Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil 312-49 - Computer Hacking Forensic Investigator

ECCouncil 312-49 Premium Access     Download Demo    
Page: 8 / 11
Total 531 questions

What is the following command trying to accomplish?

A.

Verify that UDP port 445 is open for the 192.168.0.0 network

B.

Verify that TCP port 445 is open for the 192.168.0.0 network

C.

Verify that NETBIOS is running for the 192.168.0.0 network

D.

Verify that UDP port 445 is closed for the 192.168.0.0 network

What hashing method is used to password protect Blackberry devices?

A.

AES

B.

RC5

C.

MD5

D.

SHA-1

NTFS has reduced slack space than FAT, thus having lesser potential to hide data in the slack space. This is because:

A.

FAT does not index files

B.

NTFS is a journaling file system

C.

NTFS has lower cluster size space

D.

FAT is an older and inefficient file system

You are working as Computer Forensics investigator and are called by the owner of an accounting firm to investigate possible computer abuse by one of the firm’s employees. You meet with the owner of the firm and discover that the company has never published a policy stating that they reserve the right to inspect their computing assets at will. What do you do?

A.

Inform the owner that conducting an investigation without a policy is not a problem because the company is privately owned

B.

Inform the owner that conducting an investigation without a policy is a violation of the 4th amendment

C.

Inform the owner that conducting an investigation without a policy is a violation of the employee’s expectation of privacy

D.

Inform the owner that conducting an investigation without a policy is not a problem because a policy is only necessary for government agencies

Which command can provide the investigators with details of all the loaded modules on a Linux-based system?

A.

list modules -a

B.

lsmod

C.

plist mod -a

D.

lsof -m

You have used a newly released forensic investigation tool, which doesn't meet the Daubert Test, during a case. The case has ended-up in court. What argument could the defense make to weaken your case?

A.

The tool hasn't been tested by the International Standards Organization (ISO)

B.

Only the local law enforcement should use the tool

C.

The total has not been reviewed and accepted by your peers

D.

You are not certified for using the tool

You are a computer forensics investigator working with local police department and you are called to assist in an investigation of threatening emails. The complainant has printer out 27 email messages from the suspect and gives the printouts to you. You inform her that you will need to examine her computer because you need access to the _________________________ in order to track the emails back to the suspect.

A.

Routing Table

B.

Firewall log

C.

Configuration files

D.

Email Header

Which of the following files DOES NOT use Object Linking and Embedding (OLE) technology to embed and link to other objects?

A.

Portable Document Format

B.

MS-office Word Document

C.

MS-office Word OneNote

D.

MS-office Word PowerPoint

This is original file structure database that Microsoft originally designed for floppy disks. It is written to the outermost track of a disk and contains information about each file stored on the drive.

A.

Master Boot Record (MBR)

B.

Master File Table (MFT)

C.

File Allocation Table (FAT)

D.

Disk Operating System (DOS)

When searching through file headers for picture file formats, what should be searched to find a JPEG file in hexadecimal format?

A.

FF D8 FF E0 00 10

B.

FF FF FF FF FF FF

C.

FF 00 FF 00 FF 00

D.

EF 00 EF 00 EF 00

An Expert witness give an opinion if:

A.

The Opinion, inferences or conclusions depend on special knowledge, skill or training not within the ordinary experience of lay jurors

B.

To define the issues of the case for determination by the finder of fact

C.

To stimulate discussion between the consulting expert and the expert witness

D.

To deter the witness form expanding the scope of his or her investigation beyond the requirements of the case

Richard is extracting volatile data from a system and uses the command doskey/history. What is he trying to extract?

A.

Events history

B.

Previously typed commands

C.

History of the browser

D.

Passwords used across the system

After suspecting a change in MS-Exchange Server storage archive, the investigator has analyzed it. Which of the following components is not an actual part of the archive?

A.

PRIV.STM

B.

PUB.EDB

C.

PRIV.EDB

D.

PUB.STM

The Apache server saves diagnostic information and error messages that it encounters while processing requests. The default path of this file is usr/local/apache/logs/error.log in Linux. Identify the Apache error log from the following logs.

A.

http://victim.com/scripts/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..% c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+C:\Winnt\system32\Logfiles\W3SVC1

B.

[Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1] client denied by server configuration: /export/home/live/ap/htdocs/test

C.

127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700]"GET /apache_pb.gif HTTP/1.0" 200 2326

D.

127.0.0.1 - - [10/Apr/2007:10:39:11 +0300] ] [error] "GET /apache_pb.gif HTTP/1.0" 200 2326

An investigator has found certain details after analysis of a mobile device. What can reveal the manufacturer information?

A.

Equipment Identity Register (EIR)

B.

Electronic Serial Number (ESN)

C.

International mobile subscriber identity (IMSI)

D.

Integrated circuit card identifier (ICCID)