Spring Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Login / Register

EC-Council Certified Security Analyst (ECSA)

Last Update 3 hours ago Total Questions : 232

The EC-Council Certified Security Analyst (ECSA) content is now fully updated, with all current exam questions added 3 hours ago. Deciding to include EC0-479 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our EC0-479 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these EC0-479 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any EC-Council Certified Security Analyst (ECSA) practice test comfortably within the allotted time.

Question # 1

What will the following URL produce in an unpatched IIS Web Server? http://www.thetargetsite.com/scripts/..%co%af../..%co%af../windows/system32/cmd.exe?/c+dir+c:\

A.

Execute a buffer flow in the C: drive of the web server

B.

Insert a Trojan horse into the C: drive of the web server

C.

Directory listing of the C:\windows\system32 folder on the web server

D.

Directory listing of C: drive on the web server

Question # 2

How many possible sequence number combinations are there in TCP/IP protocol?

A.

320 billion

B.

32 million

C.

4 billion

D.

1 billion

Question # 3

What does mactime, an essential part of the coroner‟s toolkit do?

A.

It traverses the file system and produces a listing of all files based on the modification, access and change timestamps

B.

It can recover deleted file space and search it for datA. However, it does not allow the investigator t preview them

C.

The tools scans for i-node information, which is used by other tools in the tool kit

D.

It is tool specific to the MAC OS and forms a core component of the toolkit

Question # 4

The ____________________ refers to handing over the results of private investigations to the authorities because of indications of criminal activity.

A.

Locard Exchange Principle

B.

Clark Standard

C.

Kelly Policy

D.

Silver-Platter Doctrine

Question # 5

When cataloging digital evidence, the primary goal is to:

A.

Make bit-stream images of all hard drives

B.

Preserve evidence integrity

C.

Not remove the evidence from the scene

D.

Not allow the computer to be turned off

Question # 6

You are conducting an investigation of fraudulent claims in an insurance company that involves complex text searches through large numbers of documents. Which of the following tools would allow you to quickly and efficiently search for a string within a file on the bitmap image of the target computer?

A.

Stringsearch

B.

grep

C.

dir

D.

vim

Question # 7

You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company ' s clients. You have rummaged through their trash and found very little information. You do not want to set off any alarms on their network, so you plan on performing passive footprinting against their Web servers. What tool should you use?

A.

Ping sweep

B.

Netcraft

C.

Dig

D.

Nmap

Question # 8

You have compromised a lower-level administrator account on an Active Directory network of a small company in Dallas, Texas. You discover Domain Controllers through enumeration. You connect to one of the Domain Controllers on port 389 using ldp.exe. What are you trying to accomplish here?

A.

Poison the DNS records with false records

B.

Enumerate MX and A records from DNS

C.

Enumerate domain user accounts and built-in groups

D.

Establish a remote connection to the Domain Controller

Question # 9

When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?

A.

NIPS

B.

Passive IDS

C.

Progressive IDS

D.

Active IDS

Question # 10

With Regard to using an Antivirus scanner during a computer forensics investigation, You should:

A.

Scan the suspect hard drive before beginning an investigation

B.

Never run a scan on your forensics workstation because it could change your systems configuration

C.

Scan your forensics workstation at intervals of no more than once every five minutes during an investigation

D.

Scan your Forensics workstation before beginning an investigation

Go to page:
EC0-479 PDF + Testing Engine
220-1201 pdf + testing engine
$149.97
$44.99 
220-1201 pdf + testing engine
  • Last Update: May 26, 2026
  • 232 Questions and Answers
  • Single Choice: 228 Q&A's
  • Multiple Choice: 4 Q&A's
 View Packages

Related ECCouncil Certification Exams

ECCouncil CAIPM
ECCouncil 112-57
ECCouncil 312-49v11
ECCouncil 312-97
ECCouncil 312-50v13
ECCouncil 312-82
ECCouncil ICS-SCADA
ECCouncil 312-40
ECCouncil 112-51
ECCouncil 312-96
ECCouncil 212-82
ECCouncil 312-50v12

New Release

Copado-Extension-Builder Exam Questions
Category-Manager Exam Questions
Drupal-Site-Builder Exam Questions
NCP-OUSD Exam Questions
IdentityIQ-Associate Exam Questions
M92 Exam Questions
ISO-IEC-27002-Foundation Exam Questions
NCP-AAI Exam Questions
VNX301 Exam Questions
AI-901 Exam Questions
Als-Con-201 Exam Questions
App-Development-with-Swift-Certified-User Exam Questions
CAIPM Exam Questions
CPCM Exam Questions
RCA Exam Questions