• Home
  • Articles
  • Get New 2021 EC-COUNCIL 312-49 Exam Dumps Bundle On flat Updated Dumps! [Q72-Q97]

Get New 2021 EC-COUNCIL 312-49 Exam Dumps Bundle On flat Updated Dumps! [Q72-Q97]

Share

Get New 2021 EC-COUNCIL exam 312-49 Dumps Bundle On flat Updated Dumps!

Full 312-49 Practice Test and 150 unique questions with explanations waiting just for you, get it now!

NEW QUESTION 72
Chris has been called upon to investigate a hacking incident reported by one of his clients. The company suspects the involvement of an insider accomplice in the attack. Upon reaching the incident scene, Chris secures the physical area, records the scene using visual media. He shuts the system down by pulling the power plug so that he does not disturb the system in any way. He labels all cables and connectors prior to disconnecting any. What do you think would be the next sequence of events?

  • A. Secure the evidence; prepare the system for acquisition; Connect the target media; copy the media
  • B. Prepare the system for acquisition; Connect the target media; copy the media; Secure the evidence
  • C. Connect the target media; prepare the system for acquisition; Secure the evidence; Copy the media
  • D. Connect the target media; Prepare the system for acquisition; Secure the evidence; Copy the media

Answer: B

 

NEW QUESTION 73
Julie is a college student majoring in Information Systems and Computer Science. She is currently writing an essay for her computer crimes class. Julie paper focuses on white- collar crimes in America and how forensics investigators investigate the cases. Julie would like to focus the subjectJulie? paper focuses on white-collar crimes in America and how forensics investigators investigate the cases. Julie would like to focus the subject of the essay on the most common type of crime found in corporate America. What crime should
Julie focus on?

  • A. Industrial espionage
  • B. Denial of Service attacks
  • C. Physical theft
  • D. Copyright infringement

Answer: A

 

NEW QUESTION 74
After attending a CEH security seminar, you make a list of changes you would like to perform on your network to increase its security. One of the first things you change is to switch the RestrictAnonymous setting from 0 to
1 on your servers. This, as you were told, would prevent anonymous users from establishing a null session on the server. Using Userinfo tool mentioned at the seminar, you succeed in establishing a null session with one of the servers. Why is that?

  • A. RestrictAnonymous must be set to "3" for complete security
  • B. RestrictAnonymous must be set to "2" for complete security
  • C. RestrictAnonymous must be set to "10" for complete security
  • D. There is no way to always prevent an anonymous null session from establishing

Answer: B

 

NEW QUESTION 75
Why is it still possible to recover files that have been emptied from the Recycle Bin on a
Windows computer?

  • A. The data is still present until the original location of the file is used
  • B. The data is moved to the Restore directory and is kept there indefinitely
  • C. The data will reside in the L2 cache on a Windows computer until it is manually deleted
  • D. It is not possible to recover data that has been emptied from the Recycle Bin

Answer: A

 

NEW QUESTION 76
What technique used by Encase makes it virtually impossible to tamper with evidence once it has been acquired?

  • A. Every byte of the file(s) is copied to three different hard drives
  • B. Every byte of the file(s) is verified using 32-bit CRC
  • C. Every byte of the file(s) is given an MD5 hash to match against a master file
  • D. Every byte of the file(s) is encrypted using three different methods

Answer: B

Explanation:
Explanation/Reference:

 

NEW QUESTION 77
Simon is a former employee of Trinitron XML Inc. He feels he was wrongly terminated and wants to hack into his former company's network. Since Simon remembers some of the server names, he attempts to run the axfr and ixfr commands using DIG. What is Simon trying to accomplish here?

  • A. Enumerate all the users in the domain
  • B. Send DOS commands to crash the DNS servers
  • C. Perform DNS poisoning
  • D. Perform a zone transfer

Answer: D

 

NEW QUESTION 78
Microsoft Outlook maintains email messages in a proprietary format in what type of file?

  • A. .pst
  • B. .doc
  • C. .email
  • D. .mail

Answer: A

 

NEW QUESTION 79
In the following directory listing,

which file should be used to restore archived email messages for someone using Microsoft
Outlook?

  • A. Outlook bak
  • B. Outlook pst
  • C. Outlook NK2
  • D. Outlook ost

Answer: B

 

NEW QUESTION 80
Item 2If you come across a sheepdip machine at your client site, what would you infer?

  • A. A sheepdip coordinates several honeypots
  • B. A sheepdip computer defers a denial of service attack
  • C. A sheepdip computer is used only for virus-checking.
  • D. A sheepdip computer is another name for a honeypot

Answer: C

 

NEW QUESTION 81
Which forensic investigating concept trails the whole incident from how the attack began to how the victim was affected?

  • A. Point-to-point
  • B. Thorough
  • C. Complete event analysis
  • D. End-to-end

Answer: D

 

NEW QUESTION 82
When needing to search for a website that is no longer present on the Internet today but was online few years back, what site can be used to view the website collection of pages?view the website? collection of pages?

