Massive Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

ECCouncil EC0-479 EC-Council Certified Security Analyst (ECSA) Exam Practice Test

Demo: 34 questions
Total 232 questions

EC-Council Certified Security Analyst (ECSA) Questions and Answers

Question 1

The newer Macintosh Operating System is based on:

Options:

A.

OS/2

B.

BSD Unix

C.

Linux

D.

Microsoft Windows

Question 2

If you come across a sheepdip machine at your client site, what would you infer?

Options:

A.

Asheepdip coordinates several honeypots

B.

Asheepdip computer is another name for a honeypot

C.

Asheepdip computer is used only for virus-checking.

D.

Asheepdip computer defers a denial of service attack

Question 3

What type of file is represented by a colon (:) with a name following it in the Master File Table of NTFS disk?

Options:

A.

A compressed file

B.

A Data stream file

C.

An encrypted file

D.

A reserved file

Question 4

Lance wants to place a honeypot on his network. Which of the following would be your recommendations?

Options:

A.

Use a system that has a dynamic addressing on the network

B.

Use a system that is not directlyinteracing with the router

C.

Use it on a system in an external DMZ in front of the firewall

D.

It doesn‟t matter as all replies are faked

Question 5

Paula works as the primary help desk contact for her company.Paula has just received a call from a user reporting that his computer just displayed a Blue Screen of Death screen and he can no longer work.Paula

walks over to the user‟s computer and sees the Blue Screen of Death screen.The user‟s computer is running

Windows XP, but the Blue Screen looks like a familiar one that Paula had seen on Windows 2000 computers periodically. The user said he stepped away from his computer for only 15 minutes and when he got back, the Blue Screen was there.Paula also noticed that the hard drive activity light was flashing, meaning that the computer was processing something.Paula knew this should not be the case since the computer should be completely frozen during a Blue Screen. She checks the network IDS live log entries and notices numerous nmap scan alerts.

What is Paula seeing happen on this computer?

Options:

A.

Paula‟s network was scanned using Floppyscan

B.

There was IRQ conflict in Paula‟s PC

C.

Paula‟s network was scanned using Dumpsec

D.

Tools like Nessus will cause BSOD

Question 6

What does the acronym POST mean as it relates to a PC?

Options:

A.

Primary Operations Short Test

B.

Power On Self Test

C.

Pre Operational Situation Test

D.

Primary Operating System Test

Question 7

What is the advantage in encrypting the communication between the agent and the monitor in an Intrusion Detection System?

Options:

A.

Encryption of agent communications will conceal the presence of the agents

B.

Alerts are sent to the monitor when a potential intrusion is detected

C.

An intruder could intercept and delete data or alerts and the intrusion can go undetected

D.

The monitor will know if counterfeit messages are being generated because they will not be encrypted

Question 8

The use of warning banners helps a company avoid litigation by overcoming an employees assumed

____________ When connecting to the company‟s intranet, network or Virtual Private Network(VPN) and will allow the company‟s investigators to monitor, search and retrieve information stored within the network.

Options:

A.

Right to work

B.

Right of free speech

C.

Right to Internet Access

D.

Right of Privacy

Question 9

Diskcopy is:

Options:

A.

a utility byAccessData

B.

a standard MS-DOS command

C.

Digital Intelligence utility

D.

dd copying tool

Question 10

What does mactime, an essential part of the coroner‟s toolkit do?

Options:

A.

It traverses the file system and produces a listing of all files based on the modification, access and change timestamps

B.

It can recover deleted file space and search it for datA. However, it does not allow the investigator t preview them

C.

The tools scans for i-node information, which is used by other tools in the tool kit

D.

It is tool specific to the MAC OS and forms a core component of the toolkit

Question 11

A law enforcement officer may only search for and seize criminal evidence with _____________, which are facts or circumstances that would lead a reasonable person to believe a crime has been committed or is about to be committed, evidence of the specific crime exists and the evidence of the specific crime exists at the place to be searcheD.

Options:

A.

Mere Suspicion

B.

A preponderance of the evidence

C.

Probable cause

D.

Beyond a reasonable doubt

Question 12

Printing under a Windows Computer normally requires which one of the following files types to be created?

Options:

A.

EME

B.

MEM

C.

EMF

D.

CME

Question 13

What is the name of the Standard Linux Command that is also available as windows application that can be used to create bit-stream images?

Options:

A.

mcopy

B.

image

C.

MD5

D.

dd

Question 14

One way to identify the presence of hidden partitions on a suspect‟s hard drive is to:

Options:

A.

Add up the total size of all known partitions and compare it to the total size of the hard drive

B.

Examine the FAT and identify hidden partitions by noting an H in the partition Type field

C.

Examine the LILO and note an H in the partition Type field

D.

It is not possible to have hidden partitions on a hard drive

Question 15

You are carrying out the last round of testing for your new website before it goes live. The website has many dynamic pages and connects to a SQL backend that accesses your product inventory in a database. You come across a web security site that recommends inputting the following code into a search field on web pages to check for vulnerabilities:

When you type this and click on search, you receive a pop-up window that says:

"This is a test."

What is the result of this test?

Options:

A.

Your website is vulnerable to CSS

B.

Your website is not vulnerable

C.

Your website is vulnerable to SQL injection

D.

Your website is vulnerable to web bugs

Question 16

You are a security analyst performing a penetration tests for a company in the Midwest. After some initial reconnaissance, you discover the IP addresses of some Cisco routers used by the company. You type in the following URL that includes the IP address of one of the routers:

http://172.168.4.131/level/99/exec/show/config

After typing in this URL, you are presented with the entire configuration file for that router. What have you discovered?

Options:

A.

