March Special Sale - Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 575363r9

Welcome To DumpsPedia

412-79 Sample Questions Answers

Questions 4

An Expert witness give an opinion if:

Options:

A.

The Opinion, inferences or conclusions depend on special knowledge, skill or training not within the ordinary experience of lay jurors

B.

To define the issues of the case for determination by the finder of fact

C.

To stimulate discussion between the consulting expert and the expert witness

D.

To deter the witness form expanding the scope of his or her investigation beyond the requirements of the case

Buy Now
Questions 5

If an attacker's computer sends an IPID of 31400 to a zombie computer on an open port in IDLE scanning, what will be the response?

Options:

A.

31401

B.

The zombie will not send a response

C.

31402

D.

31399

Buy Now
Questions 6

What operating system would respond to the following command?

Options:

A.

Mac OS X

B.

Windows XP

C.

Windows 95

D.

FreeBSD

Buy Now
Questions 7

John is using Firewalk to test the security of his Cisco PIX firewall. He is also utilizing a sniffer located on a subnet that resides deep inside his network. After analyzing the sniffer log files, he does not see any of the traffic produced by Firewalk. Why is that?

Options:

A.

Firewalk sets all packets with a TTL of zero

B.

Firewalk cannot pass through Cisco firewalls

C.

Firewalk sets all packets with a TTL of one

D.

Firewalk cannot be detected by network sniffers

Buy Now
Questions 8

George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP programs without obtaining approval from the IT department. Few managers are using SFTP program on their computers. Before talking to his boss, George wants to have some proof of their activity.

George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network. What filter should George use in Ethereal?

Options:

A.

src port 22 and dst port 22

B.

src port 23 and dst port 23

C.

net port 22

D.

udp port 22 and host 172.16.28.1/24

Buy Now
Questions 9

Jessica works as systems administrator for a large electronics firm. She wants to scan her network quickly to detect live hosts by using ICMP ECHO Requests. What type of scan is Jessica going to perform?

Options:

A.

Ping trace

B.

Tracert

C.

Smurf scan

D.

ICMP ping sweep

Buy Now
Questions 10

On Linux/Unix based Web servers, what privilege should the daemon service be run under?

Options:

A.

You cannot determine what privilege runs the daemon service

B.

Guest

C.

Root

D.

Something other than root

Buy Now
Questions 11

Bill is the accounting manager for Grummon and Sons LLC in Chicago. On a regular basis, he needs to send PDF documents containing sensitive information through E-mail to his customers. Bill protects the PDF documents with a password and sends them to their intended recipients. Why PDF passwords do not offer maximum protection?

Options:

A.

PDF passwords can easily be cracked by software brute force tools

B.

PDF passwords are not considered safe by Sarbanes-Oxley

C.

PDF passwords are converted to clear text when sent through E-mail

D.

When sent through E-mail, PDF passwords are stripped from the document completely

Buy Now
Questions 12

Terri works for a security consulting firm that is currently performing a penetration test on First National Bank in Tokyo. Terri's duties include bypassing firewalls and switches to gain access to the network. Terri sends an IP packet to one of the company's switches with ACK bit and the source address of her machine set. What is Terri trying to accomplish by sending this IP packet?

Options:

A.

Enable tunneling feature on the switch

B.

Trick the switch into thinking it already has a session with Terri's computer

C.

Crash the switch with a DoS attack since switches cannot send ACK bits

D.

Poison the switch's MAC address table by flooding it with ACK bits

Buy Now
Questions 13

Printing under a Windows Computer normally requires which one of the following files types to be created?

Options:

A.

EME

B.

MEM

C.

EMF

D.

CME

Buy Now
Questions 14

You are working as Computer Forensics investigator and are called by the owner of an accounting firm to investigate possible computer abuse by one of the firms employees. You meet with the owner of the firm and discover that the company has never published a policy stating that they reserve the right to inspect their computing assets at will.

What do you do?

Options:

A.

Inform the owner that conducting an investigation without a policy is not a problem because the company is privately owned

B.

Inform the owner that conducting an investigation without a policy is a violation of the 4th amendment

C.

Inform the owner that conducting an investigation without a policy is a violation of the employees expectation of privacy

D.

Inform the owner that conducting an investigation without a policy is not a problem because a policy is only necessary for government agencies

Buy Now
Questions 15

This is original file structure database that Microsoft originally designed for floppy disks. It is written to the outermost track of a disk and contains information about each file stored on the drive.

Options:

A.

Master Boot Record (MBR)

B.

Master File Table (MFT)

C.

File Allocation Table (FAT)

D.

Disk Operating System (DOS)

Buy Now
Questions 16

What does the acronym POST mean as it relates to a PC?

Options:

A.

Primary Operations Short Test

B.

Power On Self Test

C.

Pre Operational Situation Test

D.

Primary Operating System Test

Buy Now
Questions 17

Which of the following refers to the data that might still exist in a cluster even though the original file has been overwritten by another file?

Options:

A.

Sector

B.

Metadata

C.

MFT

D.

Slack Space

Buy Now
Questions 18

Lance wants to place a honeypot on his network. Which of the following would be your recommendations?

Options:

A.

Use a system that has a dynamic addressing on the network

B.

Use a system that is not directlyinteracing with the router

C.

Use it on a system in an external DMZ in front of the firewall

D.

It doesn‟t matter as all replies are faked

Buy Now
Questions 19

When examining a file with a Hex Editor, what space does the file header occupy?