  • A. Samspade.org
  • B. Dnsstuff.com
  • C. Proxify.net
  • D. Archive.org

Answer: D

 

NEW QUESTION 83
This is original file structure database that Microsoft originally designed for floppy disks. It is written to the outermost track of a disk and contains information about each file stored on the drive.

  • A. Disk Operating System (DOS)
  • B. Master File Table (MFT)
  • C. File Allocation Table (FAT)
  • D. Master Boot Record (MBR)

Answer: C

 

NEW QUESTION 84
An investigator is analyzing a checkpoint firewall log and comes across symbols. What type of log is he looking at?

  • A. Malicious URL detected
  • B. An email marked as potential spam
  • C. Security event was monitored but not stopped
  • D. Connection rejected

Answer: B

Explanation:
Explanation/Reference:

 

NEW QUESTION 85
Diskcopy is:

  • A. Digital Intelligence utility
  • B. dd copying tool
  • C. a utility by AccessData
  • D. a standard MS-DOS command

Answer: D

Explanation:
Explanation/Reference:
Explanation:
diskcopy is a STANDARD DOS utility. C:\WINDOWS>diskcopy /? Copies the contents of one floppy disk to another.

 

NEW QUESTION 86
George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP programs without obtaining approval from the IT department. Few managers are using SFTP program on their computers. Before talking to his boss, George wants to have some proof of their activity. George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network.
What filter should George use in Ethereal?

  • A. net port 22
  • B. udp port 22 and host 172.16.28.1/24
  • C. src port 22 and dst port 22
  • D. src port 23 and dst port 23

Answer: C

 

NEW QUESTION 87
All Blackberry email is eventually sent and received through what proprietary RIM-operated mechanism?

  • A. Blackberry Message Center
  • B. Blackberry WEP gateway
  • C. Microsoft Exchange
  • D. Blackberry WAP gateway

Answer: A

 

NEW QUESTION 88
Which of the following is a list of recently used programs or opened files?

  • A. Master File Table (MFT)
  • B. Most Recently Used (MRU)
  • C. Recently Used Programs (RUP)
  • D. GUID Partition Table (GPT)

Answer: B

 

NEW QUESTION 89
What is considered a grant of a property right given to an individual who discovers or invents a new machine, process, useful composition of matter or manufacture?

  • A. Design patent
  • B. Trademark
  • C. Copyright
  • D. Utility patent

Answer: D

 

NEW QUESTION 90
Windows identifies which application to open a file with by examining which of the following?

  • A. The File extension
  • B. The file signature at the beginning of the file
  • C. The file Signature at the end of the file
  • D. The file attributes

Answer: A

 

NEW QUESTION 91
Using Internet logging software to investigate a case of malicious use of computers, the investigator comes across some entries that appear odd.

From the log, the investigator can see where the person in question went on the Internet. From the log, it appears that the user was manually typing in different user ID numbers. What technique this user was trying?

  • A. Cross site scripting
  • B. Cookie Poisoning
  • C. Parameter tampering
  • D. SQL injection

Answer: C

 

NEW QUESTION 92
Area density refers to:

  • A. the amount of data per partition
  • B. the amount of data per disk
  • C. the amount of data per square inch
  • D. the amount of data per platter

Answer: B

 

NEW QUESTION 93
Bob has been trying to penetrate a remote production system for the past two weeks. This time however, he is able to get into the system. He was able to use the System for a period of three weeks. However, law enforcement agencies were recoding his every activity and this was later presented as evidence.
The organization had used a Virtual Environment to trap Bob. What is a Virtual Environment?

  • A. A system Using Trojaned commands
  • B. A Honeypot that traps hackers
  • C. An environment set up after the user logs in
  • D. An environment set up before a user logs in

Answer: B

 

NEW QUESTION 94
When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?

  • A. Active IDS
  • B. Progressive IDS
  • C. Passive IDS
  • D. NIPS

Answer: A

 

NEW QUESTION 95
In the following email header, where did the email first originate from?

  • A. Simon1.state.ok.gov.us
  • B. Smtp1.somedomain.com
  • C. Somedomain.com
  • D. David1.state.ok.gov.us

Answer: A

 

NEW QUESTION 96
What feature of Windows is the following command trying to utilize?

  • A. White space
  • B. Slack file
  • C. AFS
  • D. ADS

Answer: D

 

NEW QUESTION 97
......

Reduce Your Chance of Failure in 312-49 Exam: https://www.actual4dumps.com/312-49-study-material.html

 

Related Articles

more
EC-COUNCIL 312-49 Certification Practice Exam

Copyright © 2026 Actual4Dumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimer:
Actual4Dumps doesn't offer Real SAP Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates
Actual4Dumps material do not contain actual actual Oracle Exam Questions or material.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation
Actual4Dumps Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Actual4Dumps does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Actual4Dumps does not own or claim any ownership on any of the brands.