Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

ECCouncil 412-79 - EC-Council Certified Security Analyst (ECSA)

ECCouncil 412-79 Premium Access     Download Demo    
Page: 2 / 7
Total 232 questions

You are working as a Computer forensics investigator for a corporation on a computer abuse case. You discover evidence that shows the subject of your investigation is also embezzling money from the company. The company CEO and the corporate legal counsel advise you to contact law enforcement and provide them with the evidence that you have founD. The law enforcement officer that responds requests that you put a network sniffer on your network and monitor all traffic to the subjects computer. You inform the officer that you will not be able to comply with that request because doing so would:

A.

Violate your contract

B.

Cause network congestion

C.

Make you an agent of law enforcement

D.

Write information to the subjects hard drive

____________________ is simply the application of Computer Investigation and analysis techniques in the interests of determining potential legal evidence.

A.

Network Forensics

B.

Computer Forensics

C.

Incident Response

D.

Event Reaction

You are employed directly by an attorney to help investigate an alleged sexual harassment case at a large pharmaceutical manufacture. While at the corporate office of the company, the CEO demands to know the status of the investigation. What prevents you from discussing the case with the CEO?

A.

the attorney-work-product rule

B.

Good manners

C.

Trade secrets

D.

ISO 17799

You are working as Computer Forensics investigator and are called by the owner of an accounting firm to investigate possible computer abuse by one of the firms employees. You meet with the owner of the firm and discover that the company has never published a policy stating that they reserve the right to inspect their computing assets at will.

What do you do?

A.

Inform the owner that conducting an investigation without a policy is not a problem because the company is privately owned

B.

Inform the owner that conducting an investigation without a policy is a violation of the 4th amendment

C.

Inform the owner that conducting an investigation without a policy is a violation of the employees expectation of privacy

D.

Inform the owner that conducting an investigation without a policy is not a problem because a policy is only necessary for government agencies

After undergoing an external IT audit, George realizes his network is vulnerable to DDoS attacks. What countermeasures could he take to prevent DDoS attacks?

A.

Enable BGP

B.

Disable BGP

C.

Enable direct broadcasts

D.

Disable direct broadcasts

Julia is a senior security analyst for Berber Consulting group. She is currently working on a contract for a small accounting firm in Florida. They have given her permission to perform social engineering attacks on the company to see if their in-house training did any good. Julia calls the main number for the accounting firm and talks to the receptionist. Julia says that she is an IT technician from the company's main office in Iowa. She states that she needs the receptionist's network username and password to troubleshoot a problem they are having. Julia says that Bill Hammond, the CEO of the company, requested this information. After hearing the name of the CEO, the receptionist gave Julia all the information she asked for.

What principal of social engineering did Julia use?

A.

Reciprocation

B.

Friendship/Liking

C.

Social Validation

D.

Scarcity

What will the following command produce on a website login page?

SELECT email, passwd, login_id, full_name

FROM members

WHERE email = 'someone@somehwere.com'; DROP TABLE members; --'

A.

Inserts the Error! Reference source not found. email address into the members table

B.

Retrieves the password for the first user in the members table

C.

Deletes the entire members table

D.

This command will not produce anything since the syntax is incorrect

You setup SNMP in multiple offices of your company. Your SNMP software manager is not receiving data from other offices like it is for your main office. You suspect that firewall changes are to blame. What ports should you open for SNMP to work through Firewalls (Select 2)

A.

162

B.

160

C.

161

D.

163

As a security analyst you setup a false survey website that will require users to create a username and a strong password. You send the link to all the employees of the company. What information will you be able to gather?

A.

The employees network usernames and passwords

B.

The MAC address of the employees?computers

C.

The IP address of the employees computers

D.

Bank account numbers and the corresponding routing numbers

You just passed your ECSA exam and are about to start your first consulting job running security audits for a financial institution in Los Angeles. The IT manager of the company you will be working for tries to see if you remember your ECSA class. He asks about the methodology you will be using to test the company's network. How would you answer?

A.

IBM Methodology

B.

LPT Methodology

C.

Google Methodology

D.

Microsoft Methodology