Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil 312-49v9 - Computer Hacking Forensic Investigator (v9)

ECCouncil 312-49v9 Premium Access     Download Demo    
Page: 10 / 12
Total 589 questions

Bob works as information security analyst for a big finance company. One day, the anomaly-based intrusion detection system alerted that a volumetric DDOS targeting the main IP of the main web server was occurring. What kind of attack is it?

A.

IDS attack

B.

APT

C.

Web application attack

D.

Network attack

When is it appropriate to use computer forensics?

A.

If copyright and intellectual property theft/misuse has occurred

B.

If employees do not care for their boss management techniques

C.

If sales drop off for no apparent reason for an extended period of time

D.

If a financial institution is burglarized by robbers

Madison is on trial for allegedly breaking into her university internal network. The police raided her dorm room and seized all of her computer equipment. Madison lawyer is trying to convince the judge that the seizure was unfounded and baseless. Under which US Amendment is Madison lawyer trying to prove the police violated?

A.

The 10th Amendment

B.

The 5th Amendment

C.

The 1st Amendment

D.

The 4th Amendment

Which of the following is a database in which information about every file and directory on an NT File System (NTFS) volume is stored?

A.

Volume Boot Record

B.

Master Boot Record

C.

GUID Partition Table

D.

Master File Table

Casey has acquired data from a hard disk in an open source acquisition format that allows her to generate compressed or uncompressed image files. What format did she use?

A.

Portable Document Format

B.

Advanced Forensics Format (AFF)

C.

Proprietary Format

D.

Raw Format

What must be obtained before an investigation is carried out at a location?

A.

Search warrant

B.

Subpoena

C.

Habeas corpus

D.

Modus operandi

Which of the following is a record of the characteristics of a file system, including its size, the block size, the empty and the filled blocks and their respective counts, the size and location of the inode tables, the disk block map and usage information, and the size of the block groups?

A.

Inode bitmap block

B.

Superblock

C.

Block bitmap block

D.

Data block

What will the following command accomplish in Linux?

fdisk /dev/hda

A.

Partition the hard drive

B.

Format the hard drive

C.

Delete all files under the /dev/hda folder

D.

Fill the disk with zeros

While presenting his case to the court, Simon calls many witnesses to the stand to testify. Simon decides to call Hillary Taft, a lay witness, to the stand. Since Hillary is a lay witness, what field would she be considered an expert in?

A.

Technical material related to forensics

B.

No particular field

C.

Judging the character of defendants/victims

D.

Legal issues

Your company's network just finished going through a SAS 70 audit. This audit reported that overall, your network is secure, but there are some areas that needs improvement. The major area was SNMP security. The audit company recommended turning off SNMP, but that is not an option since you have so many remote nodes to keep track of. What step could you take to help secure SNMP on your network?

A.

Block all internal MAC address from using SNMP

B.

Block access to UDP port 171

C.

Block access to TCP port 171

D.

Change the default community string names

What is considered a grant of a property right given to an individual who discovers or invents a new machine, process, useful composition of matter or manufacture?

A.

Copyright

B.

Design patent

C.

Trademark

D.

Utility patent

What is the size value of a nibble?

A.

0.5 kilo byte

B.

0.5 bit

C.

0.5 byte

D.

2 bits

Which of the following files gives information about the client sync sessions in Google Drive on Windows?

A.

sync_log.log

B.

Sync_log.log

C.

sync.log

D.

Sync.log

What type of attack sends spoofed UDP packets (instead of ping packets) with a fake source address to the IP broadcast address of a large network?

A.

Fraggle

B.

Smurf scan

C.

SYN flood

D.

Teardrop

After attending a CEH security seminar, you make a list of changes you would like to perform on your network to increase its security. One of the first things you change is to switch the RestrictAnonymous setting from 0 to 1 on your servers. This, as you were told, would prevent anonymous users from establishing a null session on the server. Using Userinfo tool mentioned at the seminar, you succeed in establishing a null session with one of the servers. Why is that?

A.

RestrictAnonymous must be set to "10" for complete security

B.

RestrictAnonymous must be set to "3" for complete security

C.

RestrictAnonymous must be set to "2" for complete security

D.

There is no way to always prevent an anonymous null session from establishing