Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil 312-49 - Computer Hacking Forensic Investigator

ECCouncil 312-49 Premium Access     Download Demo    
Page: 10 / 11
Total 531 questions

Jason discovered a file named $RIYG6VR.doc in the C:\$Recycle.Bin\\ while analyzing a hard disk image for the deleted data. What inferences can he make from the file name?

A.

It is a doc file deleted in seventh sequential order

B.

RIYG6VR.doc is the name of the doc file deleted from the system

C.

It is file deleted from R drive

D.

It is a deleted doc file

During an investigation of an XSS attack, the investigator comes across the term “[a-zA-Z0-9\%]+” in analyzed evidence details. What is the expression used for?

A.

Checks for upper and lower-case alphanumeric string inside the tag, or its hex representation

B.

Checks for forward slash used in HTML closing tags, its hex or double-encoded hex equivalent

C.

Checks for opening angle bracket, its hex or double-encoded hex equivalent

D.

Checks for closing angle bracket, hex or double-encoded hex equivalent

Larry is an IT consultant who works for corporations and government agencies. Larry plans on shutting down the city's network using BGP devices and zombies? What type of Penetration Testing is Larry planning to carry out?

A.

Router Penetration Testing

B.

DoS Penetration Testing

C.

Firewall Penetration Testing

D.

Internal Penetration Testing

Which of the following tools will help the investigator to analyze web server logs?

A.

XRY LOGICAL

B.

LanWhois

C.

Deep Log Monitor

D.

Deep Log Analyzer

The process of restarting a computer that is already turned on through the operating system is called?

A.

Warm boot

B.

Ice boot

C.

Hot Boot

D.

Cold boot

An on-site incident response team is called to investigate an alleged case of computer tampering within their company. Before proceeding with the investigation, the CEO informs them that the incident will be classified as low level. How long will the team have to respond to the incident?

A.

One working day

B.

Two working days

C.

Immediately

D.

Four hours

In Windows Security Event Log, what does an event id of 530 imply?

A.

Logon Failure – Unknown user name or bad password

B.

Logon Failure – User not allowed to logon at this computer

C.

Logon Failure – Account logon time restriction violation

D.

Logon Failure – Account currently disabled

When examining a hard disk without a write-blocker, you should not start windows because Windows will write data to the:

A.

Recycle Bin

B.

MSDOS.sys

C.

BIOS

D.

Case files

Amelia has got an email from a well-reputed company stating in the subject line that she has won a prize money, whereas the email body says that she has to pay a certain amount for being eligible for the contest. Which of the following acts does the email breach?

A.

CAN-SPAM Act

B.

HIPAA

C.

GLBA

D.

SOX

A small law firm located in the Midwest has possibly been breached by a computer hacker looking to obtain information on their clientele. The law firm does not have any on-site IT employees, but wants to search for evidence of the breach themselves to prevent any possible media attention. Why would this not be recommended?

A.

Searching for evidence themselves would not have any ill effects

B.

Searching could possibly crash the machine or device

C.

Searching creates cache files, which would hinder the investigation

D.

Searching can change date/time stamps

Where is the startup configuration located on a router?

A.

Static RAM

B.

BootROM

C.

NVRAM

D.

Dynamic RAM

A Linux system is undergoing investigation. In which directory should the investigators look for its current state data if the system is in powered on state?

A.

/auth

B.

/proc

C.

/var/log/debug

D.

/var/spool/cron/

%3cscript%3ealert(”XXXXXXXX”)%3c/script%3e is a script obtained from a Cross-Site Scripting attack. What type of encoding has the attacker employed?

A.

Double encoding

B.

Hex encoding

C.

Unicode

D.

Base64

What type of attack sends SYN requests to a target system with spoofed IP addresses?

A.

SYN flood

B.

Ping of death

C.

Cross site scripting

D.

Land

What binary coding is used most often for e-mail purposes?

A.

MIME

B.

Uuencode

C.

IMAP

D.

SMTP