Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

ECCouncil Updated EC0-479 Exam Questions and Answers by karim

Page: 5 / 8

ECCouncil EC0-479 Exam Overview :

Exam Name: EC-Council Certified Security Analyst (ECSA)
Exam Code: EC0-479 Dumps
Vendor: ECCouncil Certification: ECSA
Questions: 232 Q&A's Shared By: karim
Question 20

What does mactime, an essential part of the coroner‟s toolkit do?

Options:

A.

It traverses the file system and produces a listing of all files based on the modification, access and change timestamps

B.

It can recover deleted file space and search it for datA. However, it does not allow the investigator t preview them

C.

The tools scans for i-node information, which is used by other tools in the tool kit

D.

It is tool specific to the MAC OS and forms a core component of the toolkit

Discussion
Question 21

When investigating a Windows System, it is important to view the contents of the page or swap file because:

Options:

A.

Windows stores all of the systems configuration information in this file

B.

This is file that windows use to communicate directly with Registry

C.

A Large volume of data can exist within the swap file of which the computer user has no knowledge

D.

This is the file that windows use to store the history of the last 100 commands that were run from the command line

Discussion
Question 22

What type of attack occurs when an attacker can force a router to stop forwarding packets by flooding the router with many open connections simultaneously so that all the hosts behind the router are effectively disabled?

Options:

A.

digital attack

B.

denial of service

C.

physical attack

D.

ARP redirect

Discussion
Joey
I highly recommend Cramkey Dumps to anyone preparing for the certification exam. They have all the key information you need and the questions are very similar to what you'll see on the actual exam.
Dexter Jun 14, 2026
Agreed. It's definitely worth checking out if you're looking for a comprehensive and reliable study resource.
Cecilia
Yes, I passed my certification exam using Cramkey Dumps.
Helena Jun 24, 2026
Great. Yes they are really effective
Stefan
Thank you so much Cramkey I passed my exam today due to your highly up to date dumps.
Ocean Jun 20, 2026
Agree….Cramkey Dumps are constantly updated based on changes in the exams. They also have a team of experts who regularly review the materials to ensure their accuracy and relevance. This way, you can be sure you're studying the most up-to-date information available.
Ayesha
They are study materials that are designed to help students prepare for exams and certification tests. They are basically a collection of questions and answers that are likely to appear on the test.
Ayden Jun 21, 2026
That sounds interesting. Why are they useful? Planning this week, hopefully help me. Can you give me PDF if you have ?
Anya
I must say they're considered the best dumps available and the questions are very similar to what you'll see in the actual exam. Recommended!!!
Cassius Jun 14, 2026
Yes, they offer a 100% success guarantee. And many students who have used them have reported passing their exams with flying colors.
Question 23

A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker . Given below is an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by studying the log. Please note that you are required to infer only what is explicit in the excerpt. (Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.) 03/15-20:21:24.107053 211.185.125.124:3500 -> 172.16.1.108:111 TCP TTL:43 TOS:0×0 ID:29726 IpLen:20 DgmLen:52 DF ***A**** Seq: 0x9B6338C5 Ack: 0x5820ADD0 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 23678634 2878772 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

03/15-20:21:24.452051 211.185.125.124:789 -> 172.16.1.103:111 UDP TTL:43 TOS:0×0 ID:29733 IpLen:20 DgmLen:84 Len: 64

01 0A 8A 0A 00 00 00 00 00 00 00 02 00 01 86 A0 ……………. 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 00 ……………. 00 00 00 00 00 00 00 00 00 01 86 B8 00 00 00 01 …………….

00 00 00 11 00 00 00 00 ……..

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

03/15-20:21:24.730436 211.185.125.124:790 -> 172.16.1.103:32773 UDP TTL:43 TOS:0×0 ID:29781 IpLen:20 DgmLen:1104 Len: 1084 47 F7 9F 63 00 00 00 00 00 00 00 02 00 01 86 B8

Options:

A.

The attacker has conducted a network sweep on port 111

B.

The attacker has scanned and exploited the system using Buffer Overflow

C.

The attacker has used a Trojan on port 32773

D.

The attacker has installed a backdoor

Discussion
Page: 5 / 8

EC0-479
PDF

$36.75  $104.99

EC0-479 Testing Engine

$43.75  $124.99

EC0-479 PDF + Testing Engine

$57.75  $164.99