ExamGecko
Login
Home / ECCouncil / 312-49v10 / List of questions
Ask Question

ECCouncil 312-49v10 Practice Test - Questions Answers, Page 37

List of questions

Question 361

Report Export Collapse

Which among the following files provides email header information in the Microsoft Exchange server?

gwcheck.db
gwcheck.db
PRIV.EDB
PRIV.EDB
PUB.EDB
PUB.EDB
PRIV.STM
PRIV.STM
Suggested answer: B
asked 18/09/2024
S Tharakanparampil
43 questions

Question 362

Report Export Collapse

Which of the following attacks allows an attacker to access restricted directories, including application source code, configuration and critical system files, and to execute commands outside of the web server's root directory?

Parameter/form tampering
Parameter/form tampering
Unvalidated input
Unvalidated input
Directory traversal
Directory traversal
Security misconfiguration
Security misconfiguration
Suggested answer: C
asked 18/09/2024
Mattie Hendricks
50 questions

Question 363

Report Export Collapse

What is the size value of a nibble?

0.5 kilo byte
0.5 kilo byte
0.5 bit
0.5 bit
0.5 byte
0.5 byte
2 bits
2 bits
Suggested answer: C
asked 18/09/2024
Emanuel Sifuentes
50 questions

Question 364

Report Export Collapse

Which of the following tool enables a user to reset his/her lost admin password in a Windows system?

Advanced Office Password Recovery
Advanced Office Password Recovery
Active@ Password Changer
Active@ Password Changer
Smartkey Password Recovery Bundle Standard
Smartkey Password Recovery Bundle Standard
Passware Kit Forensic
Passware Kit Forensic
Suggested answer: B
asked 18/09/2024
Reneus Martini
43 questions

Question 365

Report Export Collapse

Which of the following acts as a network intrusion detection system as well as network intrusion prevention system?

Accunetix
Accunetix
Nikto
Nikto
Snort
Snort
Kismet
Kismet
Suggested answer: C
asked 18/09/2024
Rafal Piasecki
46 questions

Question 366

Report Export Collapse

In Steganalysis, which of the following describes a Known-stego attack?

The hidden message and the corresponding stego-image are known
The hidden message and the corresponding stego-image are known
During the communication process, active attackers can change cover
During the communication process, active attackers can change cover
Original and stego-object are available and the steganography algorithm is known
Original and stego-object are available and the steganography algorithm is known
Only the steganography medium is available for analysis
Only the steganography medium is available for analysis
Suggested answer: C
asked 18/09/2024
Bipindra Shrestha
45 questions

Question 367

Report Export Collapse

Annie is searching for certain deleted files on a system running Windows XP OS. Where will she find the files if they were not completely deleted from the system?

C: $Recycled.Bin
C: $Recycled.Bin
C: \$Recycle.Bin
C: \$Recycle.Bin
C:\RECYCLER
C:\RECYCLER
C:\$RECYCLER
C:\$RECYCLER
Suggested answer: B
asked 18/09/2024
gregory koontz
45 questions

Question 368

Report Export Collapse

Which of the following files stores information about a local Google Drive installation such as User email ID, Local Sync Root Path, and Client version installed?

filecache.db
filecache.db
config.db
config.db
sigstore.db
sigstore.db
Sync_config.db
Sync_config.db
Suggested answer: D
asked 18/09/2024
Kevin Boddy
36 questions

Question 369

Report Export Collapse

An expert witness is a __________________ who is normally appointed by a party to assist the formulation and preparation of a party's claim or defense.

Expert in criminal investigation
Expert in criminal investigation
Subject matter specialist
Subject matter specialist
Witness present at the crime scene
Witness present at the crime scene
Expert law graduate appointed by attorney
Expert law graduate appointed by attorney
Suggested answer: B
asked 18/09/2024
Ricardo Monsalve
40 questions

Question 370

Report Export Collapse

Smith, a network administrator with a large MNC, was the first to arrive at a suspected crime scene involving criminal use of compromised computers. What should be his first response while maintaining the integrity of evidence?

Record the system state by taking photographs of physical system and the display
Record the system state by taking photographs of physical system and the display
Perform data acquisition without disturbing the state of the systems
Perform data acquisition without disturbing the state of the systems
Open the systems, remove the hard disk and secure it
Open the systems, remove the hard disk and secure it
Switch off the systems and carry them to the laboratory
Switch off the systems and carry them to the laboratory
Suggested answer: A
asked 18/09/2024
David Washington
35 questions
Total 704 questions
Go to page: of 71
Open VPLUS File
Convert VPLUS to PDF

Related questions

In Windows, prefetching is done to improve system performance. There are two types of prefetching: boot prefetching and application prefetching. During boot prefetching, what does the Cache Manager do?
Malware analysis can be conducted in various manners. An investigator gathers a suspicious executable file and uploads It to VirusTotal in order to confirm whether the file Is malicious, provide information about Its functionality, and provide Information that will allow to produce simple network signatures. What type of malware analysis was performed here?
This law sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations.
Report writing is a crucial stage in the outcome of an investigation. Which information should not be included in the report section?
During the course of a corporate investigation, you find that an Employee is committing a crime. Can the Employer file a criminal complaint with Police?
An Investigator Is checking a Cisco firewall log that reads as follows: Aug 21 2019 09:16:44: %ASA-1-106021: Deny ICMP reverse path check from 10.0.0.44 to 10.0.0.33 on Interface outside What does %ASA-1-106021 denote?
Which of the following refers to the data that might still exist in a cluster even though the original file has been overwritten by another file?
Volatile Memory is one of the leading problems for forensics. Worms such as code Red are memory resident and do write themselves to the hard drive, if you turn the system off they disappear. In a lab environment, which of the following options would you suggest as the most appropriate to overcome the problem of capturing volatile memory?
Which of the following tools is used to dump the memory of a running process, either immediately or when an error condition occurs?
You are working as Computer Forensics investigator and are called by the owner of an accounting firm to investigate possible computer abuse by one of the firm's employees. You meet with the owner of the firm and discover that the company has never published a policy stating that they reserve the right to inspect their computing assets at will. What do you do?