[Free] 2018(Jan) Dumps4cert Braindumps ECCouncil 412-79 Dumps with VCE and PDF 121-130

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 Jan ECCouncil Official New Released 412-79
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4cert.com/412-79.html

EC-Council Certified Security Analyst (ECSA)

Question No: 121 – (Topic 3)

Lance wants to place a honeypot on his network. Which of the following would be your recommendations?

1. Use a system that has a dynamic addressing on the network

2. Use a system that is not directlyinteracing with the router

3. Use it on a system in an external DMZ in front of the firewall

4. It doesnt matter as all replies are faked

Answer: D

Question No: 122 – (Topic 3)

What does the acronym POST mean as it relates to a PC?

1. Primary Operations Short Test

2. Power On Self Test

3. Pre Operational Situation Test

4. Primary Operating System Test

Answer: B

Question No: 123 – (Topic 3)

Paula works as the primary help desk contact for her company.Paula has just received a call from a user reporting that his computer just displayed a Blue Screen of Death screen and he can no longer work.Paula

walks over to the users computer and sees the Blue Screen of Death screen.The users computer is running

Windows XP, but the Blue Screen looks like a familiar one that Paula had seen on Windows 2000 computers periodically. The user said he stepped away from his computer for only 15 minutes and when he got back, the Blue Screen was there.Paula also noticed that the hard drive activity light was flashing, meaning that the computer was processing

something.Paula knew this should not be the case since the computer should be completely frozen during a Blue Screen. She checks the network IDS live log entries and notices numerous nmap scan alerts.

What is Paula seeing happen on this computer?

1. Paulas network was scanned using Floppyscan

2. There was IRQ conflict in Paulas PC

3. Paulas network was scanned using Dumpsec

4. Tools like Nessus will cause BSOD

Answer: A

Question No: 124 – (Topic 3)

What is the advantage in encrypting the communication between the agent and the monitor in an Intrusion Detection System?

1. Encryption of agent communications will conceal the presence of the agents

2. Alerts are sent to the monitor when a potential intrusion is detected

3. An intruder could intercept and delete data or alerts and the intrusion can go undetected

4. The monitor will know if counterfeit messages are being generated because they will not be encrypted

Answer: D

Question No: 125 – (Topic 3)

Which legal document allows law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime?

1. bench warrant

2. wire tap

3. subpoena

4. search warrant

Answer: D

Question No: 126 – (Topic 3)

You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation. Your job is to complete the required evidence custody forms to properly document each piece of evidence as it is collected by other members of your team. Your manager instructs you to complete one multi-evidence form for the entire case and a

single-evidence form for each hard drive. How will these forms be stored to help preserve the chain of custody of the case?

1. All forms should be placed in an approved secure container because they are now primary evidence in the case.

2. The multi-evidence form should be placed in the report file and the single-evidence forms should be kept with each hard drive in an approved secure container.

3. The multi-evidence form should be placed in an approved secure container with the hard drives and the single-evidence forms should be placed in the report file.

4. All forms should be placed in the report file because they are now primary evidence in the case.

Answer: B

Question No: 127 – (Topic 3)

The MD5 program is used to:

1. wipe magnetic media before recycling it

2. make directories on a evidence disk

3. view graphics files on an evidence drive

4. verify that a disk is not altered when you examine it

Answer: D

Question No: 128 – (Topic 3)

Which is a standard procedure to perform during all computer forensics investigations?

1. with the hard drive removed from the suspect PC, check the date and time in the

   systems CMOS

2. with the hard drive in the suspect PC, check the date and time in the File Allocation Table

3. with the hard drive removed from the suspect PC, check the date an d time in the systems RAM

4. with the hard drive in the suspect PC, check the date and time in the systems CMOS

Question No: 129 – (Topic 3)

E-mail logs contain which of the following information to help you in your investigation? (Select up to 4)

1. user account that was used to send the account

2. attachments sent with the e-mail message

3. unique message identifier

4. contents of the e-mail message

5. date and time the message was sent

Answer: A,C,D,E

Question No: 130 – (Topic 3)

In a forensic examination of hard drives for digital evidence, what type of user is most likely to have the most file slack to analyze?

1. one who has NTFS 4 or 5 partitions

2. one who uses dynamic swap file capability

3. one who uses hard disk writes on IRQ 13 and 21

4. one who has lots of allocation units per block or cluster

Answer: D

100% Dumps4cert Free Download!
–Download Free Demo:412-79 Demo PDF
100% Dumps4cert Free Guaranteed!
–412-79 Dumps

	Dumps4cert	ExamCollection	Testking
Lowest Price Guarantee	Yes	No	No
Up-to-Dated	Yes	No	No
Real Questions	Yes	No	No
Explanation	Yes	No	No
PDF VCE	Yes	No	No
Free VCE Simulator	Yes	No	No
Instant Download	Yes	No	No

HOT EXAM!

100-105 Dumps VCE PDF
200-105 Dumps VCE PDF
300-101 Dumps VCE PDF
300-115 Dumps VCE PDF
300-135 Dumps VCE PDF
300-320 Dumps VCE PDF
400-101 Dumps VCE PDF
640-911 Dumps VCE PDF
640-916 Dumps VCE PDF
70-410 Dumps VCE PDF
70-411 Dumps VCE PDF
70-412 Dumps VCE PDF
70-413 Dumps VCE PDF
70-414 Dumps VCE PDF
70-417 Dumps VCE PDF
70-461 Dumps VCE PDF
70-462 Dumps VCE PDF
70-463 Dumps VCE PDF
70-464 Dumps VCE PDF
70-465 Dumps VCE PDF
70-480 Dumps VCE PDF
70-483 Dumps VCE PDF
70-486 Dumps VCE PDF
70-487 Dumps VCE PDF
220-901 Dumps VCE PDF
220-902 Dumps VCE PDF
N10-006 Dumps VCE PDF
SY0-401 Dumps VCE PDF