Weekend Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

ECCouncil Updated EC0-479 Exam Questions and Answers by karim

Page: 5 / 8

ECCouncil EC0-479 Exam Overview :

Exam Name: EC-Council Certified Security Analyst (ECSA)
Exam Code: EC0-479 Dumps
Vendor: ECCouncil Certification: ECSA
Questions: 232 Q&A's Shared By: karim
Question 20

What does mactime, an essential part of the coroner‟s toolkit do?

Options:

A.

It traverses the file system and produces a listing of all files based on the modification, access and change timestamps

B.

It can recover deleted file space and search it for datA. However, it does not allow the investigator t preview them

C.

The tools scans for i-node information, which is used by other tools in the tool kit

D.

It is tool specific to the MAC OS and forms a core component of the toolkit

Discussion
Conor
I recently used these dumps for my exam and I must say, I was impressed with their authentic material.
Yunus Sep 13, 2024
Exactly…….The information in the dumps is so authentic and up-to-date. Plus, the questions are very similar to what you'll see on the actual exam. I felt confident going into the exam because I had studied using Cramkey Dumps.
Osian
Dumps are fantastic! I recently passed my certification exam using these dumps and I must say, they are 100% valid.
Azaan Aug 8, 2024
They are incredibly accurate and valid. I felt confident going into my exam because the dumps covered all the important topics and the questions were very similar to what I saw on the actual exam. The team of experts behind Cramkey Dumps make sure the information is relevant and up-to-date.
Reeva
Wow what a success I achieved today. Thank you so much Cramkey for amazing Dumps. All students must try it.
Amari Sep 1, 2024
Wow, that's impressive. I'll definitely keep Cramkey in mind for my next exam.
Syeda
I passed, Thank you Cramkey for your precious Dumps.
Stella Aug 25, 2024
That's great. I think I'll give Cramkey Dumps a try.
Question 21

When investigating a Windows System, it is important to view the contents of the page or swap file because:

Options:

A.

Windows stores all of the systems configuration information in this file

B.

This is file that windows use to communicate directly with Registry

C.

A Large volume of data can exist within the swap file of which the computer user has no knowledge

D.

This is the file that windows use to store the history of the last 100 commands that were run from the command line

Discussion
Question 22

What type of attack occurs when an attacker can force a router to stop forwarding packets by flooding the router with many open connections simultaneously so that all the hosts behind the router are effectively disabled?

Options:

A.

digital attack

B.

denial of service

C.

physical attack

D.

ARP redirect

Discussion
Question 23

A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker . Given below is an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by studying the log. Please note that you are required to infer only what is explicit in the excerpt. (Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.) 03/15-20:21:24.107053 211.185.125.124:3500 -> 172.16.1.108:111 TCP TTL:43 TOS:0×0 ID:29726 IpLen:20 DgmLen:52 DF ***A**** Seq: 0x9B6338C5 Ack: 0x5820ADD0 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 23678634 2878772 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

03/15-20:21:24.452051 211.185.125.124:789 -> 172.16.1.103:111 UDP TTL:43 TOS:0×0 ID:29733 IpLen:20 DgmLen:84 Len: 64

01 0A 8A 0A 00 00 00 00 00 00 00 02 00 01 86 A0 ……………. 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 00 ……………. 00 00 00 00 00 00 00 00 00 01 86 B8 00 00 00 01 …………….

00 00 00 11 00 00 00 00 ……..

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

03/15-20:21:24.730436 211.185.125.124:790 -> 172.16.1.103:32773 UDP TTL:43 TOS:0×0 ID:29781 IpLen:20 DgmLen:1104 Len: 1084 47 F7 9F 63 00 00 00 00 00 00 00 02 00 01 86 B8

Options:

A.

The attacker has conducted a network sweep on port 111

B.

The attacker has scanned and exploited the system using Buffer Overflow

C.

The attacker has used a Trojan on port 32773

D.

The attacker has installed a backdoor

Discussion
Page: 5 / 8

EC0-479
PDF

$36.75  $104.99

EC0-479 Testing Engine

$43.75  $124.99

EC0-479 PDF + Testing Engine

$57.75  $164.99