Options:

A.

the last several bytes of the file

B.

the first several bytes of the file

C.

none, file headers are contained in the FAT

D.

one byte at the beginning of the file

Buy Now
Questions 20

You are working for a large clothing manufacturer as a computer forensics investigator and are called in to investigate an unusual case of an employee possibly stealing clothing designs from the company and selling them under a different brand name for a different company. What you discover during the course of the investigation is that the clothing designs are actually original products of the employee and the company has no policy against an employee selling his own designs on his own time. The only thing that you can find that the employee is doing wrong is that his clothing design incorporates the same graphic symbol as that of the company with only the wording in the graphic being different. What area of the law is the employee violating?

Options:

A.

trademark law

B.

copyright law

C.

printright law

D.

brandmark law

Buy Now
Questions 21

In a forensic examination of hard drives for digital evidence, what type of user is most likely to have the most file slack to analyze?

Options:

A.

one who has NTFS 4 or 5 partitions

B.

one who uses dynamic swap file capability

C.

one who uses hard disk writes on IRQ 13 and 21

D.

one who has lots of allocation units per block or cluster

Buy Now
Questions 22

In what way do the procedures for dealing with evidence in a criminal case differ from the procedures for dealing with evidence in a civil case?

Options:

A.

evidence must be handled in the same way regardless of the type of case

B.

evidence procedures are not important unless you work for a law enforcement agency

C.

evidence in a criminal case must be secured more tightly than in a civil case

D.

evidence in a civil case must be secured more tightly than in a criminal case

Buy Now
Questions 23

A suspect is accused of violating the acceptable use of computing resources, as he has visited adult websites and downloaded images. The investigator wants to demonstrate that the suspect did indeed visit these sites. However, the suspect has cleared the search history and emptied the cookie cache. Moreover, he has removed any images he might have downloadeD. What can the investigator do to prove the violation? Choose the most feasible option.

Options:

A.

Image the disk and try to recover deleted files

B.

Seek the help of co-workers who are eye-witnesses

C.

Check the Windows registry for connection data (You may or may not recover)

D.

Approach the websites for evidence

Buy Now
Questions 24

To make sure the evidence you recover and analyze with computer forensics software can be admitted in court, you must test and validate the software. What group is actively providing tools and creating procedures for testing and validating computer forensics software ?

Options:

A.

Computer Forensics Tools and Validation Committee (CFTVC)

B.

Association of Computer Forensics Software Manufactures (ACFSM)

C.

National Institute of Standards and Technology (NIST)

D.

Society for Valid Forensics Tools and Testing (SVFTT)

Buy Now
Questions 25

What term is used to describe a cryptographic technique for embedding information into something else for the sole purpose of hiding that information from the casual observer?

Options:

A.

rootkit

B.

key escrow

C.

steganography

D.

Offset

Buy Now
Questions 26

If you discover a criminal act while investigating a corporate policy abuse, it becomes a public- sector investigation and should be referred to law enforcement?

Options:

A.

true

B.

false

Buy Now
Questions 27

What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever the course of its lifetime?

Options:

A.

forensic duplication of hard drive

B.

analysis of volatile data

C.

comparison of MD5 checksums

D.

review of SIDs in the Registry

Buy Now
Questions 28

During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore you report this evidence. This type of evidence is known as:

Options:

A.

Inculpatory evidence

B.

mandatory evidence

C.

exculpatory evidence

D.

Terrible evidence

Buy Now
Questions 29

Which of the following filesystem is used by Mac OS X?

Options:

A.

EFS

B.

HFS+

C.

EXT2

D.

NFS

Buy Now
Questions 30

Which of the following should a computer forensics lab used for investigations have?

Options:

A.

isolation

B.

restricted access

C.

open access

D.

an entry log

Buy Now
Questions 31

Michael works for Kimball Construction Company as senior security analyst. As part of yearly security audit, Michael scans his network for vulnerabilities. Using Nmap, Michael conducts XMAS scan and most of the ports scanned do not give a response. In what state are these ports?

Options:

A.

Filtered

B.

Stealth

C.

Closed

D.

Open

Buy Now
Questions 32

Harold wants to set up a firewall on his network but is not sure which one would be the most appropriate. He knows he needs to allow FTP traffic to one of the servers on his network, but he wants to only allow FTP-PUT. Which firewall would be most appropriate for Harold? needs?

Options:

A.

Application-level proxy firewall

B.

Data link layer firewall

C.

Packet filtering firewall

D.

Circuit-level proxy firewall

Buy Now
Questions 33

After passing her CEH exam, Carol wants to ensure that her network is completely secure. She implements a DMZ, statefull firewall, NAT, IPSEC, and a packet filtering firewall. Since all security measures were taken, none of the hosts on her network can reach the Internet. Why is that?

Options:

A.

IPSEC does not work with packet filtering firewalls

B.

NAT does not work with IPSEC

C.

NAT does not work with statefull firewalls

D.

Statefull firewalls do not work with packet filtering firewalls

Buy Now
Questions 34

An "idle" system is also referred to as what?

Options:

A.

PC not being used

B.

PC not connected to the Internet

C.

Bot

D.

Zombie

Buy Now
Exam Code: 412-79
Exam Name: EC-Council Certified Security Analyst (ECSA)
Last Update: Mar 22, 2024
Questions: 232
$64  $159.99
$48  $119.99
$40  $99.99
buy now 412-79