Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil 312-49 - Computer Hacking Forensic Investigator

ECCouncil 312-49 Premium Access     Download Demo    
Page: 11 / 11
Total 531 questions

As a security analyst, you setup a false survey website that will require users to create a username and a strong password. You send the link to all the employees of the company. What information will you be able to gather?

A.

The IP address of the employees’ computers

B.

Bank account numbers and the corresponding routing numbers

C.

The employees network usernames and passwords

D.

The MAC address of the employees’ computers

What are the security risks of running a "repair" installation for Windows XP?

A.

Pressing Shift+F10gives the user administrative rights

B.

Pressing Shift+F1gives the user administrative rights

C.

Pressing Ctrl+F10 gives the user administrative rights

D.

There are no security risks when running the "repair" installation for Windows XP

UEFI is a specification that defines a software interface between an OS and platform firmware. Where does this interface store information about files present on a disk?

A.

BIOS-MBR

B.

GUID Partition Table (GPT)

C.

Master Boot Record (MBR)

D.

BIOS Parameter Block

Korey, a data mining specialist in a knowledge processing firm DataHub.com, reported his CISO that he has lost certain sensitive data stored on his laptop. The CISO wants his forensics investigation team to find if the data loss was accident or intentional. In which of the following category this case will fall?

A.

Civil Investigation

B.

Administrative Investigation

C.

Both Civil and Criminal Investigations

D.

Criminal Investigation

What malware analysis operation can the investigator perform using the jv16 tool?

A.

Files and Folder Monitor

B.

Installation Monitor

C.

Network Traffic Monitoring/Analysis

D.

Registry Analysis/Monitoring

If an attacker's computer sends an IPID of 31400 to a zombie computer on an open port in IDLE scanning, what will be the response?

A.

The zombie will not send a response

B.

31402

C.

31399

D.

31401

Which of the following is a list of recently used programs or opened files?

A.

Most Recently Used (MRU)

B.

Recently Used Programs (RUP)

C.

Master File Table (MFT)

D.

GUID Partition Table (GPT)

One way to identify the presence of hidden partitions on a suspect's hard drive is to:

A.

Add up the total size of all known partitions and compare it to the total size of the hard drive

B.

Examine the FAT and identify hidden partitions by noting an H in the partition Type field

C.

Examine the LILO and note an H in the partition Type field

D.

It is not possible to have hidden partitions on a hard drive

When investigating a wireless attack, what information can be obtained from the DHCP logs?

A.

The operating system of the attacker and victim computers

B.

IP traffic between the attacker and the victim

C.

MAC address of the attacker

D.

If any computers on the network are running in promiscuous mode