New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

  1. Home
  2. ECCouncil
  3. ECSA
  4. 412-79 - EC-Council Certified Security Analyst (ECSA)

412-79 Exam Dumps - EC-Council Certified Security Analyst (ECSA)

Go to page:
Question # 9

George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP programs without obtaining approval from the IT department. Few managers are using SFTP program on their computers. Before talking to his boss, George wants to have some proof of their activity.

George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network. What filter should George use in Ethereal?

A.

src port 22 and dst port 22

B.

src port 23 and dst port 23

C.

net port 22

D.

udp port 22 and host 172.16.28.1/24

Full Access
Question # 10

E-mail logs contain which of the following information to help you in your investigation? (Select up to 4)

A.

user account that was used to send the account

B.

attachments sent with the e-mail message

C.

unique message identifier

D.

contents of the e-mail message

E.

date and time the message was sent

Full Access
Question # 11

It takes _____________ mismanaged case/s to ruin your professional reputation as a computer forensics examiner?

A.

by law, three

B.

quite a few

C.

only one

D.

at least two

Full Access
Question # 12

When a file is deleted by Windows Explorer or through the MS-DOS delete command, the operating system inserts _______________ in the first letter position of the filename in the FAT database.

A.

A Capital X

B.

A Blank Space

C.

The Underscore Symbol

D.

The lowercase Greek Letter Sigma (s)

Full Access
Question # 13

What does mactime, an essential part of the coroner‟s toolkit do?

A.

It traverses the file system and produces a listing of all files based on the modification, access and change timestamps

B.

It can recover deleted file space and search it for datA. However, it does not allow the investigator t preview them

C.

The tools scans for i-node information, which is used by other tools in the tool kit

D.

It is tool specific to the MAC OS and forms a core component of the toolkit

Full Access
Question # 14

____________________ is simply the application of Computer Investigation and analysis techniques in the interests of determining potential legal evidence.

A.

Network Forensics

B.

Computer Forensics

C.

Incident Response

D.

Event Reaction

Full Access
Question # 15

An Expert witness give an opinion if:

A.

The Opinion, inferences or conclusions depend on special knowledge, skill or training not within the ordinary experience of lay jurors

B.

To define the issues of the case for determination by the finder of fact

C.

To stimulate discussion between the consulting expert and the expert witness

D.

To deter the witness form expanding the scope of his or her investigation beyond the requirements of the case

Full Access
Question # 16

One way to identify the presence of hidden partitions on a suspect‟s hard drive is to:

A.

Add up the total size of all known partitions and compare it to the total size of the hard drive

B.

Examine the FAT and identify hidden partitions by noting an H in the partition Type field

C.

Examine the LILO and note an H in the partition Type field

D.

It is not possible to have hidden partitions on a hard drive

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps