ExamGecko
Login
Home / ECCouncil / 312-49v10 / List of questions
Ask Question

ECCouncil 312-49v10 Practice Test - Questions Answers, Page 36

Add to Whishlist

List of questions

Question 351

Report Export Collapse

The investigator wants to examine changes made to the system's registry by the suspect program.

Which of the following tool can help the investigator?

TRIPWIRE
TRIPWIRE
RAM Capturer
RAM Capturer
Regshot
Regshot
What's Running
What's Running
Suggested answer: C
asked 18/09/2024
Emily Luijten
51 questions

Question 352

Report Export Collapse

What does the part of the log, "% SEC-6-IPACCESSLOGP", extracted from a Cisco router represent?

The system was not able to process the packet because there was not enough room for all of the desired IP header options
The system was not able to process the packet because there was not enough room for all of the desired IP header options
Immediate action required messages
Immediate action required messages
Some packet-matching logs were missed because the access list log messages were rate limited, or no access list log buffers were available
Some packet-matching logs were missed because the access list log messages were rate limited, or no access list log buffers were available
A packet matching the log criteria for the given access list has been detected (TCP or UDP)
A packet matching the log criteria for the given access list has been detected (TCP or UDP)
Suggested answer: D
asked 18/09/2024
Sukhpreet Sidhu
44 questions

Question 353

Report Export Collapse

Files stored in the Recycle Bin in its physical location are renamed as Dxy.ext, where "x" represents the ___________________.

Drive name
Drive name
Original file name's extension
Original file name's extension
Sequential number
Sequential number
Original file name
Original file name
Suggested answer: A
asked 18/09/2024
Fednol Presume
39 questions

Question 354

Report Export Collapse

Which of the following is an iOS Jailbreaking tool?

Kingo Android ROOT
Kingo Android ROOT
Towelroot
Towelroot
One Click Root
One Click Root
Redsn0w
Redsn0w
Suggested answer: D
asked 18/09/2024
Aleh Patskevich
53 questions

Question 355

Report Export Collapse

Which of the following Registry components include offsets to other cells as well as the LastWrite time for the key?

Value list cell
Value list cell
Value cell
Value cell
Key cell
Key cell
Security descriptor cell
Security descriptor cell
Suggested answer: C
asked 18/09/2024
Minh Phan
33 questions

Question 356

Report Export Collapse

What is the default IIS log location?

SystemDrive\inetpub\LogFiles
SystemDrive\inetpub\LogFiles
%SystemDrive%\inetpub\logs\LogFiles
%SystemDrive%\inetpub\logs\LogFiles
%SystemDrive\logs\LogFiles
%SystemDrive\logs\LogFiles
SystemDrive\logs\LogFiles
SystemDrive\logs\LogFiles
Suggested answer: B
asked 18/09/2024
Arnold Bronson TCHOFFO
52 questions

Question 357

Report Export Collapse

Charles has accidentally deleted an important file while working on his Mac computer. He wants to recover the deleted file as it contains some of his crucial business secrets. Which of the following tool will help Charles?

Xplico
Xplico
Colasoft's Capsa
Colasoft's Capsa
FileSalvage
FileSalvage
DriveSpy
DriveSpy
Suggested answer: C
asked 18/09/2024
David Shokrai
44 questions

Question 358

Report Export Collapse

Which file is a sequence of bytes organized into blocks understandable by the system's linker?

executable file
executable file
source file
source file
Object file
Object file
None of these
None of these
Suggested answer: C
asked 18/09/2024
Alex Luna
46 questions

Question 359

Report Export Collapse

Smith, a forensic examiner, was analyzing a hard disk image to find and acquire deleted sensitive files. He stumbled upon a $Recycle.Bin folder in the root directory of the disk. Identify the operating system in use.

Windows 98
Windows 98
Linux
Linux
Windows 8.1
Windows 8.1
Windows XP
Windows XP
Suggested answer: D
asked 18/09/2024
Lukasz Malaczek
36 questions

Question 360

Report Export Collapse

Jason discovered a file named $RIYG6VR.doc in the C:\$Recycle.Bin\\ while analyzing a hard disk image for the deleted dat a. What inferences can he make from the file name?

It is a doc file deleted in seventh sequential order
It is a doc file deleted in seventh sequential order
RIYG6VR.doc is the name of the doc file deleted from the system
RIYG6VR.doc is the name of the doc file deleted from the system
It is file deleted from R drive
It is file deleted from R drive
It is a deleted doc file
It is a deleted doc file
Suggested answer: D
asked 18/09/2024
Anu V
37 questions
Total 704 questions
Go to page: of 71
Open VPLUS File
Convert VPLUS to PDF

Related questions

In Windows, prefetching is done to improve system performance. There are two types of prefetching: boot prefetching and application prefetching. During boot prefetching, what does the Cache Manager do?
Malware analysis can be conducted in various manners. An investigator gathers a suspicious executable file and uploads It to VirusTotal in order to confirm whether the file Is malicious, provide information about Its functionality, and provide Information that will allow to produce simple network signatures. What type of malware analysis was performed here?
This law sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations.
Report writing is a crucial stage in the outcome of an investigation. Which information should not be included in the report section?
During the course of a corporate investigation, you find that an Employee is committing a crime. Can the Employer file a criminal complaint with Police?
An Investigator Is checking a Cisco firewall log that reads as follows: Aug 21 2019 09:16:44: %ASA-1-106021: Deny ICMP reverse path check from 10.0.0.44 to 10.0.0.33 on Interface outside What does %ASA-1-106021 denote?
Which of the following refers to the data that might still exist in a cluster even though the original file has been overwritten by another file?
Volatile Memory is one of the leading problems for forensics. Worms such as code Red are memory resident and do write themselves to the hard drive, if you turn the system off they disappear. In a lab environment, which of the following options would you suggest as the most appropriate to overcome the problem of capturing volatile memory?
Which of the following tools is used to dump the memory of a running process, either immediately or when an error condition occurs?
You are working as Computer Forensics investigator and are called by the owner of an accounting firm to investigate possible computer abuse by one of the firm's employees. You meet with the owner of the firm and discover that the company has never published a policy stating that they reserve the right to inspect their computing assets at will. What do you do?