Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil 312-49v9 - Computer Hacking Forensic Investigator (v9)

ECCouncil 312-49v9 Premium Access     Download Demo    
Page: 11 / 12
Total 589 questions

What is the CIDR from the following screenshot?

A.

/24A./24A./24

B.

/32 B./32 B./32

C.

/16 C./16 C./16

D.

/8D./8D./8

To which phase of the Computer Forensics Investigation Process does the Planning and Budgeting of a Forensics Lab belong?

A.

Post-investigation Phase

B.

Reporting Phase

C.

Pre-investigation Phase

D.

Investigation Phase

Pagefile.sys is a virtual memory file used to expand the physical memory of a computer. Select the registry path for the page file:

A.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

B.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\System Management

C.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Device Management

D.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters

Smith, a forensic examiner, was analyzing a hard disk image to find and acquire deleted sensitive files. He stumbled upon a $Recycle.Bin folder in the root directory of the disk. Identify the operating system in use.

A.

Windows 98

B.

Linux

C.

Windows 8.1

D.

Windows XP

Which of the following is an iOS Jailbreaking tool?

A.

Kingo Android ROOT

B.

Towelroot

C.

One Click Root

D.

Redsn0w

Where does Encase search to recover NTFS files and folders?

A.

MBR

B.

MFT

C.

Slack space

D.

HAL

Data is striped at a byte level across multiple drives, and parity information is distributed among all member drives.

What RAID level is represented here?

A.

RAID Level 0

B.

RAID Level 5

C.

RAID Level 3

D.

RAID Level 1

What will the following Linux command accomplish?

dd if=/dev/mem of=/home/sam/mem.bin bs=1024

A.

Copy the master boot record to a file

B.

Copy the contents of the system folder to a file

C.

Copy the running memory to a file

D.

Copy the memory dump file to an image file

In Steganalysis, which of the following describes a Known-stego attack?

A.

The hidden message and the corresponding stego-image are known

B.

During the communication process, active attackers can change cover

C.

Original and stego-object are available and the steganography algorithm is known

D.

Only the steganography medium is available for analysis

Stephen is checking an image using Compare Files by The Wizard, and he sees the file signature is shown as FF D8 FF E1. What is the file type of the image?

A.

gif

B.

bmp

C.

jpeg

D.

png

What layer of the OSI model do TCP and UDP utilize?

A.

Data Link

B.

Network

C.

Transport

D.

Session

At what layer does a cross site scripting attack occur on?

A.

Presentation

B.

Application

C.

Session

D.

Data Link

If you are concerned about a high level of compression but not concerned about any possible data loss, what type of compression would you use?

A.

Lossful compression

B.

Lossy compression

C.

Lossless compression

D.

Time-loss compression

Which network attack is described by the following statement? "At least five Russian major banks came under a continuous hacker attack, although online client services were not disrupted. The attack came from a wide-scale botnet involving at least 24,000 computers, located in 30 countries."

A.

Man-in-the-Middle Attack

B.

Sniffer Attack

C.

Buffer Overflow

D.

DDoS

Which of the following is a list of recently used programs or opened files?

A.

Most Recently Used (MRU)

B.

Recently Used Programs (RUP)

C.

Master File Table (MFT)

D.

GUID Partition Table (GPT)