Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

ECCouncil EC0-479 - EC-Council Certified Security Analyst (ECSA)

ECCouncil EC0-479 Premium Access     Download Demo    
Page: 6 / 7
Total 232 questions

Paula works as the primary help desk contact for her company.Paula has just received a call from a user reporting that his computer just displayed a Blue Screen of Death screen and he can no longer work.Paula

walks over to the user‟s computer and sees the Blue Screen of Death screen.The user‟s computer is running

Windows XP, but the Blue Screen looks like a familiar one that Paula had seen on Windows 2000 computers periodically. The user said he stepped away from his computer for only 15 minutes and when he got back, the Blue Screen was there.Paula also noticed that the hard drive activity light was flashing, meaning that the computer was processing something.Paula knew this should not be the case since the computer should be completely frozen during a Blue Screen. She checks the network IDS live log entries and notices numerous nmap scan alerts.

What is Paula seeing happen on this computer?

A.

Paula‟s network was scanned using Floppyscan

B.

There was IRQ conflict in Paula‟s PC

C.

Paula‟s network was scanned using Dumpsec

D.

Tools like Nessus will cause BSOD

In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?

A.

rules of evidence

B.

law of probability

C.

chain of custody

D.

policy of separation

While working for a prosecutor, What do you think you should do if the evidence you found appears to be exculpatory and is not being released to the defense ?

A.

Keep the information of file for later review

B.

Destroy the evidence

C.

Bring the information to the attention of the prosecutor, his or her supervisor or finally to the judge

D.

Present the evidence to the defense attorney

You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?

A.

0:1000, 150

B.

0:1709, 150

C.

1:1709, 150

D.

0:1709-1858

If you come across a sheepdip machine at your client site, what would you infer?

A.

Asheepdip coordinates several honeypots

B.

Asheepdip computer is another name for a honeypot

C.

Asheepdip computer is used only for virus-checking.

D.

Asheepdip computer defers a denial of service attack

What type of file is represented by a colon (:) with a name following it in the Master File Table of NTFS disk?

A.

A compressed file

B.

A Data stream file

C.

An encrypted file

D.

A reserved file

Jessica works as systems administrator for a large electronics firm. She wants to scan her network quickly to detect live hosts by using ICMP ECHO Requests. What type of scan is Jessica going to perform?

A.

Ping trace

B.

Tracert

C.

Smurf scan

D.

ICMP ping sweep

Julia is a senior security analyst for Berber Consulting group. She is currently working on a contract for a small accounting firm in Florida. They have given her permission to perform social engineering attacks on the company to see if their in-house training did any good. Julia calls the main number for the accounting firm and talks to the receptionist. Julia says that she is an IT technician from the company's main office in Iowa. She states that she needs the receptionist's network username and password to troubleshoot a problem they are having. Julia says that Bill Hammond, the CEO of the company, requested this information. After hearing the name of the CEO, the receptionist gave Julia all the information she asked for.

What principal of social engineering did Julia use?

A.

Reciprocation

B.

Friendship/Liking

C.

Social Validation

D.

Scarcity

What does ICMP Type 3/Code 13 mean?

A.

Host Unreachable

B.

Port Unreachable

C.

Protocol Unreachable

D.

Administratively Blocked

Click on the Exhibit Button

Paulette works for an IT security consulting company that is currently performing an audit for the firm ACE Unlimited. Paulette's duties include logging on to all the company's network equipment to ensure IOS versions are up-to-date and all the other security settings are as stringent as possible. Paulette presents the following screenshot to her boss so he can inform the client about necessary changes need to be made. From the screenshot, what changes should the client company make?

Exhibit:

A.

The banner should not state "only authorized IT personnel may proceed"

B.

Remove any identifying numbers, names, or version information

C.

The banner should have more detail on the version numbers for the network equipment

D.

The banner should include the Cisco tech support contact information as well