Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil 312-49v9 - Computer Hacking Forensic Investigator (v9)

ECCouncil 312-49v9 Premium Access     Download Demo    
Page: 5 / 12
Total 589 questions

The MAC attributes are timestamps that refer to a time at which the file was last modified or last accessed or originally created. Which of the following file systems store MAC attributes in Coordinated Universal Time (UTC) format?

A.

File Allocation Table (FAT

B.

New Technology File System (NTFS)

C.

Hierarchical File System (HFS)

D.

Global File System (GFS)

Which of the following standard represents a legal precedent regarding the admissibility of scientific examinations or experiments in legal cases?

A.

SWGDE & SWGIT

B.

Daubert

C.

Frye

D.

IOCE

Which of the following commands shows you the username and IP address used to access the system via a remote login session and the type of client from which they are accessing the system?

A.

Net config

B.

Net sessions

C.

Net share

D.

Net stat

You are asked to build a forensic lab and your manager has specifically informed you to use copper for lining the walls, ceilings, and floor. What is the main purpose of lining the walls, ceilings, and floor with copper?

A.

To control the room temperature

B.

To strengthen the walls, ceilings, and floor

C.

To avoid electromagnetic emanations

D.

To make the lab sound proof

Raw data acquisition format creates _________ of a data set or suspect drive.

A.

Segmented image files

B.

Simple sequential flat files

C.

Compressed image files

D.

Segmented files

Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM files on a computer. Where should Harold navigate on the computer to find the file?

A.

%systemroot%\system32\LSA

B.

%systemroot%\system32\drivers\etc

C.

%systemroot%\repair

D.

%systemroot%\LSA

You are the network administrator for a small bank in Dallas, Texas. To ensure network security, you enact a security policy that requires all users to have 14 character passwords. After giving your users 2 weeks notice, you change the Group Policy to force 14 character passwords. A week later you dump the SAM database from the standalone server and run a password-cracking tool against it. Over 99% of the passwords are broken within an hour. Why were these passwords cracked so Quickly?

A.

Passwords of 14 characters or less are broken up into two 7-character hashes

B.

A password Group Policy change takes at least 3 weeks to completely replicate throughout a network

C.

Networks using Active Directory never use SAM databases so the SAM database pulled was empty

D.

The passwords that were cracked are local accounts on the Domain Controller

George is a senior security analyst working for a state agency in Florida. His state's congress just passed a bill mandating every state agency to undergo a security audit annually. After learning what will be required, George needs to implement an IDS as soon as possible before the first audit occurs. The state bill requires that an IDS with a "time-based induction machine" be used.

What IDS feature must George implement to meet this requirement?

A.

Signature-based anomaly detection

B.

Pattern matching

C.

Real-time anomaly detection

D.

Statistical-based anomaly detection

When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?

A.

a write-blocker

B.

a protocol analyzer

C.

a firewall

D.

a disk editor

You are working as an independent computer forensics investigator and received a call from a systems administrator for a local school system requesting your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a “simple backup copy” of the hard drive in the PC and put it on this drive and requests that you examine that drive for evidence of the suspected images. You inform him that a “simple backup copy” will not provide deleted files or recover file fragments.

What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceeding?

A.

Bit-stream Copy

B.

Robust Copy

C.

Full backup Copy

D.

Incremental Backup Copy

What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever the course of its lifetime?

A.

forensic duplication of hard drive

B.

analysis of volatile data

C.

comparison of MD5 checksums

D.

review of SIDs in the Registry

What type of attack occurs when an attacker can force a router to stop forwarding packets by flooding the router with many open connections simultaneously so that all the hosts behind the router are effectively disabled?

A.

digital attack

B.

denial of service

C.

physical attack

D.

ARP redirect

What does the acronym POST mean as it relates to a PC?

A.

Primary Operations Short Test

B.

PowerOn Self Test

C.

Pre Operational Situation Test

D.

Primary Operating System Test

This organization maintains a database of hash signatures for known software.

A.

International Standards Organization

B.

Institute of Electrical and Electronics Engineers

C.

National Software Reference Library

D.

American National standards Institute

You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company clients. You have rummaged through their trash and found very little information. You do not want to set off any alarms on their network, so you plan on performing passive foot printing against their Web servers. What tool should you use?

A.

Ping sweep

B.

Nmap

C.

Netcraft

D.

Dig