ExamGecko
Login
Home / ECCouncil / 312-49v10 / List of questions
Ask Question

ECCouncil 312-49v10 Practice Test - Questions Answers, Page 3

List of questions

Question 21

Report Export Collapse

With the standard Linux second extended file system (Ext2fs), a file is deleted when the inode internal link count reaches ________.

0
0
10
10
100
100
1
1
Suggested answer: A
asked 18/09/2024
Gregory Destrebecq
37 questions

Question 22

Report Export Collapse

When examining the log files from a Windows IIS Web Server, how often is a new log file created?

the same log is used at all times
the same log is used at all times
a new log file is created everyday
a new log file is created everyday
a new log file is created each week
a new log file is created each week
a new log is created each time the Web Server is started
a new log is created each time the Web Server is started
Suggested answer: A
asked 18/09/2024
Christian Galea
45 questions

Question 23

Report Export Collapse

Which part of the Windows Registry contains the user's password file?

HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_CONFIGURATION
HKEY_CURRENT_CONFIGURATION
HKEY_USER
HKEY_USER
HKEY_CURRENT_USER
HKEY_CURRENT_USER
Suggested answer: A
asked 18/09/2024
Helmut Steingraber
37 questions

Question 24

Report Export Collapse

An employee is attempting to wipe out data stored on a couple of compact discs (CDs) and digital video discs (DVDs) by using a large magnet. You inform him that this method will not be effective in wiping out the data because CDs and DVDs are ______________ media used to store large amounts of data and are not affected by the magnet.

logical
logical
anti-magnetic
anti-magnetic
magnetic
magnetic
optical
optical
Suggested answer: D
asked 18/09/2024
Zden Bohm Autocont a.s.
31 questions

Question 25

Report Export Collapse

Lance wants to place a honeypot on his network. Which of the following would be your recommendations?

Use a system that has a dynamic addressing on the network
Use a system that has a dynamic addressing on the network
Use a system that is not directly interacting with the router
Use a system that is not directly interacting with the router
Use it on a system in an external DMZ in front of the firewall
Use it on a system in an external DMZ in front of the firewall
It doesn't matter as all replies are faked
It doesn't matter as all replies are faked
Suggested answer: D
asked 18/09/2024
xingrui li
44 questions

Question 26

Report Export Collapse

What does the acronym POST mean as it relates to a PC?

Primary Operations Short Test
Primary Operations Short Test
PowerOn Self Test
PowerOn Self Test
Pre Operational Situation Test
Pre Operational Situation Test
Primary Operating System Test
Primary Operating System Test
Suggested answer: B
asked 18/09/2024
Franziska Kreuz
39 questions

Question 27

Report Export Collapse

Which legal document allows law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime?

bench warrant
bench warrant
wire tap
wire tap
subpoena
subpoena
search warrant
search warrant
Suggested answer: D
asked 18/09/2024
Feroz Khan
51 questions

Question 28

Report Export Collapse

You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation.

Your job is to complete the required evidence custody forms to properly document each piece of evidence as it is collected by other members of your team. Your manager instructs you to complete one multi-evidence form for the entire case and a single-evidence form for each hard drive. How will these forms be stored to help preserve the chain of custody of the case?

All forms should be placed in an approved secure container because they are now primary evidence in the case.
All forms should be placed in an approved secure container because they are now primary evidence in the case.
The multi-evidence form should be placed in the report file and the single-evidence forms should be kept with each hard drive in an approved secure container.
The multi-evidence form should be placed in the report file and the single-evidence forms should be kept with each hard drive in an approved secure container.
The multi-evidence form should be placed in an approved secure container with the hard drives and the single-evidence forms should be placed in the report file.
The multi-evidence form should be placed in an approved secure container with the hard drives and the single-evidence forms should be placed in the report file.
All forms should be placed in the report file because they are now primary evidence in the case.
All forms should be placed in the report file because they are now primary evidence in the case.
Suggested answer: B
asked 18/09/2024
Sundarrajan Mugunthan
38 questions

Question 29

Report Export Collapse

The MD5 program is used to:

wipe magnetic media before recycling it
wipe magnetic media before recycling it
make directories on an evidence disk
make directories on an evidence disk
view graphics files on an evidence drive
view graphics files on an evidence drive
verify that a disk is not altered when you examine it
verify that a disk is not altered when you examine it
Suggested answer: D
asked 18/09/2024
Dubravko Jerkovic
38 questions

Question 30

Report Export Collapse

Which is a standard procedure to perform during all computer forensics investigations?

with the hard drive removed from the suspect PC, check the date and time in the system's CMOS
with the hard drive removed from the suspect PC, check the date and time in the system's CMOS
with the hard drive in the suspect PC, check the date and time in the File Allocation Table
with the hard drive in the suspect PC, check the date and time in the File Allocation Table
with the hard drive removed from the suspect PC, check the date and time in the system's RAM
with the hard drive removed from the suspect PC, check the date and time in the system's RAM
with the hard drive in the suspect PC, check the date and time in the system's CMOS
with the hard drive in the suspect PC, check the date and time in the system's CMOS
Suggested answer: A
asked 18/09/2024
Nezha El Fakraoui
36 questions
Total 704 questions
Go to page: of 71
Open VPLUS File
Convert VPLUS to PDF

Related questions

In Windows, prefetching is done to improve system performance. There are two types of prefetching: boot prefetching and application prefetching. During boot prefetching, what does the Cache Manager do?
Malware analysis can be conducted in various manners. An investigator gathers a suspicious executable file and uploads It to VirusTotal in order to confirm whether the file Is malicious, provide information about Its functionality, and provide Information that will allow to produce simple network signatures. What type of malware analysis was performed here?
This law sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations.
Report writing is a crucial stage in the outcome of an investigation. Which information should not be included in the report section?
During the course of a corporate investigation, you find that an Employee is committing a crime. Can the Employer file a criminal complaint with Police?
An Investigator Is checking a Cisco firewall log that reads as follows: Aug 21 2019 09:16:44: %ASA-1-106021: Deny ICMP reverse path check from 10.0.0.44 to 10.0.0.33 on Interface outside What does %ASA-1-106021 denote?
Which of the following refers to the data that might still exist in a cluster even though the original file has been overwritten by another file?
Volatile Memory is one of the leading problems for forensics. Worms such as code Red are memory resident and do write themselves to the hard drive, if you turn the system off they disappear. In a lab environment, which of the following options would you suggest as the most appropriate to overcome the problem of capturing volatile memory?
Which of the following tools is used to dump the memory of a running process, either immediately or when an error condition occurs?
You are working as Computer Forensics investigator and are called by the owner of an accounting firm to investigate possible computer abuse by one of the firm's employees. You meet with the owner of the firm and discover that the company has never published a policy stating that they reserve the right to inspect their computing assets at will. What do you do?