EC-COUNCIL 312-49v10 Real Exam Questions Test Engine Dumps Training With 598 Questions
312-49v10 Actual Questions Answers PDF 100% Cover Real Exam Questions
EC-COUNCIL 312-49v10 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
NEW QUESTION 202
Jacob is a computer forensics investigator with over 10 years experience in investigations and has written over 50 articles on computer forensics. He has been called upon as a qualified witness to testify the accuracy and integrity of the technical log files gathered in an investigation into computer fraud. What is the term used for Jacob testimony in this case?
- A. Justification
- B. Reiteration
- C. Certification
- D. Authentication
Answer: D
NEW QUESTION 203
You are working for a local police department that services a population of 1,000,000 people and you have been given the task of building a computer forensics lab. How many law-enforcement computer investigators should you request to staff the lab?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: B
NEW QUESTION 204
What does mactime, an essential part of the coroner's toolkit do?
- A. It can recover deleted file space and search it for data. However, it does not allow the investigator to preview them
- B. It is too specific to the MAC OS and forms a core component of the toolkit
- C. The tools scans for i-node information, which is used by other tools in the tool kit
- D. It traverses the file system and produces a listing of all files based on the modification, access and change timestamps
Answer: D
NEW QUESTION 205
What must be obtained before an investigation is carried out at a location?
- A. Modus operandi
- B. Subpoena
- C. Habeas corpus
- D. Search warrant
Answer: D
NEW QUESTION 206
John is using Firewalk to test the security of his Cisco PIX firewall. He is also utilizing a sniffer located on a subnet that resides deep inside his network. After analyzing the sniffer log files, he does not see any of the traffic produced by Firewalk. Why is that?
- A. Firewalk cannot pass through Cisco firewalls
- B. Firewalk cannot be detected by network sniffers
- C. Firewalk sets all packets with a TTL of one
- D. Firewalk sets all packets with a TTL of zero
Answer: C
NEW QUESTION 207
Volatile Memory is one of the leading problems for forensics. Worms such as code Red are memory resident and do write themselves to the hard drive, if you turn the system off they disappear. In a lab environment, which of the following options would you suggest as the most appropriate to overcome the problem of capturing volatile memory?
- A. Use VMware to be able to capture the data in memory and examine it
- B. Use intrusion forensic techniques to study memory resident infections
- C. Create a Separate partition of several hundred megabytes and place the swap file there
- D. Give the Operating System a minimal amount of memory, forcing it to use a swap file
Answer: C
NEW QUESTION 208
Under which Federal Statutes does FBI investigate for computer crimes involving e-mail scams and mail fraud?
- A. 18 U.S.C. 1831 Economic Espionage Act
- B. 18 U.S.C. 1029 Possession of Access Devices
- C. 18 U.S.C. 1343 Fraud by wire, radio or television
- D. 18 U.S.C. 1832 Trade Secrets Act
- E. 18 U.S.C. 1361 Injury to Government Property
- F. 18 U.S.C. 1030 Fraud and related activity in connection with computers
- G. 18 U.S.C. 1362 Government communication systems
Answer: F
NEW QUESTION 209
You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?
- A. A web server facing the Internet, an application server on the internal network, a database server on the internal network
- B. All three servers need to face the Internet so that they can communicate between themselves
- C. All three servers need to be placed internally
- D. A web server and the database server facing the Internet, an application server on the internal network
Answer: B
NEW QUESTION 210
Which of the following stand true for BIOS Parameter Block?
- A. The BIOS Partition Block always refers to the 512-byte boot sector
- B. The BIOS Partition Block is the first sector of a data storage device
- C. The BIOS Partition Block describes the physical layout of a data storage volume
- D. The length of BIOS Partition Block remains the same across all the file systems
Answer: C
NEW QUESTION 211
Checkpoint Firewall logs can be viewed through a Check Point Log viewer that uses icons and colors in the log table to represent different security events and their severity. What does the icon in the checkpoint logs represent?
- A. A virus was detected in an email
- B. An email was marked as potential spam
- C. The firewall dropped a connection
- D. The firewall rejected a connection
Answer: C
NEW QUESTION 212
This is original file structure database that Microsoft originally designed for floppy disks. It is written to the outermost track of a disk and contains information about each file stored on the drive.
- A. Master Boot Record (MBR)
- B. File Allocation Table (FAT)
- C. Master File Table (MFT)
- D. Disk Operating System (DOS)
Answer: B
NEW QUESTION 213
Which of the following file contains the traces of the applications installed, run, or uninstalled from a system?
