just received a call from a user reporting that his computer just displayed a Blue Screen of Death screen and he can no longer work.Paula

walks over to the user‟s computer and sees the Blue Screen of Death screen.The user‟s computer is running

Windows XP, but the Blue Screen looks like a familiar one that Paula had seen on Windows 2000 computers periodically. The user said he stepped away from his computer for only 15 minutes and when he got back, the Blue Screen was there.Paula also noticed that the hard drive activity light was flashing, meaning that the computer was processing something.Paula knew this should not be the case since the computer should be completely frozen during a Blue Screen. She checks the network IDS live log entries and notices numerous nmap scan alerts.

What is Paula seeing happen on this computer?

Options:

A.

Paula‟s network was scanned using Floppyscan

B.

There was IRQ conflict in Paula‟s PC

C.

Paula‟s network was scanned using Dumpsec

D.

Tools like Nessus will cause BSOD

Buy Now
Questions 30

You have used a newly released forensic investigation tool, which doesn‟t meet the Daubert T

est, during a case. The case has ended-up in court. What argument could the defense make to weaken your case?

Options:

A.

The tool hasn‟t been tested by the International Standards Organization (ISO)

B.

Only the local law enforcement should use the tool

C.

The total has not been reviewed and accepted by your peers

D.

You are not certified for using the tool

Buy Now
Questions 31

What term is used to describe a cryptographic technique for embedding information into something else for the sole purpose of hiding that information from the casual observer?

Options:

A.

rootkit

B.

key escrow

C.

steganography

D.

Offset

Buy Now
Questions 32

You are working as an independent computer forensics investigator and receive a call from a systems administrator for a local school system requesting your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer laB. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a simple backup copy of the hard drive in the PC and put it on this drive and requests that you examine that drive for evidence of the suspected images. You inform him that a simple backup copy will not provide deleted files or recover file fragments. What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceedings?

Options:

A.

Bit-stream Copy

B.

Robust Copy

C.

Full backup Copy

D.

Incremental Backup Copy

Buy Now
Questions 33

In conducting a computer abuse investigation you become aware that the suspect of the investigation is using ABC Company as his Internet Service Provider (ISP). You contact ISP and request that they provide you assistance with your investigation. What assistance can the ISP provide?

Options:

A.

The ISP can investigate anyone using their service and can provide you with assistance

B.

The ISP can investigate computer abuse committed by their employees, but must preserve the privacy of their customers and therefore cannot assist you without a warrant

C.

The ISP can‟t conduct any type of investigations on anyone and therefore can‟t assist you

D.

ISP‟s never maintain log files so they would be of no use to your investigation

Buy Now
Questions 34

Area density refers to:

Options:

A.

the amount of data per disk

B.

the amount of data per partition

C.

the amount of data per square inch

D.

the amount of data per platter

Buy Now
Questions 35

When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?

Options:

A.

a write-blocker

B.

a protocol analyzer

C.

a firewall

D.

a disk editor

Buy Now
Questions 36

Law enforcement officers are conducting a legal search for which a valid warrant was obtaineD. While conducting the search, officers observe an item of evidence for an unrelated crime that was not included in the warrant. The item was clearly visible to the officers and immediately identified as evidence. What is the term used to describe how this evidence is admissible?

Options:

A.

Plain view doctrine

B.

Corpus delicti

C.

Locard Exchange Principle

D.

Ex Parte Order

Buy Now
Questions 37

With Regard to using an Antivirus scanner during a computer forensics investigation, You should:

Options:

A.

Scan the suspect hard drive before beginning an investigation

B.

Never run a scan on your forensics workstation because it could change your systems configuration

C.

Scan your forensics workstation at intervals of no more than once every five minutes during an investigation

D.

Scan your Forensics workstation before beginning an investigation

Buy Now
Questions 38

The efforts to obtain information before a trail by demanding documents, depositions, questioned and answers written under oath, written requests for admissions of fact and examination of the scene is a description of what legal term?

Options:

A.

Detection

B.

Hearsay

C.

Spoliation

D.

