최신 EC0-479 무료덤프 - EC-COUNCIL EC-Council Certified Security Analyst(ECSA)

문제1

You are assisting in the investigation of a possible Web Server Hack. The company who called you stated that customers reported to them that whenever they entered the web address of the company in their browser, what they received was a porno graphic web site. The company checked the web server and nothing appears wrong. When you type in the IP address of the web site in your browser everything appears normal. What is the name of the attack that affects the DNS cache of the name resolution servers, resulting in those servers directing users to the wrong web site?

A. DNS Poisoning

B. HTTP redirect attack

C. IP Spoofing

D. ARP Poisoning

정답: A

문제2

A suspect is accused of violating the acceptable use of computing resources, as he has visited adult websites and downloaded images. The investigator wants to demonstrate that the suspect did indeed visit these sites. However, the suspect has cleared the search history and emptied the cookie cache. Moreover, he has removed any images he might have downloadeD. What can the investigator do to prove the violation? Choose the most feasible option.

A. Approach the websites for evidence

B. Image the disk and try to recover deleted files

C. Seek the help of co-workers who are eye-witnesses

D. Check the Windows registry for connection data (You may or may not recover)

정답: B

문제3

Jessica works as systems administrator for a large electronics firm. She wants to scan her network quickly to detect live hosts by using ICMP ECHO Requests. What type of scan is Jessica going to perform?

A. ICMP ping sweep

B. Ping trace

C. Smurf scan

D. Tracert

정답: A

문제4

You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud by printing cheques that have not been authorizeD. You have exhaustively searched all data files on a bitmap image of the target computer, but have found no evidence. You suspect the files may not have been saveD. What should you examine next in this case?

A. The registry

B. Theswapfile

C. The recycle bin

D. The metadata

정답: B

문제5

What will the following command produce on a website login page?
SELECT email, passwd, login_id, full_name FROM members WHERE email = '[email protected]'; DROP TABLE members; --'

A. This command will not produce anything since the syntax is incorrect

B. Inserts the Error! Reference source not found. email address into the members table

C. Retrieves the password for the first user in the members table

D. Deletes the entire members table

정답: D

문제6

John is using Firewalk to test the security of his Cisco PIX firewall. He is also utilizing a sniffer located on a subnet that resides deep inside his network. After analyzing the sniffer log files, he does not see any of the traffic produced by Firewalk. Why is that?

A. Firewalk sets all packets with a TTL of zero

B. Firewalk cannot be detected by network sniffers

C. Firewalk sets all packets with a TTL of one

D. Firewalk cannot pass through Cisco firewalls

정답: C

문제7

You just passed your ECSA exam and are about to start your first consulting job running security audits for a financial institution in Los Angeles. The IT manager of the company you will be working for tries to see if you remember your ECSA class. He asks about the methodology you will be using to test the company's network. How would you answer?

A. Microsoft Methodology

B. Google Methodology

C. IBM Methodology

D. LPT Methodology

정답: D

문제8

When investigating a Windows System, it is important to view the contents of the page or swap file because:

A. This is the file that windows use to store the history of the last 100 commands that were run from the command line

B. Windows stores all of the systems configuration information in this file

C. A Large volume of data can exist within the swap file of which the computer user has no knowledge

D. This is file that windows use to communicate directly with Registry

정답: C

문제9

Jim performed a vulnerability analysis on his network and found no potential problems. He runs another utility that executes exploits against his system to verify the results of the vulnerability test. The second utility executes five known exploits against his network in which the vulnerability analysis said were not exploitable. What kind of results did Jim receive from his vulnerability analysis?

A. True negatives

B. True positives

C. False positives

D. False negatives

정답: D

문제10

Law enforcement officers are conducting a legal search for which a valid warrant was obtaineD. While conducting the search, officers observe an item of evidence for an unrelated crime that was not included in the warrant. The item was clearly visible to the officers and immediately identified as evidence. What is the term used to describe how this evidence is admissible?

A. Plain view doctrine

B. Locard Exchange Principle

C. Ex Parte Order

D. Corpus delicti

정답: A

문제11

Sectors in hard disks typically contain how many bytes?

A. 2048

B. 1024

C. 256

D. 512

정답: D

문제12

Jim performed a vulnerability analysis on his network and found no potential problems. He runs another utility that executes exploits against his system to verify the results of the vulnerability test. The second utility executes five known exploits against his network in which the vulnerability analysis said were not exploitable. What kind of results did Jim receive from his vulnerability analysis?

A. True negatives

B. True positives

C. False positives

D. False negatives

정답: D

문제13

Before you are called to testify as an expert, what must an attorney do first?

A. prove that the tools you used to conduct your examination are perfect

B. qualify you as an expert witness

C. engage in damage control

D. read your curriculum vitae to the jury

정답: B

문제14

Which part of the Windows Registry contains the users password file?

A. HKEY_LOCAL_MACHINE

B. HKEY_CURRENT_USER

C. HKEY_USER

D. HKEY_CURRENT_CONFIGURATION

정답: A

문제15

Why are Linux/Unix based computers better to use than Windows computers for idle scanning?

A. Windows computers are constantly talking

B. Windows computers will not respond to idle scans

C. Linux/Unix computers are constantly talking

D. Linux/Unix computers are easier to compromise

정답: A

문제16

In General, ______________ Involves the investigation of data that can be retrieved from the hard disk or other disks of a computer by applying scientific methods to retrieve the datA.

A. Disaster Recovery

B. Network Forensics

C. Data Recovery

D. Computer Forensics

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제17

While working for a prosecutor, What do you think you should do if the evidence you found appears to be exculpatory and is not being released to the defense ?

A. Present the evidence to the defense attorney

B. Bring the information to the attention of the prosecutor, his or her supervisor or finally to the judge

C. Keep the information of file for later review

D. Destroy the evidence

정답: B

문제18

Bill is the accounting manager for Grummon and Sons LLC in Chicago. On a regular basis, he needs to send PDF documents containing sensitive information through E-mail to his customers. Bill protects the PDF documents with a password and sends them to their intended recipients. Why PDF passwords do not offer maximum protection?

A. PDF passwords are converted to clear text when sent through E-mail

B. PDF passwords are not considered safe by Sarbanes-Oxley

C. PDF passwords can easily be cracked by software brute force tools

D. When sent through E-mail, PDF passwords are stripped from the document completely

정답: C

문제19

An "idle" system is also referred to as what?

A. Zombie

B. Bot

C. PC not connected to the Internet

D. PC not being used

정답: A

최신 EC0-479 무료덤프 - EC-COUNCIL EC-Council Certified Security Analyst(ECSA)

우리와 연락하기

유용한 링크

최신 업데이트