- A. Image Files
- B. Prefetch Files
- C. Virtual files
- D. Shortcut Files
Answer: D
NEW QUESTION 214
A picture file is recovered from a computer under investigation. During the investigation process, the file is enlarged 500% to get a better view of its contents. The picture quality is not degraded at all from this process. What kind of picture is this file. What kind of picture is this file?
- A. Metafile image
- B. Raster image
- C. Catalog image
- D. Vector image
Answer: D
NEW QUESTION 215
Which of the following is NOT a physical evidence?
- A. Cables
- B. Publications
- C. Removable media
- D. Image file on a hard disk
Answer: D
NEW QUESTION 216
You are working as Computer Forensics investigator and are called by the owner of an accounting firm to investigate possible computer abuse by one of the firm's employees. You meet with the owner of the firm and discover that the company has never published a policy stating that they reserve the right to inspect their computing assets at will. What do you do?
- A. Inform the owner that conducting an investigation without a policy is not a problem because the company is privately owned
- B. Inform the owner that conducting an investigation without a policy is not a problem because a policy is only necessary for government agencies
- C. Inform the owner that conducting an investigation without a policy is a violation of the 4th amendment
- D. Inform the owner that conducting an investigation without a policy is a violation of the employee's expectation of privacy
Answer: D
NEW QUESTION 217
Michael works for Kimball Construction Company as senior security analyst. As part of yearly security audit, Michael scans his network for vulnerabilities. Using Nmap, Michael conducts XMAS scan and most of the ports scanned do not give a response. In what state are these ports?
- A. Filtered
- B. Closed
- C. Stealth
- D. Open
Answer: D
NEW QUESTION 218
In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?
- A. policy of separation
- B. rules of evidence
- C. law of probability
- D. chain of custody
Answer: D
NEW QUESTION 219
An expert witness is a __________________ who is normally appointed by a party to assist the formulation and preparation of a party's claim or defense.
- A. Expert in criminal investigation
- B. Subject matter specialist
- C. Witness present at the crime scene
- D. Expert law graduate appointed by attorney
Answer: B
NEW QUESTION 220
Jason discovered a file named $RIYG6VR.doc in the C:\$Recycle.Bin\<USER SID>\ while analyzing a hard disk image for the deleted dat a. What inferences can he make from the file name?
- A. It is a deleted doc file
- B. It is file deleted from R drive
- C. RIYG6VR.doc is the name of the doc file deleted from the system
- D. It is a doc file deleted in seventh sequential order
Answer: A
NEW QUESTION 221
Buffer overflow vulnerabilities, of web applications, occurs when the application fails to guard its buffer properly and allows writing beyond its maximum size. Thus, it overwrites the _________. There are multiple forms of buffer overflow, including a Heap Buffer Overflow and a Format String Attack.
- A. Adjacent bit blocks
- B. Adjacent string locations
- C. Adjacent buffer locations
- D. Adjacent memory locations
Answer: D
NEW QUESTION 222
Which of the following commands shows you the names of all open shared files on a server and the number of file locks on each file?
- A. Net config
- B. Net sessions
- C. Net file
- D. Net share
Answer: C
NEW QUESTION 223
When examining a hard disk without a write-blocker, you should not start windows because Windows will write data to the:
- A. Recycle Bin
- B. MSDOS.sys
- C. Case files
- D. BIOS
Answer: A
NEW QUESTION 224
When you carve an image, recovering the image depends on which of the following skills?
- A. Recovering the image from a tape backup
- B. Recognizing the pattern of a corrupt file
- C. Recovering the image from the tape backup
- D. Recognizing the pattern of the header content
Answer: D
NEW QUESTION 225
What does the 63.78.199.4(161) denotes in a Cisco router log?
Mar 14 22:57:53.425 EST: %SEC-6-IPACCESSLOGP: list internet-inbound denied udp 66.56.16.77(1029) -> 63.78.199.4(161), 1 packet
- A. Source IP address
- B. None of the above
- C. Login IP address
- D. Destination IP address
Answer: D
NEW QUESTION 226
......
Actual4Dumps 312-49v10 Exam Practice Test Questions : https://www.actual4dumps.com/312-49v10-study-material.html
312-49v10 Exam questions and answers: https://drive.google.com/open?id=1AjPPqn5MIJq5Hea9rums4GaMr8kx9rs4