Discovery

Buy Now
Questions 39

You are called by an author who is writing a book and he wants to know how long the copyright for his book will last after he has the book published?

Options:

A.

70 years

B.

the life of the author

C.

the life of the author plus 70 years

D.

copyrights last forever

Buy Now
Questions 40

From the following spam mail header, identify the host IP that sent this spam? From jie02@netvigator.com jie02@netvigator.com Tue Nov 27 17:27:11 2001 Received: from viruswall.ie.cuhk.edu.hk (viruswall [137.189.96.52]) by eng.ie.cuhk.edu.hk (8.11.6/8.11.6) with ESMTP id fAR9RAP23061 for ; Tue, 27 Nov 2001 17:27:10 +0800 (HKT) Received: from mydomain.com (pcd249020.netvigator.com [203.218.39.20]) by viruswall.ie.cuhk.edu.hk (8.12.1/8.12.1) with SMTP id fAR9QXwZ018431 for ; Tue, 27 Nov 2001 17:26:36 +0800 (HKT) Message-Id: >200111270926.fAR9QXwZ018431@viruswall.ie.cuhk.edu.hk

From: “china hotel web”

To: “Shlam”

Subject: SHANGHAI (HILTON HOTEL) PACKAGE Date: Tue, 27 Nov 2001 17:25:58 +0800 MIME-Version: 1.0 X-Priority: 3 X-MSMail- Priority: Normal Reply-

To: “china hotel web”

Options:

A.

137.189.96.52

B.

8.12.1.0

C.

203.218.39.20

D.

203.218.39.50

Buy Now
Questions 41

In a FAT32 system, a 123 KB file will use how many sectors?

Options:

A.

34

B.

246

C.

11

D.

56

Buy Now
Questions 42

What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever the course of its lifetime?

Options:

A.

forensic duplication of hard drive

B.

analysis of volatile data

C.

comparison of MD5 checksums

D.

review of SIDs in the Registry

Buy Now
Questions 43

After attending a CEH security seminar, you make a list of changes you would like to perform on your network to increase its security. One of the first things you change is to switch the RestrictAnonymous setting from 0 to 1 on your servers. This, as you were told, would prevent anonymous users from establishing a null session on the server. Using Userinfo tool mentioned at the seminar, you succeed in establishing a null session with one of the servers. Why is that?

Options:

A.

RestrictAnonymous must be set to "2" for complete security

B.

RestrictAnonymous must be set to "3" for complete security

C.

There is no way to always prevent an anonymous null session from establishing

D.

RestrictAnonymous must be set to "10" for complete security

Buy Now
Questions 44

Harold is a web designer who has completed a website for ghttech.net. As part of the maintenance agreement he signed with the client, Harold is performing research online and seeing how much exposure the site has received so far. Harold navigates to google.com and types in the following search.

link:www.ghttech.net

What will this search produce?

Options:

A.

All sites that link to ghttech.net

B.

Sites that contain the code: link:www.ghttech.net

C.

All sites that ghttech.net links to

D.

All search engines that link to .net domains

Buy Now
Questions 45

Terri works for a security consulting firm that is currently performing a penetration test on First National Bank in Tokyo. Terri's duties include bypassing firewalls and switches to gain access to the network. Terri sends an IP packet to one of the company's switches with ACK bit and the source address of her machine set. What is Terri trying to accomplish by sending this IP packet?

Options:

A.

Poison the switch's MAC address table by flooding it with ACK bits

B.

Enable tunneling feature on the switch

C.

Trick the switch into thinking it already has a session with Terri's computer

D.

Crash the switch with a DoS attack since switches cannot send ACK bits

Buy Now
Questions 46

What operating system would respond to the following command?

Options:

A.

Mac OS X

B.

Windows XP

C.

Windows 95

D.

FreeBSD

Buy Now
Questions 47

What will the following command accomplish?

Options:

A.

Test ability of a router to handle over-sized packets

B.

Test the ability of a router to handle fragmented packets

C.

Test the ability of a WLAN to handle fragmented packets

D.

