EC0-479 by EC-COUNCIL Actual Free Exam Questions And Answers

Question 1

What operating system would respond to the following command?

A. Windows XP

B. Windows 95

C. FreeBSD

D. Mac OS X

Discussion 0

Correct Answer: C Vote an answer

Question 2

You work as a penetration tester for Hammond Security Consultants. You are currently working on a contract for the state government of California. Your next step is to initiate a DoS attack on their network. Why would you want to initiate a DoS attack on a system you are testing?

A. List weak points on their network

B. Show outdated equipment so it can be replaced

C. Use attack as a launching point to penetrate deeper into the network

D. Demonstrate that no system can be protected against DoS attacks

Discussion 0

Correct Answer: A Vote an answer

Question 3

What is the name of the Standard Linux Command that is also available as windows application that can be used to create bit-stream images?

A. image

B. mcopy

C. dd

D. MD5

Discussion 0

Correct Answer: C Vote an answer

Question 4

You have been asked to investigate after a user has reported a threatening e-mail they have received from an external source. Which of the following are you most interested in when trying to trace the source of the message?

A. The Host Domain Name

B. The SMTP reply Address

C. The E-mail Header

D. The X509 Address

Discussion 0

Correct Answer: C Vote an answer

Question 5

What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever the course of its lifetime?

A. forensic duplication of hard drive

B. analysis of volatile data

C. review of SIDs in the Registry

D. comparison of MD5 checksums

Discussion 0

Correct Answer: C Vote an answer

Question 6

To preserve digital evidence, an investigator should ____________________

A. Make tow copies of each evidence item using a single imaging tool

B. Make two copies of each evidence item using different imaging tools

C. Only store the original evidence item

D. Make a single copy of each evidence item using an approved imaging tool

Discussion 0

Correct Answer: B Vote an answer

Question 7

The police believe that Mevin Mattew has been obtaining unauthorized access to computers belonging to numerous computer software and computer operating systems manufacturers, cellular telephone manufacturers, Internet Service Providers and Educational Institutions. They also suspect that he has been stealing, copying and misappropriating proprietary computer software belonging to the several victim companies. What is preventing the police from breaking down the suspects door and searching his home and seizing all of his computer equipment if they have not yet obtained a warrant?

A. The USA patriot Act

B. The Good Samaritan Laws

C. The Fourth Amendment

D. The Federal Rules of Evidence

Discussion 0

Correct Answer: C Vote an answer

Question 8

How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?

A. 32

B. 128

C. 64

D. 16

Discussion 0

Correct Answer: A Vote an answer

Question 9

When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?

A. a protocol analyzer

B. a firewall

C. a write-blocker

D. a disk editor

Discussion 0

Correct Answer: C Vote an answer

Question 10

What should you do when approached by a reporter about a case that you are working on or have worked on?

A. Answer all the reporters questions as completely as possible

B. Answer only the questions that help your case

C. Say, "no comment"

D. Refer the reporter to the attorney that retained you

Discussion 0

Correct Answer: D Vote an answer

Question 11

In a forensic examination of hard drives for digital evidence, what type of user is most likely to have the most file slack to analyze?

A. one who uses dynamic swap file capability

B. one who has NTFS 4 or 5 partitions

C. one who uses hard disk writes on IRQ 13 and 21

D. one who has lots of allocation units per block or cluster

Discussion 0

Correct Answer: D Vote an answer

Question 12

What type of file is represented by a colon (:) with a name following it in the Master File Table of NTFS disk?

A. A compressed file

B. A reserved file

C. An encrypted file

D. A Data stream file

Discussion 0

Correct Answer: D Vote an answer

Question 13

Melanie was newly assigned to an investigation and asked to make a copy of all the evidence from the compromised system. Melanie did a DOS copy of all the files on the system. What would be the primary reason for you to recommend a disk imaging tool?

A. There is no case for an imaging tool as it will use a closed, proprietary format that if compared to the original will not match up sector for sector

B. A disk imaging tool would check for CRC32s for internal self checking and validation and have MD5 checksum

C. A simple DOS copy will not include deleted files, file slack and other information

D. Evidence file format will contain case data entered by the examiner and encrypted at the beginning of the evidence file

Discussion 0

Correct Answer: C Vote an answer

EC-COUNCIL EC-Council Certified Security Analyst(ECSA) - EC0-479 Exam Practice Test

Contact Us

Useful Links

Latest Updated