ExamGecko
Login
Home / ECCouncil / 312-49v10 / List of questions
Ask Question

ECCouncil 312-49v10 Practice Test - Questions Answers, Page 7

List of questions

Question 61

Report Export Collapse

What header field in the TCP/IP protocol stack involves the hacker exploit known as the Ping of Death?

ICMP header field
ICMP header field
TCP header field
TCP header field
IP header field
IP header field
UDP header field
UDP header field
Suggested answer: B
asked 18/09/2024
Robert Akehurst
36 questions

Question 62

Report Export Collapse

What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever the course of its lifetime?

forensic duplication of hard drive
forensic duplication of hard drive
analysis of volatile data
analysis of volatile data
comparison of MD5 checksums
comparison of MD5 checksums
review of SIDs in the Registry
review of SIDs in the Registry
Suggested answer: C
asked 18/09/2024
Christopher Fiotes
40 questions

Question 63

Report Export Collapse

Which response organization tracks hoaxes as well as viruses?

NIPC
NIPC
FEDCIRC
FEDCIRC
CERT
CERT
CIAC
CIAC
Suggested answer: D
asked 18/09/2024
Avishek Das
44 questions

Question 64

Report Export Collapse

Which federal computer crime law specifically refers to fraud and related activity in connection with access devices like routers?

18 U.S.C. 1029
18 U.S.C. 1029
18 U.S.C. 1362
18 U.S.C. 1362
18 U.S.C. 2511
18 U.S.C. 2511
18 U.S.C. 2703
18 U.S.C. 2703
Suggested answer: A
asked 18/09/2024
Vipulkumar Shukal
44 questions

Question 65

Report Export Collapse

Office documents (Word, Excel, PowerPoint) contain a code that allows tracking the MAC, or unique identifier, of the machine that created the document. What is that code called?

the Microsoft Virtual Machine Identifier
the Microsoft Virtual Machine Identifier
the Personal Application Protocol
the Personal Application Protocol
the Globally Unique ID
the Globally Unique ID
the Individual ASCII String
the Individual ASCII String
Suggested answer: C
asked 18/09/2024
William Hyde
43 questions

Question 66

Report Export Collapse

What TCP/UDP port does the toolkit program netstat use?

Port 7
Port 7
Port 15
Port 15
Port 23
Port 23
Port 69
Port 69
Suggested answer: B
asked 18/09/2024
Pises Cuptintorn
44 questions

Question 67

Report Export Collapse

Under which Federal Statutes does FBI investigate for computer crimes involving e-mail scams and mail fraud?

18 U.S.C. 1029 Possession of Access Devices
18 U.S.C. 1029 Possession of Access Devices
18 U.S.C. 1030 Fraud and related activity in connection with computers
18 U.S.C. 1030 Fraud and related activity in connection with computers
18 U.S.C. 1343 Fraud by wire, radio or television
18 U.S.C. 1343 Fraud by wire, radio or television
18 U.S.C. 1361 Injury to Government Property
18 U.S.C. 1361 Injury to Government Property
18 U.S.C. 1362 Government communication systems
18 U.S.C. 1362 Government communication systems
18 U.S.C. 1831 Economic Espionage Act
18 U.S.C. 1831 Economic Espionage Act
18 U.S.C. 1832 Trade Secrets Act
18 U.S.C. 1832 Trade Secrets Act
Suggested answer: B
asked 18/09/2024
Bert Schillemans
39 questions

Question 68

Report Export Collapse

In a FAT32 system, a 123 KB file will use how many sectors?

34
34
25
25
11
11
56
56
Suggested answer: B
asked 18/09/2024
Luke Swetland
42 questions

Question 69

Report Export Collapse

You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud by printing cheques that have not been authorized. You have exhaustively searched all data files on a bitmap image of the target computer, but have found no evidence. You suspect the files may not have been saved. What should you examine next in this case?

The registry
The registry
The swap file
The swap file
The recycle bin
The recycle bin
The metadata
The metadata
Suggested answer: B
asked 18/09/2024
Richard Villanueva
39 questions

Question 70

Report Export Collapse

When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?

a write-blocker
a write-blocker
a protocol analyzer
a protocol analyzer
a firewall
a firewall
a disk editor
a disk editor
Suggested answer: A
asked 18/09/2024
Eric Zarghami
56 questions
Total 704 questions
Go to page: of 71
Open VPLUS File
Convert VPLUS to PDF

Related questions

In Windows, prefetching is done to improve system performance. There are two types of prefetching: boot prefetching and application prefetching. During boot prefetching, what does the Cache Manager do?
Malware analysis can be conducted in various manners. An investigator gathers a suspicious executable file and uploads It to VirusTotal in order to confirm whether the file Is malicious, provide information about Its functionality, and provide Information that will allow to produce simple network signatures. What type of malware analysis was performed here?
This law sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations.
Report writing is a crucial stage in the outcome of an investigation. Which information should not be included in the report section?
During the course of a corporate investigation, you find that an Employee is committing a crime. Can the Employer file a criminal complaint with Police?
An Investigator Is checking a Cisco firewall log that reads as follows: Aug 21 2019 09:16:44: %ASA-1-106021: Deny ICMP reverse path check from 10.0.0.44 to 10.0.0.33 on Interface outside What does %ASA-1-106021 denote?
Which of the following refers to the data that might still exist in a cluster even though the original file has been overwritten by another file?
Volatile Memory is one of the leading problems for forensics. Worms such as code Red are memory resident and do write themselves to the hard drive, if you turn the system off they disappear. In a lab environment, which of the following options would you suggest as the most appropriate to overcome the problem of capturing volatile memory?
Which of the following tools is used to dump the memory of a running process, either immediately or when an error condition occurs?
You are working as Computer Forensics investigator and are called by the owner of an accounting firm to investigate possible computer abuse by one of the firm's employees. You meet with the owner of the firm and discover that the company has never published a policy stating that they reserve the right to inspect their computing assets at will. What do you do?