URL Obfuscation Arbitrary Administrative Access Vulnerability

B.

Cisco IOS Arbitrary Administrative Access Online Vulnerability

C.

HTTP Configuration Arbitrary Administrative Access Vulnerability

D.

HTML Configuration Arbitrary Administrative Access Vulnerability

Question 17

What is kept in the following directory? HKLM\SECURITY\Policy\Secrets

Options:

A.

Service account passwords in plain text

B.

Cached password hashes for the past 20 users

C.

IAS account names and passwords

D.

Local store PKI Kerberos certificates

Question 18

When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?

Options:

A.

NIPS

B.

Passive IDS

C.

Progressive IDS

D.

Active IDS

Question 19

Jessica works as systems administrator for a large electronics firm. She wants to scan her network quickly to detect live hosts by using ICMP ECHO Requests. What type of scan is Jessica going to perform?

Options:

A.

Ping trace

B.

Tracert

C.

Smurf scan

D.

ICMP ping sweep

Question 20

You just passed your ECSA exam and are about to start your first consulting job running security audits for a financial institution in Los Angeles. The IT manager of the company you will be working for tries to see if you remember your ECSA class. He asks about the methodology you will be using to test the company's network. How would you answer?

Options:

A.

IBM Methodology

B.

LPT Methodology

C.

Google Methodology

D.

Microsoft Methodology

Question 21

Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM file on a computer. Where should Harold navigate on the computer to find the file?

Options:

A.

%systemroot%\LSA

B.

%systemroot%\repair

C.

%systemroot%\system32\drivers\etc

D.

%systemroot%\system32\LSA

Question 22

What are the security risks of running a "repair" installation for Windows XP?

Options:

A.

There are no security risks when running the "repair" installation for Windows XP

B.

Pressing Shift+F1 gives the user administrative rights

C.

Pressing Ctrl+F10 gives the user administrative rights

D.

Pressing Shift+F10 gives the user administrative rights

Question 23

What operating system would respond to the following command?

Options:

A.

Mac OS X

B.

Windows XP

C.

Windows 95

D.

FreeBSD

Question 24

George is performing security analysis for Hammond and Sons LLC. He is testing security vulnerabilities of their wireless network. He plans on remaining as "stealthy" as possible during the scan. Why would a scanner like Nessus is not recommended in this situation?

Options:

A.

Nessus is too loud

B.

There are no ways of performing a "stealthy" wireless scan

C.

Nessus cannot perform wireless testing

D.

Nessus is not a network scanner

Question 25

Jessica works as systems administrator for a large electronics firm. She wants to scan her network quickly to detect live hosts by using ICMP ECHO Requests. What type of scan is Jessica going to perform?

Options:

A.

Smurf scan

B.

Tracert

C.

Ping trace

D.

ICMP ping sweep

Question 26

What is the following command trying to accomplish?

Options:

A.

Verify that NETBIOS is running for the 192.168.0.0 network

B.

Verify that TCP port 445 is open for the 192.168.0.0 network

C.

Verify that UDP port 445 is open for the 192.168.0.0 network

D.

Verify that UDP port 445 is closed for the 192.168.0.0 network

Question 27

Michael works for Kimball Construction Company as senior security analyst. As part of yearly security audit, Michael scans his network for vulnerabilities. Using Nmap, Michael conducts XMAS scan and most of the ports scanned do not give a response. In what state are these ports?

Options:

A.

Filtered

B.

Stealth

C.

Closed

D.

Open

Question 28

Harold is a web designer who has completed a website for ghttech.net. As part of the maintenance agreement he signed with the client, Harold is performing research online and seeing how much exposure the site has received so far. Harold navigates to google.com and types in the following search.

link:www.ghttech.net

What will this search produce?

Options:

A.

All sites that link to ghttech.net

B.

Sites that contain the code: link:www.ghttech.net

C.

All sites that ghttech.net links to

D.

All search engines that link to .net domains

Question 29

You are working for a local police department that services a population of 1,000,000 people and you have been given the task of building a computer forensics laB. How many law-enforcement computer investigators should you request to staff the lab?

Options:

A.

8

B.

1

C.

4

D.

2

Question 30

You have used a newly released forensic investigation tool, which doesn‟t meet the Daubert T

est, during a case. The case has ended-up in court. What argument could the defense make to weaken your case?

Options:

A.

The tool hasn‟t been tested by the International Standards Organization (ISO)

B.

Only the local law enforcement should use the tool

C.

The total has not been reviewed and accepted by your peers

D.

You are not certified for using the tool

Question 31

During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore you report this evidence. This type of evidence is known as:

Options:

A.

Inculpatory evidence

B.

mandatory evidence

C.

exculpatory evidence

D.

Terrible evidence

Question 32

What binary coding is used most often for e-mail purposes?

Options:

A.

MIME

B.

Uuencode

C.

IMAP

D.

SMTP

Question 33

You are assisting in the investigation of a possible Web Server Hack. The company who called you stated that customers reported to them that whenever they entered the web address of the company in their browser, what they received was a porno graphic web site. The company checked the web server and nothing appears wrong. When you type in the IP address of the web site in your browser everything appears normal. What is the name of the attack that affects the DNS cache of the name resolution servers, resulting in those servers directing users to the wrong web site?

Options:

A.

ARP Poisoning

B.

DNS Poisoning

C.

HTTP redirect attack

D.

IP Spoofing

Question 34

When conducting computer forensic analysis, you must guard against ______________ So that you remain focused on the primary job and insure that the level of work does not increase beyond what was originally expecteD.

Options:

A.

Hard Drive Failure

B.

Scope Creep

C.

Unauthorized expenses

D.

Overzealous marketing

Demo: 34 questions
Total 232 questions