Test the ability of a router to handle under-sized packets

Buy Now
Questions 48

Tyler is setting up a wireless network for his business that he runs out of his home. He has followed all the directions from the ISP as well as the wireless router manual. He does not have any encryption set and the SSID is being broadcast. On his laptop, he can pick up the wireless signal for short periods of time, but then the connection drops and the signal goes away. Eventually the wireless signal shows back up, but drops intermittently. What could be Tyler issue with his home wireless network?

Options:

A.

2.4 Ghz Cordless phones

B.

Satellite television

C.

CB radio

D.

Computers on his wired network

Buy Now
Questions 49

To test your website for vulnerabilities, you type in a quotation mark (? for the username field. After you click Ok, you receive the following error message window:

What can you infer from this error window?

Exhibit:

Options:

A.

SQL injection is not possible

B.

SQL injection is possible

C.

The user for line 3306 in the SQL database has a weak password

D.

The quotation mark (? is a valid username

Buy Now
Questions 50

Simon is a former employee of Trinitron XML Inc. He feels he was wrongly terminated and wants to hack into his former company's network. Since Simon remembers some of the server names, he attempts to run the axfr and ixfr commands using DIG. What is Simon trying to accomplish here?

Options:

A.

Perform a zone transfer

B.

Perform DNS poisoning

C.

Send DOS commands to crash the DNS servers

D.

Enumerate all the users in the domain

Buy Now
Questions 51

An "idle" system is also referred to as what?

Options:

A.

PC not being used

B.

PC not connected to the Internet

C.

Bot

D.

Zombie

Buy Now
Questions 52

You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company clients. You have rummaged through their trash and found very little information. You do not want to set off any alarms on their network, so you plan on performing passive footprinting against their Web servers. What tool should you use?

Options:

A.

Nmap

B.

Netcraft

C.

Ping sweep

D.

Dig

Buy Now
Questions 53

When setting up a wireless network with multiple access points, why is it important to set each access point on a different channel?

Options:

A.

Avoid cross talk

B.

Avoid over-saturation of wireless signals

C.

So that the access points will work on different frequencies

D.

Multiple access points can be set up on the same channel without any issues

Buy Now
Questions 54

George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP programs without obtaining approval from the IT department. Few managers are using SFTP program on their computers. Before talking to his boss, George wants to have some proof of their activity.

George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network. What filter should George use in Ethereal?

Options:

A.

net port 22

B.

udp port 22 and host 172.16.28.1/24

C.

src port 22 and dst port 22

D.

src port 23 and dst port 23

Buy Now
Questions 55

John and Hillary works at the same department in the company. John wants to find out Hillary's network password so he can take a look at her documents on the file server. He enables Lophtcrack program to sniffing mode. John sends Hillary an email with a link to Error! Reference source not found. What information will he be able to gather from this?

Options:

A.

The SID of Hillary's network account

B.

The network shares that Hillary has permissions

C.

The SAM file from Hillary's computer

D.

Hillary's network username and password hash

Buy Now
Questions 56

You work as a penetration tester for Hammond Security Consultants. You are currently working on a contract for the state government of California. Your next step is to initiate a DoS attack on their network. Why would you want to initiate a DoS attack on a system you are testing?

Options:

A.

Use attack as a launching point to penetrate deeper into the network

B.

Demonstrate that no system can be protected against DoS attacks

C.

List weak points on their network

D.

Show outdated equipment so it can be replaced

Buy Now
Questions 57

Printing under a Windows Computer normally requires which one of the following files types to be created?

Options:

A.

EME

B.

MEM

C.

EMF

D.

CME

Buy Now
Questions 58

Profiling is a forensics technique for analyzing evidence with the goal of identifying the perpetrator from their various activity. After a computer has been compromised by a hacker, which of the following would be most important in forming a profile of the incident?

Options:

A.

The manufacturer of the system compromised

B.

The logic, formatting and elegance of the code used in the attack

C.

The nature of the attack

D.

The vulnerability exploited in the incident

Buy Now
Questions 59

An Expert witness give an opinion if:

Options:

A.

