[Free] 2018(Jan) EnsurePass Dumpsleader ECCouncil 412-79 Dumps with VCE and PDF 111-120

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released 412-79
100% Free Download! 100% Pass Guaranteed!

EC-Council Certified Security Analyst (ECSA)

Question No: 111 – (Topic 3)

When examining a file with a Hex Editor, what space does the file header occupy?

  1. the last several bytes of the file

  2. the first several bytes of the file

  3. none, file headers are contained in the FAT

  4. one byte at the beginning of the file

Answer: D

Question No: 112 – (Topic 3)

In the context of file deletion process, which of the following statement holds true?

  1. When files are deleted, the data is overwritten and the cluster marked as available

  2. The longer a disk is inuse, the less likely it is that deleted files will be overwritten

  3. While booting, the machine may create temporary files that can delete evidence

  4. Secure delete programs work by completely overwriting the file in one go

Answer: C,D

Question No: 113 – (Topic 3)

A suspect is accused of violating the acceptable use of computing resources, as he has visited adult websites and downloaded images. The investigator wants to demonstrate that the suspect did indeed visit these sites. However, the suspect has cleared the search history and emptied the cookie cache. Moreover, he has removed any images he might have downloadeD. What can the investigator do to prove the violation? Choose the most feasible option.

  1. Image the disk and try to recover deleted files

  2. Seek the help of co-workers who are eye-witnesses

  3. Check the Windows registry for connection data (You may or may not recover)

  4. Approach the websites for evidence

Answer: A

Question No: 114 – (Topic 3)

A (n) is one thats performed by a computer program rather than the attacker manually performing the steps in the attack sequence.

  1. blackout attack

  2. automated attack

  3. distributed attack

  4. central processing attack

Answer: B

Question No: 115 – (Topic 3)

The offset in a hexadecimal code is:

  1. The last byte after the colon

  2. The 0x at the beginning of the code

  3. The 0x at the end of the code

  4. The first byte after the colon

Answer: B

Question No: 116 – (Topic 3)

It takes mismanaged case/s to ruin your professional reputation as a computer forensics examiner?

  1. by law, three

  2. quite a few

  3. only one

  4. at least two

Answer: C

Question No: 117 – (Topic 3)

With the standard Linux second extended file system (Ext2fs), a file is deleted when the inode internal link count reaches .

  1. 0

  2. 10

C. 100

D. 1

Answer: A

Question No: 118 – (Topic 3)

When examining the log files from a Windows IIS Web Server, how often is a new log file created?

  1. the same log is used at all times

  2. a new log file is created everyday

  3. a new log file is created each week

  4. a new log is created each time the Web Server is started

Answer: A

Question No: 119 – (Topic 3)

Which part of the Windows Registry contains the users password file?





Answer: A

Question No: 120 – (Topic 3)

An employee is attempting to wipe out data stored on a couple of compact discs (CDs) and digital video discs (DVDs) by using a large magnet. You inform him that this method will not be effective in wiping out the data because CDs and DVDs are media used to store large amounts of data and are not affected by the magnet.

  1. logical

  2. anti-magnetic

  3. magnetic

  4. optical

Answer: D

100% Ensurepass Free Download!
Download Free Demo:412-79 Demo PDF
100% Ensurepass Free Guaranteed!
412-79 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No