Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

ECCouncil EC0-479 - EC-Council Certified Security Analyst (ECSA)

ECCouncil EC0-479 Premium Access     Download Demo    
Page: 2 / 7
Total 232 questions

An "idle" system is also referred to as what?

A.

PC not being used

B.

PC not connected to the Internet

C.

Bot

D.

Zombie

What is a good security method to prevent unauthorized users from "tailgating"?

A.

Electronic key systems

B.

Man trap

C.

Pick-resistant locks

D.

Electronic combination locks

After passing her CEH exam, Carol wants to ensure that her network is completely secure. She implements a DMZ, statefull firewall, NAT, IPSEC, and a packet filtering firewall. Since all security measures were taken, none of the hosts on her network can reach the Internet. Why is that?

A.

IPSEC does not work with packet filtering firewalls

B.

NAT does not work with IPSEC

C.

NAT does not work with statefull firewalls

D.

Statefull firewalls do not work with packet filtering firewalls

What is the following command trying to accomplish?

A.

Verify that TCP port 445 is open for the 192.168.0.0 network

B.

Verify that UDP port 445 is open for the 192.168.0.0 network

C.

Verify that UDP port 445 is closed for the 192.168.0.0 network

D.

Verify that NETBIOS is running for the 192.168.0.0 network

In a FAT32 system, a 123 KB file will use how many sectors?

A.

34

B.

246

C.

11

D.

56

Corporate investigations are typically easier than public investigations because:

A.

the users have standard corporate equipment and software

B.

the investigator does not have to get a warrant

C.

the investigator has to get a warrant

D.

the users can load whatever they want on their machines

You are working as an independent computer forensics investigator and receive a call from a systems administrator for a local school system requesting your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer laB. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a simple backup copy of the hard drive in the PC and put it on this drive and requests that you examine that drive for evidence of the suspected images. You inform him that a simple backup copy will not provide deleted files or recover file fragments. What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceedings?

A.

Bit-stream Copy

B.

Robust Copy

C.

Full backup Copy

D.

Incremental Backup Copy

If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?

A.

The system files have been copied by a remote attacker

B.

The system administrator has created an incremental backup

C.

The system has been compromised using a t0rnrootkit

D.

Nothing in particular as these can be operational files

Office documents (Word, Excel, PowerPoint) contain a code that allows tracking the MAC, or unique identifier, of the machine that created the document. What is that code called?

A.

the Microsoft Virtual Machine Identifier

B.

the Personal Application Protocol

C.

the Globally Unique ID

D.

the Individual ASCII String

During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore you report this evidence. This type of evidence is known as:

A.

Inculpatory evidence

B.

mandatory evidence

C.

exculpatory evidence

D.

Terrible evidence