The Opinion, inferences or conclusions depend on special knowledge, skill or training not within the ordinary experience of lay jurors

B.

To define the issues of the case for determination by the finder of fact

C.

To stimulate discussion between the consulting expert and the expert witness

D.

To deter the witness form expanding the scope of his or her investigation beyond the requirements of the case

Buy Now
Questions 60

This is original file structure database that Microsoft originally designed for floppy disks. It is written to the outermost track of a disk and contains information about each file stored on the drive.

Options:

A.

Master Boot Record (MBR)

B.

Master File Table (MFT)

C.

File Allocation Table (FAT)

D.

Disk Operating System (DOS)

Buy Now
Questions 61

What does mactime, an essential part of the coroner‟s toolkit do?

Options:

A.

It traverses the file system and produces a listing of all files based on the modification, access and change timestamps

B.

It can recover deleted file space and search it for datA. However, it does not allow the investigator t preview them

C.

The tools scans for i-node information, which is used by other tools in the tool kit

D.

It is tool specific to the MAC OS and forms a core component of the toolkit

Buy Now
Questions 62

A state department site was recently attacked and all the servers had their disks eraseD. The incident response team sealed the area and commenced investigation. During evidence collection they came across a zip disks that did not have the standard labeling on it. The incident team ran the disk on an isolated system and found that the system disk was accidentally eraseD. They decided to call in the FBI for further investigation. Meanwhile, they short listed possible suspects including three summer interns. Where did the incident team go wrong?

Options:

A.

They examined the actual evidence on an unrelated system

B.

They attempted to implicate personnel without proof

C.

They tampered with evidence by using it

D.

They called in the FBI without correlating with the fingerprint data

Buy Now
Questions 63

You have completed a forensic investigation case. You would like to destroy the data contained in various disks at the forensics lab due to sensitivity of the case. How would you permanently erase the data on the hard disk?

Options:

A.

Throw the hard disk into the fire

B.

Run the powerful magnets over the hard disk

C.

Format the hard disk multiple times using a low level disk utility

D.

Overwrite the contents of the hard disk with Junk data

Buy Now
Questions 64

The ____________________ refers to handing over the results of private investigations to the authorities because of indications of criminal activity.

Options:

A.

Locard Exchange Principle

B.

Clark Standard

C.

Kelly Policy

D.

Silver-Platter Doctrine

Buy Now
Questions 65

____________________ is simply the application of Computer Investigation and analysis techniques in the interests of determining potential legal evidence.

Options:

A.

Network Forensics

B.

Computer Forensics

C.

Incident Response

D.

Event Reaction

Buy Now
Questions 66

When using Windows acquisitions tools to acquire digital evidence, it is important to use a well- tested hardware write-blocking device to:

Options:

A.

Automate Collection from image files

B.

Avoiding copying data from the boot partition

C.

Acquire data from host-protected area on a disk

D.

Prevent Contamination to the evidence drive

Buy Now
Questions 67

To preserve digital evidence, an investigator should ____________________

Options:

A.

Make tow copies of each evidence item using a single imaging tool

B.

Make a single copy of each evidence item using an approved imaging tool

C.

Make two copies of each evidence item using different imaging tools

D.

Only store the original evidence item

Buy Now
Questions 68

You are employed directly by an attorney to help investigate an alleged sexual harassment case at a large pharmaceutical manufacture. While at the corporate office of the company, the CEO demands to know the status of the investigation. What prevents you from discussing the case with the CEO?

Options:

A.

the attorney-work-product rule

B.

Good manners

C.

Trade secrets

D.

ISO 17799

Buy Now
Questions 69

What is the name of the Standard Linux Command that is also available as windows application that can be used to create bit-stream images?

Options:

A.

mcopy

B.

image

C.

MD5

D.

dd

Buy Now
Exam Code: 412-79
Exam Name: EC-Council Certified Security Analyst (ECSA)
Last Update: Oct 7, 2024
Questions: 232
$64  $159.99
$48  $119.99
$40  $99.99
buy now 412-79