EC-COUNCIL 412-79 Online Practice Questions and Exam Preparation

EC-COUNCIL 412-79 Online Questions & Answers

• Question 91:

  Volatile Memory is one of the leading problems for forensics. Worms such as code Red are memory resident and do write themselves to the hard drive, if you turn the system off they disappear. In a lab environment, which of the following options would you suggest as the most appropriate to overcome the problem of capturing volatile memory?

  A. Use Vmware to be able to capture the data in memory and examine it
  B. Give the Operating System a minimal amount of memory, forcing it to use a swap file
  C. Create a Separate partition of several hundred megabytes and place the swap file there
  D. Use intrusion forensic techniques to study memory resident infections
  C. Create a Separate partition of several hundred megabytes and place the swap file there

• Question 92:

  At what layer of the OSI model do routers function on?

  A. 3
  B. 4
  C. 5
  D. 1
  A. 3

• Question 93:

  John and Hillary works at the same department in the company. John wants to find out Hillary's network password so he can take a look at her documents on the file server. He enables Lophtcrack program to sniffing mode. John sends Hillary an email with a link to Error! Reference source not found. What information will he be able to gather from this?

  A. The SID of Hillary's network account
  B. The network shares that Hillary has permissions
  C. The SAM file from Hillary's computer
  D. Hillary's network username and password hash
  D. Hillary's network username and password hash

• Question 94:

  What information do you need to recover when searching a victims computer for a crime committed with specific e-mail message?

  A. Internet service provider information
  B. E-mail header
  C. Username and password
  D. Firewall log
  B. E-mail header

• Question 95:

  Michael works for Kimball Construction Company as senior security analyst. As part of yearly security audit, Michael scans his network for vulnerabilities. Using Nmap, Michael conducts XMAS scan and most of the ports scanned do not give a response. In what state are these ports?

  A. Open
  B. Stealth
  C. Closed
  D. Filtered
  A. Open

• Question 96:

  Bob has been trying to penetrate a remote production system for the past tow weeks. This time however, he is able to get into the system. He was able to use the System for a period of three weeks. However law enforcement agencies were recoding his every activity and this was later presented as evidence. The organization had used a Virtual Environment to trap BoB. What is a Virtual Environment?

  A. A Honeypot that traps hackers
  B. A system Using Trojaned commands
  C. An environment set up after the user logs in
  D. An environment set up before an user logs in
  A. A Honeypot that traps hackers

• Question 97:

  When examining a file with a Hex Editor, what space does the file header occupy?

  A. the last several bytes of the file
  B. the first several bytes of the file
  C. none, file headers are contained in the FAT
  D. one byte at the beginning of the file
  D. one byte at the beginning of the file

• Question 98:

  Diskcopy is:

  A. a utility byAccessData
  B. a standard MS-DOS command
  C. Digital Intelligence utility
  D. dd copying tool
  B. a standard MS-DOS command

• Question 99:

  When reviewing web logs, you see an entry for resource not found in the HTTP status code fileD. What is the actual error code that you would see in the log for resource not found?

  A. 202
  B. 404
  C. 505
  D. 909
  B. 404

• Question 100:

  Why is it a good idea to perform a penetration test from the inside?

  A. It is easier to hack from the inside
  B. It is never a good idea to perform a penetration test from the inside
  C. To attack a network from a hacker's perspective
  D. Because 70% of attacks are from inside the organization
  D. Because 70% of attacks are from inside the organization