EC0-479 Exam Dumps - EC-Council Certified Security Analyst (ECSA)

Go to page:

Question # 4

This is original file structure database that Microsoft originally designed for floppy disks. It is written to the outermost track of a disk and contains information about each file stored on the drive.

Master Boot Record (MBR)

Master File Table (MFT)

File Allocation Table (FAT)

Disk Operating System (DOS)

Full Access

Question # 5

Melanie was newly assigned to an investigation and asked to make a copy of all the evidence from the compromised system. Melanie did a DOS copy of all the files on the system. What would be the primary reason for you to recommend a disk imaging tool?

A disk imaging tool would check for CRC32s for internal self checking and validation and have MD5 checksum

Evidence file format will contain case data entered by the examiner and encrypted at the beginning of the evidence file

A simple DOS copy will not include deleted files, file slack and other information

There is no case for an imaging tool as it will use a closed, proprietary format that if compared to the original will not match up sector for sector

Full Access

Question # 6

In Linux, what is the smallest possible shellcode?

800 bytes

8 bytes

80 bytes

24 bytes

Full Access

Question # 7

What header field in the TCP/IP protocol stack involves the hacker exploit known as the Ping of Death?

ICMP header field

TCP header field

IP header field

UDP header field

Full Access

Question # 8

The efforts to obtain information before a trail by demanding documents, depositions, questioned and answers written under oath, written requests for admissions of fact and examination of the scene is a description of what legal term?

Detection

Hearsay

Spoliation

Discovery

Full Access

Go to page: