Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil 312-49v9 - Computer Hacking Forensic Investigator (v9)

ECCouncil 312-49v9 Premium Access     Download Demo    
Page: 4 / 12
Total 589 questions

In which of these attacks will a steganalyst use a random message to generate a stego-object by using some steganography tool, to find the steganography algorithm used to hide the information?

A.

Chosen-message attack

B.

Known-cover attack

C.

Known-message attack

D.

Known-stego attack

Identify the term that refers to individuals who, by virtue of their knowledge and expertise, express an independent opinion on a matter related to a case based on the information that is provided.

A.

Expert Witness

B.

Evidence Examiner

C.

Forensic Examiner

D.

Defense Witness

Which among the following tools can help a forensic investigator to access the registry files during postmortem analysis?

A.

RegistryChangesView

B.

RegDIIView

C.

RegRipper

D.

ProDiscover

Graphics Interchange Format (GIF) is a ____ RGB bitmap image format for images with up to 256 distinct colors per frame.

A.

8-bit

B.

32-bit

C.

16-bit

D.

24-bit

Buffer overflow vulnerability of a web application occurs when it fails to guard its buffer properly and allows writing beyond its maximum size. Thus, it overwrites the_________. There are multiple forms of buffer overflow, including a Heap Buffer Overflow and a Format String Attack.

A.

Adjacent memory locations

B.

Adjacent bit blocks

C.

Adjacent buffer locations

D.

Adjacent string locations

Which of the following file system uses Master File Table (MFT) database to store information about every file and directory on a volume?

A.

FAT File System

B.

ReFS

C.

exFAT

D.

NTFS File System

You are assigned a task to examine the log files pertaining to MyISAM storage engine. While examining, you are asked to perform a recovery operation on a MyISAM log file. Which among the following MySQL Utilities allow you to do so?

A.

mysqldump

B.

myisamaccess

C.

myisamlog

D.

myisamchk

Which principle states that “anyone or anything, entering a crime scene takes something of the scene with them, and leaves something of themselves behind when they leave”?

A.

Locard's Exchange Principle

B.

Enterprise Theory of Investigation

C.

Locard's Evidence Principle

D.

Evidence Theory of Investigation

Which forensic investigation methodology believes that criminals commit crimes solely to benefit their criminal enterprises?

A.

Scientific Working Group on Digital Evidence

B.

Daubert Standard

C.

Enterprise Theory of Investigation

D.

Fyre Standard

Which among the following laws emphasizes the need for each Federal agency to develop, document, and implement an organization-wide program to provide information security for the information systems that support its operations and assets?

A.

FISMA

B.

HIPAA

C.

GLBA

D.

SOX

Which of the following is a part of a Solid-State Drive (SSD)?

A.

Head

B.

Cylinder

C.

NAND-based flash memory

D.

Spindle

Which program uses different techniques to conceal a malware's code, thereby making it difficult for security mechanisms to detect or remove it?

A.

Dropper

B.

Packer

C.

Injector

D.

Obfuscator

Which of the following Perl scripts will help an investigator to access the executable image of a process?

A.

Lspd.pl

B.

Lpsi.pl

C.

Lspm.pl

D.

Lspi.pl

Smith is an IT technician that has been appointed to his company's network vulnerability assessment team. He is the only IT employee on the team. The other team members include employees from

Accounting, Management, Shipping, and Marketing. Smith and the team members are having their first meeting to discuss how they will proceed. What is the first step they should do to create the network

vulnerability assessment plan?

A.

Their first step is to make a hypothesis of what their final findings will be.

B.

Their first step is to create an initial Executive report to show the management team.

C.

Their first step is to analyze the data they have currently gathered from the company or interviews.

D.

Their first step is the acquisition of required documents, reviewing of security policies and compliance.

Which part of Metasploit framework helps users to hide the data related to a previously deleted file or currently unused by the allocated file.

A.

Waffen FS

B.

RuneFS

C.

FragFS

D.

Slacker