Cyber Monday Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

ECCouncil 312-49v9 - Computer Hacking Forensic Investigator (v9)

ECCouncil 312-49v9 Premium Access     Download Demo    
Page: 2 / 12
Total 589 questions

Event correlation is the process of finding relevance between the events that produce a final result. What type of correlation will help an organization to correlate events across a set of servers, systems, routers and network?

A.

Same-platform correlation

B.

Network-platform correlation

C.

Cross-platform correlation

D.

Multiple-platform correlation

Robert is a regional manager working in a reputed organization. One day, he suspected malware attack after unwanted programs started to popup after logging into his computer. The network administrator was called upon to trace out any intrusion on the computer and he/she finds that suspicious activity has taken place within Autostart locations. In this situation, which of the following tools is used by the network administrator to detect any intrusion on a system?

A.

Hex Editor

B.

Internet Evidence Finder

C.

Process Monitor

D.

Report Viewer

Which of these rootkit detection techniques function by comparing a snapshot of the file system, boot records, or memory with a known and trusted baseline?

A.

Signature-Based Detection

B.

Integrity-Based Detection

C.

Cross View-Based Detection

D.

Heuristic/Behavior-Based Detection

What do you call the process of studying the changes that have taken place across a system or a machine after a series of actions or incidents?

A.

Windows Services Monitoring

B.

System Baselining

C.

Start-up Programs Monitoring

D.

Host integrity Monitoring

In a Linux-based system, what does the command “Last -F” display?

A.

Login and logout times and dates of the system

B.

Last run processes

C.

Last functions performed

D.

Recently opened files

Data Files contain Multiple Data Pages, which are further divided into Page Header, Data Rows, and Offset Table. Which of the following is true for Data Rows?

A.

Data Rows store the actual data

B.

Data Rows present Page type. Page ID, and so on

C.

Data Rows point to the location of actual data

D.

Data Rows spreads data across multiple databases

companyXYZ has asked you to assess the security of their perimeter email gateway. From your office in New York you craft a specially formatted email message and send it across the Internet to an employee of CompanyXYZ. The employee of CompanyXYZ is aware.

A.

Source code review

B.

Reviewing the firewalls configuration

C.

Data items and vulnerability scanning

D.

Interviewing employees and network engineers

An investigator has acquired packed software and needed to analyze it for the presence of malice. Which of the following tools can help in finding the packaging software used?

A.

SysAnalyzer

B.

PEiD

C.

Comodo Programs Manager

D.

Dependency Walker

Which Linux command when executed displays kernel ring buffers or information about device drivers loaded into the kernel?

A.

pgrep

B.

dmesg

C.

fsck

D.

grep

Select the tool appropriate for finding the dynamically linked lists of an application or malware.

A.

SysAnalyzer

B.

ResourcesExtract

C.

PEiD

D.

Dependency Walker

Which of the following is NOT an anti-forensics technique?

A.

Data Deduplication

B.

Password Protection

C.

Encryption

D.

Steganography

During an investigation of an XSS attack, the investigator comes across the term “[a-zA-Z0-9\%]+” in analyzed evidence details. What is the expression used for?

A.

Checks for upper and lower-case alphanumeric string inside the tag, or its hex representation

B.

Checks for forward slash used in HTML closing tags, its hex or double-encoded hex equivalent

C.

Checks for opening angle bracket, its hex or double-encoded hex equivalent

D.

Checks for closing angle bracket, hex or double-encoded hex equivalent

Which of the following does not describe the type of data density on a hard disk?

A.

Volume density

B.

Track density

C.

Linear or recording density

D.

Areal density

As a part of the investigation, Caroline, a forensic expert, was assigned the task to examine the transaction logs pertaining to a database named Transfers. She used SQL Server Management Studio to collect the active transaction log files of the database. Caroline wants to extract detailed information on the logs, including AllocUnitId, page id, slot id, etc. Which of the following commands does she need to execute in order to extract the desired information?

A.

DBCC LOG(Transfers, 1)

B.

DBCC LOG(Transfers, 3)

C.

DBCC LOG(Transfers, 0)

D.

DBCC LOG(Transfers, 2)

During forensics investigations, investigators tend to collect the system time at first and compare it with UTC. What does the abbreviation UTC stand for?

A.

Coordinated Universal Time

B.

Universal Computer Time

C.

Universal Time for Computers

D.

Correlated Universal Time