ExamGecko
Search Search Login
Home Home / ECCouncil / ECSS
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A disk drive has 16.384 cylinders, 80 heads, and 63 sectors per track, and each sector can store 512 bytes of data. What is the total size of the disk?
Peter, a network defender, was instructed to protect the corporate network from unauthorized access. To achieve this, he employed a security solution for wireless communication that uses dragonfly key exchange for authentication, which is the strongest encryption algorithm that protects the network from dictionary and key recovery attacks. Identify the wireless encryption technology implemented in the security solution selected by Peter in the above scenario.
Jay, a network administrator, was monitoring traffic flowing through an IDS. Unexpectedly, he received an event triggered as an alarm, although there is no active attack in progress. Identify the type of IDS alert Jay has received in the above scenario.
Bob, a security professional, was recruited by an organization to ensure that application services are being delivered as expected without any delay. To achieve this. Bob decided to maintain different backup servers for the same resources so that if one backup system fails, another will serve the purpose. Identify the IA principle employed by Bob in the above scenario.
Which of the following MAC forensic data components saves file information and related events using a token with a binary structure?
Identify the backup mechanism that is performed within the organization using external devices such as hard disks and requires human interaction to perform the backup operations, thus, making it suspect able to theft or natural disasters.
James is a professional hacker attempting to gain access to an industrial system through a remote control device. In this process, he used a specially designed radio transceiver device to sniff radio commands and inject arbitrary code into the firmware of the remote controllers to maintain persistence. Which of the following attacks is performed by James in the above scenario?
Below is an extracted Apache error log entry. '(Wed Aug 28 13:35:38.878945 2020] (core:error] (pid 12356:tid 8689896234] (client 10.0.0.8] File not found: /images/folder/pic.jpg' Identify the element in the Apache error log entry above that represents the IP address from which the request was made.
Bob, a network administrator in a company, manages network connectivity to 200 employees in six different rooms. Every employee has their own laptop to connect to the Internet through a wireless network, but the company has only one broadband connection. Which of the following types of wireless networks allows Bob to provide Internet access to every laptop and bring all the devices to a single network?
A system that a cybercriminal was suspected to have used for performing an anti-social activity through the Tor browser. James reviewed the active network connections established using specific ports via Tor. Which of the following port numbers does Tor use for establishing a connection via Tor nodes?

Question 55 - ECSS discussion

Report
Export

Bob, a forensic investigator, is investigating a live Windows system found at a crime scene. In this process, Bob extracted subkeys containing information such as SAM. Security, and software using an automated tool called FTK Imager.

Which of the following Windows Registry hives' subkeys provide the above information to Bob?

A.

H KEY-CLASSES. ROOT

Answers
A.

H KEY-CLASSES. ROOT

B.

HKEY .CURRENT CONFIG

Answers
B.

HKEY .CURRENT CONFIG

C.

HKEY CURRENT USER

Answers
C.

HKEY CURRENT USER

D.

HKEY LOCAL MACHINE

Answers
D.

HKEY LOCAL MACHINE

Suggested answer: D

Explanation:

Certainly! Let's break down the question and identify which Windows Registry hives' subkeys contain the requested information.

Windows Registry Hives:

The Windows Registry is a hierarchical database that holds configuration settings and options for both low-level operating system components and running programs.

It includes settings for the kernel, device drivers, services, user interface, and third-party applications.

The registry allows access to counters for system performance profiling.

Registry Hives:

The registry is organized into different hives, each containing keys and values.

Some important hives include:

HKEY_LOCAL_MACHINE (HKLM): Contains system-wide settings.

HKEY_CURRENT_USER (HKCU): Contains settings specific to the currently logged-in user.

HKEY_USERS (HKU): Contains profiles for all users on the system.

HKEY_CLASSES_ROOT (HKCR): Contains file association information.

HKEY_CURRENT_CONFIG (HKCC): Contains information about the current hardware configuration (only in certain Windows versions).

Subkeys Relevant to Bob's Investigation:

Bob is interested in information related toSAM,Security, andsoftware.

Let's see which hives contain these subkeys:

SAM(Security Account Manager):

The SAM hive stores user account information, including usernames, passwords, account types, enabled status, group memberships, and last logon time.

It is crucial for authentication and security.

Located in:HKEY_LOCAL_MACHINE\SAM

Security:

The Security hive contains security-related information, including access control lists (ACLs), user privileges, and security tokens.

It plays a vital role in enforcing security policies.

Located in:HKEY_LOCAL_MACHINE\Security

Software:

The Software subkey within the HKLM hive contains information related to installed software, configurations, and settings.

It is essential for forensic investigations.

Located in:HKEY_LOCAL_MACHINE\Software

Answer :

The subkeys that provide the requested information to Bob are:

SAM(located inHKEY_LOCAL_MACHINE\SAM)

Security(located inHKEY_LOCAL_MACHINE\Security)

Show Answer
asked 24/10/2024
fritz villanueva
48 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms