Best Quality EC-COUNCIL 312-49v9 Exam Questions VCE4Plus Realistic Practice Exams [2021]
Critical Information To ECCouncil Computer Hacking Forensic Investigator (V9) Pass the First Time
EC-COUNCIL 312-49v9 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
NEW QUESTION 165
Annie is searching for certain deleted files on a system running Windows XP OS. Where will she find the files if they were not completely deleted from the system?
- A. C: \$Recycle.Bin
- B. C:\$RECYCLER
- C. C:\RECYCLER
- D. C: $Recycled.Bin
Answer: A
NEW QUESTION 166
You are assigned to work in the computer forensics lab of a state police agency. While working on a high profile criminal case, you have followed every applicable procedure, however your boss is still concerned that the defense attorney might question wheather evidence has been changed while at the lab. What can you do to prove that the evidence is the same as it was when it first entered the lab?
- A. There is no reason to worry about this possible claim because state labs are certified
- B. Sign a statement attesting that the evidence is the same as it was when it entered the lab
- C. Make MD5 hashes of the evidence and compare it with the original MD5 hash that was taken when the evidence first entered the lab
- D. Make MD5 hashes of the evidence and compare it to the standard database developed by NIST
Answer: C
NEW QUESTION 167
After suspecting a change in MS-Exchange Server storage archive, the investigator has analyzed it. Which of the following components is not an actual part of the archive?
- A. PUB.STM
- B. PRIV.STM
- C. PUB.EDB
- D. PRIV.EDB
Answer: A
NEW QUESTION 168
After passively scanning the network of Department of Defense (DoD), you switch over to active scanning to identify live hosts on their network. DoD is a large organization and should respond to any number of scans. You start an ICMP ping sweep by sending an IP packet to the broadcast address. Only five hosts responds to your ICMP pings; definitely not the number of hosts you were expecting. Why did this ping sweep only produce a few responses?
- A. Only IBM AS/400 will reply to this scan
- B. Only Unix and Unix-like systems will reply to this scan
- C. Only Windows systems will reply to this scan
- D. A switched network will not respond to packets sent to the broadcast address
Answer: B
NEW QUESTION 169
The use of warning banners helps a company avoid litigation by overcoming an employees assumed _________ when connecting to the company intranet, network, or virtual private network (VPN) and will allow the company investigators to monitor, search, and retrievecompany? intranet, network, or virtual private network (VPN) and will allow the company? investigators to monitor, search, and retrieve information stored within the network.
- A. Right of privacy
- B. Right to work
- C. Right of free speech
- D. Right to Internet access
Answer: A
NEW QUESTION 170
John is working on his company policies and guidelines. The section he is currently working on covers company documents; how they should be handled, stored, and eventually destroyed. John is concerned about the process whereby outdated documents are destroyed. What type of shredder should John write in the guidelines to be used when destroying documents?
- A. Strip-cut shredder
- B. Cross-cut shredder
- C. Cris-cross shredder
- D. Cross-hatch shredder
Answer: B
NEW QUESTION 171
Billy, a computer forensics expert, has recovered a large number of DBX files during forensic investigation of a laptop. Which of the following email clients he can use to analyze the DBX files?
- A. Eudora
- B. Microsoft Outlook Express
- C. Mozilla Thunderoird
- D. Microsoft Outlook
Answer: B
NEW QUESTION 172
When reviewing web logs, you see an entry for resource not found in the HTTP status code filed.
What is the actual error code that you would see in the log for resource not found?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: B
NEW QUESTION 173
Which device in a wireless local area network (WLAN) determines the next network point to which a packet should be forwarded toward its destination?
- A. Wireless modem
- B. Antenna
- C. Mobile station
- D. Wireless router
Answer: D
NEW QUESTION 174
An employee is attempting to wipe out data stored on a couple of compact discs (CDs) and digital video discs (DVDs) by using a large magnet. You inform him that this method will not be effective in wiping out the data because CDs and DVDs are _________ media used to store large amounts of data and are not affected by the magnet.
- A. Optical
- B. Anti-Magnetic
- C. Logical
- D. Magnetic
Answer: A
NEW QUESTION 175
Which of the following statements does not support the case assessment?
- A. Identify the legal authority for the forensic examination request
- B. Do not document the chain of custody
- C. Review the case investigator's request for service
- D. Discuss whether other forensic processes need to be performed on the evidence
Answer: B
NEW QUESTION 176
> NMAP -sn 192.168.11.200-215 The NMAP command above performs which of the following?
- A. A port scan
- B. A ping scan
- C. An operating system detect
- D. A trace sweep
Answer: B
NEW QUESTION 177
Volatile Memory is one of the leading problems for forensics.
Worms such as code Red are memory resident and do not write themselves to the hard drive, if you turn the system off they disappear.
In a lab environment, which of the following options would you suggest as the most appropriate to overcome the problem of capturing volatile memory?
- A. Use intrusion forensic techniques to study memory resident infections
- B. Use Vmware to be able to capture the data in memory and examine it
- C. Create a Separate partition of several hundred megabytes and place the swap file there
- D. Give the Operating System a minimal amount of memory, forcing it to use a swap file
Answer: B,C
NEW QUESTION 178
Daryl, a computer forensics investigator, has just arrived at the house of an alleged computer hacker. Daryl takes pictures and tags all computer and peripheral equipment found in the house. Daryl packs all the items found in his van and takes them back to his lab for further examination. At his lab, Michael his assistant helps him with the investigation. Since Michael is still in training, Daryl supervises all of his work very carefully.
Michael is not quite sure about the procedures to copy all the data off the computer and peripheral devices. How many data acquisition tools should Michael use when creating copies of the evidence for the investigation?
- A. Three
- B. Four
- C. One
- D. Two
Answer: D
NEW QUESTION 179
UEFI is a specification that defines a software interface between an OS and platform firmware. Where does this interface store information about files present on a disk?
- A. BIOS-MBR
- B. Master Boot Record (MBR)
- C. GUID Partition Table (GPT)
- D. BIOS Parameter Block
Answer: C
NEW QUESTION 180
You work as a penetration tester for Hammond Security Consultants. You are currently working on a contract for the state government of California. Your next step is to initiate a DoS attack on their network. Why would you want to initiate a DoS attack on a system you are testing?
- A. Show outdated equipment so it can be replaced
- B. Demonstrate that no system can be protected against DoS attacks
- C. Use attack as a launching point to penetrate deeper into the network
- D. List weak points on their network
Answer: D
NEW QUESTION 181
Which part of the Windows Registry contains the user's password file?
- A. HKEY_CURRENT_USER
- B. HKEY_LOCAL_MACHINE
- C. HKEY_USER
- D. HKEY_CURRENT_CONFIGURATION
Answer: B
NEW QUESTION 182
In a forensic examination of hard drives for digital evidence, what type of user is most likely to have the most file slack to analyze?
- A. one who has NTFS 4 or 5 partitions
- B. one who has lots of allocation units per block or cluster
- C. one who uses hard disk writes on IRQ 13 and 21
- D. one who uses dynamic swap file capability
Answer: B
NEW QUESTION 183
What is the name of the Standard Linux Command that is also available as windows application that can be used to create bit-stream images?
- A. mcopy
- B. dd
- C. image
- D. MD5
Answer: B
NEW QUESTION 184
A mobile operating system manages communication between the mobile device and other compatible devices like computers, televisions, or printers.
Which mobile operating system architecture is represented here?
- A. Windows Phone 7 Architecture
- B. webOS System Architecture
- C. Symbian OS Architecture
- D. Android OS Architecture
Answer: D
NEW QUESTION 185
Which of the following protocols allows non-ASCII files, such as video, graphics, and audio, to be sent through the email messages?
- A. BINHEX
- B. MIME
- C. UUCODE
- D. UT-16
Answer: B
NEW QUESTION 186
E-mail logs contain which of the following information to help you in your investigation?
(Select up to 4)
- A. user account that was used to send the account
- B. date and time the message was sent
- C. attachments sent with the e-mail message
- D. unique message identifier
- E. contents of the e-mail message
Answer: A,B,D,E
NEW QUESTION 187
......
312-49v9 EXAM DUMPS WITH GUARANTEED SUCCESS: https://www.vce4plus.com/EC-COUNCIL/312-49v9-valid-vce-dumps.html