Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil 312-49 - Computer Hacking Forensic Investigator

Page: 5 / 11
Total 531 questions

After attending a CEH security seminar, you make a list of changes you would like to perform on your network to increase its security. One of the first things you change is to switch the RestrictAnonymous setting from 0 to 1 on your servers. This, as you were told, would prevent anonymous users from establishing a null session on the server. Using Userinfo tool mentioned at the seminar, you succeed in establishing a null session with one of the servers. Why is that?

A.

RestrictAnonymous must be set to "10" for complete security

B.

RestrictAnonymous must be set to "3" for complete security

C.

RestrictAnonymous must be set to "2" for complete security

D.

There is no way to always prevent an anonymous null session from establishing

Harold is a web designer who has completed a website for ghttech.net. As part of the maintenance agreement he signed with the client, Harold is performing research online and seeing how much exposure the site has received so far. Harold navigates to google.com and types in the following search. link:www.ghttech.net What will this search produce?

A.

All sites that ghttech.net links to

B.

All sites that link to ghttech.net

C.

All search engines that link to .net domains

D.

Sites that contain the code: link:www.ghttech.net

Which of the following application password cracking tool can discover all password-protected items on a computer and decrypts them?

A.

TestDisk for Windows

B.

R-Studio

C.

Windows Password Recovery Bootdisk

D.

Passware Kit Forensic

Why would you need to find out the gateway of a device when investigating a wireless attack?

A.

The gateway will be the IP of the proxy server used by the attacker to launch the attack

B.

The gateway will be the IP of the attacker computer

C.

The gateway will be the IP used to manage the RADIUS server

D.

The gateway will be the IP used to manage the access point

When a user deletes a file or folder, the system stores complete path including the original filename is a special hidden file called “INFO2” in the Recycled folder. If the INFO2 file is deleted, it is recovered when you ______________________.

A.

Undo the last action performed on the system

B.

Reboot Windows

C.

Use a recovery tool to undelete the file

D.

Download the file from Microsoft website

When obtaining a warrant, it is important to:

A.

particularlydescribe the place to be searched and particularly describe the items to be seized

B.

generallydescribe the place to be searched and particularly describe the items to be seized

C.

generallydescribe the place to be searched and generally describe the items to be seized

D.

particularlydescribe the place to be searched and generally describe the items to be seized

Which tool does the investigator use to extract artifacts left by Google Drive on the system?

A.

PEBrowse Professional

B.

RegScanner

C.

RAM Capturer

D.

Dependency Walker

When needing to search for a website that is no longer present on the Internet today but was online few years back, what site can be used to view the website collection of pages?

A.

Proxify.net

B.

Dnsstuff.com

C.

Samspade.org

D.

Archive.org

What does the 56.58.152.114(445) denote in a Cisco router log?

Jun 19 23:25:46.125 EST: %SEC-4-IPACCESSLOGP: list internet-inbound denied udp 67.124.115.35(8084) -> 56.58.152.114(445), 1 packet

A.

Source IP address

B.

None of the above

C.

Login IP address

D.

Destination IP address

Which of the following tasks DOES NOT come under the investigation phase of a cybercrime forensics investigation case?

A.

Data collection

B.

Secure the evidence

C.

First response

D.

Data analysis

You are running through a series of tests on your network to check for any security vulnerabilities.

After normal working hours, you initiate a DoS attack against your external firewall. The firewall Quickly freezes up and becomes unusable. You then initiate an FTP connection from an external IP into your internal network. The connection is successful even though you have FTP blocked at the external firewall. What has happened?

A.

The firewall failed-bypass

B.

The firewall failed-closed

C.

The firewall ACL has been purged

D.

The firewall failed-open

Julia is a senior security analyst for Berber Consulting group. She is currently working on a contract for a small accounting firm in Florid a. They have given her permission to perform social engineering attacks on the company to see if their in-house training did any good. Julia calls the main number for the accounting firm and talks to the receptionist. Julia says that she is an IT technician from the company's main office in Iowa. She states that she needs the receptionist's network username and password to troubleshoot a problem they are having. Julia says that Bill Hammond, the CEO of the company, requested this information. After hearing the name of the CEO, the receptionist gave Julia all the information she asked for. What principal of social engineering did Julia use?

A.

Social Validation

B.

Scarcity

C.

Friendship/Liking

D.

Reciprocation

Which among the following is an act passed by the U.S. Congress in 2002 to protect investors from the possibility of fraudulent accounting activities by corporations?

A.

HIPAA

B.

GLBA

C.

SOX

D.

FISMA

What type of attack sends spoofed UDP packets (instead of ping packets) with a fake source address to the IP broadcast address of a large network?

A.

Fraggle

B.

Smurf scan

C.

SYN flood

D.

Teardrop

Jason has set up a honeypot environment by creating a DMZ that has no physical or logical access to his production network. In this honeypot, he has placed a server running Windows Active Directory. He has also placed a Web server in the DMZ that services a number of web pages that offer visitors a chance to download sensitive information by clicking on a button. A week later, Jason finds in his network logs how an intruder accessed the honeypot and downloaded sensitive information. Jason uses the logs to try and prosecute the intruder for stealing sensitive corporate information. Why will this not be viable?

A.

Entrapment

B.

Enticement

C.

Intruding into a honeypot is not illegal

D.

Intruding into a DMZ is not illegal