최신 EC0-479 무료덤프 - EC-COUNCIL EC-Council Certified Security Analyst(ECSA)

문제1

Software firewalls work at which layer of the OSI model?

A. Network

B. Application

C. Data Link

D. Transport

정답: C

문제2

You should make at least how many bit-stream copies of a suspect drive?

A. 4

B. 1

C. 3

D. 2

정답: D

문제3

You are running known exploits against your network to test for possible vulnerabilities. To test the strength of your virus software, you load a test network to mimic your production network. Your software successfully blocks some simple macro and encrypted viruses. You decide to really test the software by using virus code where the code rewrites itself entirely and the signatures change from child to child, but the functionality stays the same. What type of virus is this that you are testing?

A. Metamorphic

B. Transmorphic

C. Oligomorhic

D. Polymorphic

정답: A

문제4

Bill is the accounting manager for Grummon and Sons LLC in Chicago. On a regular basis, he needs to send PDF documents containing sensitive information through E-mail to his customers. Bill protects the PDF documents with a password and sends them to their intended recipients. Why PDF passwords do not offer maximum protection?

A. PDF passwords are converted to clear text when sent through E-mail

B. PDF passwords are not considered safe by Sarbanes-Oxley

C. PDF passwords can easily be cracked by software brute force tools

D. When sent through E-mail, PDF passwords are stripped from the document completely

정답: C

문제5

What happens when a file is deleted by a Microsoft operating system using the FAT file system?

A. a copy of the file is stored and the original file is erased

B. the file is erased and cannot be recovered

C. only the reference to the file is removed from the FAT

D. the file is erased but can be recovered

정답: C

문제6

E-mail logs contain which of the following information to help you in your investigation? (Select up to 4)

A. attachments sent with the e-mail message

B. date and time the message was sent

C. unique message identifier

D. contents of the e-mail message

E. user account that was used to send the account

정답: B,C,D,E

문제7

You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer data. What method would be most efficient for you to acquire digital evidence from this network?

A. make a bit-stream disk-to-image file

B. make a bit-stream disk-to-disk file

C. create a sparse data copy of a folder or file

D. create a compressed copy of the file with DoubleSpace

정답: A

문제8

Profiling is a forensics technique for analyzing evidence with the goal of identifying the perpetrator from their various activity. After a computer has been compromised by a hacker, which of the following would be most important in forming a profile of the incident?

A. The nature of the attack

B. The vulnerability exploited in the incident

C. The logic, formatting and elegance of the code used in the attack

D. The manufacturer of the system compromised

정답: C

문제9

You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company clients. You have rummaged through their trash and found very little information. You do not want to set off any alarms on their network, so you plan on performing passive footprinting against their Web servers. What tool should you use?

A. Ping sweep

B. Dig

C. Nmap

D. Netcraft

정답: D

문제10

You are the network administrator for a small bank in Dallas, Texas. To ensure network security, you enact a security policy that requires all users to have 14 character passwords. After giving your users 2 weeks notice, you change the Group Policy to force 14 character passwords. A week later you dump the SAM database from the standalone server and run a password-cracking tool against it. Over 99% of the passwords are broken within an hour. Why were these passwords cracked so quickly?

A. Passwords of 14 characters or less are broken up into two 7-character hashes

B. Networks using Active Directory never use SAM databases so the SAM database pulled was empty

C. The passwords that were cracked are local accounts on the Domain Controller

D. A password Group Policy change takes at least 3 weeks to completely replicate throughout a network

정답: A

문제11

You have used a newly released forensic investigation tool, which doesnt meet the Daubert T
est, during a case. The case has ended-up in court. What argument could the defense make to weaken your case?

A. Only the local law enforcement should use the tool

B. You are not certified for using the tool

C. The tool hasnt been tested by the International Standards Organization (ISO)

D. The total has not been reviewed and accepted by your peers

정답: D

문제12

What is a good security method to prevent unauthorized users from "tailgating"?

A. Electronic key systems

B. Pick-resistant locks

C. Electronic combination locks

D. Man trap

정답: D

문제13

An Employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the Employees Computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekenD. You detain the Employee before he leaves the building and recover the floppy disks and secure his computer. Will you be able to break the encryption so that you can verify that that the employee was in possession of the proprietary information?

A. When the Encrypted file was copied to the floppy disk, the EFS private key was also copied to the floppy disk, so you can recover the information.

B. The EFS Revoked Key Agent can be used on the Computer to recover the information

C. EFS uses a 128- bit key that cant be cracked, so you will not be able to recover the information

D. When the encrypted file was copied to the floppy disk, it was automatically unencrypted, so you can recover the information

정답: D

문제14

You are the security analyst working for a private company out of France. Your current assignment is to obtain credit card information from a Swiss bank owned by that company. After initial reconnaissance, you discover that the bank security defenses are very strong and would take too long to penetrate. You decide to get the information by monitoring the traffic between the bank and one of its subsidiaries in London. After monitoring some of the traffic, you see a lot of FTP packets traveling back and forth. You want to sniff the traffic and extract usernames and passwords. What tool could you use to get this information?

A. Airsnort

B. Ettercap

C. Snort

D. RaidSniff

정답: B

문제15

Lance wants to place a honeypot on his network. Which of the following would be your recommendations?

A. It doesnt matter as all replies are faked

B. Use a system that is not directlyinteracing with the router

C. Use a system that has a dynamic addressing on the network

D. Use it on a system in an external DMZ in front of the firewall

정답: A

문제16

What TCP/UDP port does the toolkit program netstat use?

A. Port 7

B. Port 15

C. Port 23

D. Port 69

정답: B

문제17

You are a computer forensics investigator working with local police department and you are called to assist in an investigation of threatening emails. The complainant has printer out 27 email messages from the suspect and gives the printouts to you. You inform her that you will need to examine her computer because you need access to the ______________ in order to track the emails back to the suspect.

A. Firewall log

B. Configuration files

C. Email Header

D. Routing Table

정답: C

최신 EC0-479 무료덤프 - EC-COUNCIL EC-Council Certified Security Analyst(ECSA)

우리와 연락하기

유용한 링크

최신 업데이트