Black Friday Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

Ace the ECCouncil 412-79 Exam: Ultimate Preparation Guide

Questions 61

To make sure the evidence you recover and analyze with computer forensics software can be admitted in court, you must test and validate the software. What group is actively providing tools and creating procedures for testing and validating computer forensics software ?

Options:

A.

Computer Forensics Tools and Validation Committee (CFTVC)

B.

Association of Computer Forensics Software Manufactures (ACFSM)

C.

National Institute of Standards and Technology (NIST)

D.

Society for Valid Forensics Tools and Testing (SVFTT)

Buy Now
Questions 62

The rule of thumb when shutting down a system is to pull the power plug. However, it has certain drawbacks. Which of the following would that be?

Options:

A.

Any data not yet flushed to the system will be lost

B.

All running processes will be lost

C.

The /tmp directory will be flushed

D.

Power interruption will corrupt the pagefile

Buy Now
Questions 63

What term is used to describe a cryptographic technique for embedding information into something else for the sole purpose of hiding that information from the casual observer?

Options:

A.

rootkit

B.

key escrow

C.

steganography

D.

Offset

Buy Now
Questions 64

What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever the course of its lifetime?

Options:

A.

forensic duplication of hard drive

B.

analysis of volatile data

C.

comparison of MD5 checksums

D.

review of SIDs in the Registry

Buy Now
Questions 65

Microsoft Outlook maintains email messages in a proprietary format in what type of file?

Options:

A.

.email

B.

.mail

C.

.pst

D.

.doc

Buy Now
Questions 66

When investigating a network that uses DHCP to assign IP addresses, where would you look to determine which system (MAC address) had a specific IP address at a specific time?

Options:

A.

on the individual computer‟s ARP cache

B.

in the Web Server log files

C.

in the DHCP Server log files

D.

there is no way to determine the specific IP address

Buy Now
Questions 67

Which response organization tracks hoaxes as well as viruses?

Options:

A.

NIPC

B.

FEDCIRC

C.

CERT

D.

CIAC

Buy Now
Questions 68

Which of the following should a computer forensics lab used for investigations have?

Options:

A.

isolation

B.

restricted access

C.

open access

D.

an entry log

Buy Now
Questions 69

What TCP/UDP port does the toolkit program netstat use?

Options:

A.

Port 7

B.

Port 15

C.

Port 23

D.

Port 69

Buy Now
Exam Code: 412-79
Exam Name: EC-Council Certified Security Analyst (ECSA)
Last Update: Dec 12, 2024
Questions: 232

PDF + Testing Engine

$164.99
$66

Testing Engine

$124.99
$50

PDF (Q&A)

$104.99
$42