Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil 312-49v9 - Computer Hacking Forensic Investigator (v9)

ECCouncil 312-49v9 Premium Access     Download Demo    
Page: 6 / 12
Total 589 questions

It takes _____________ mismanaged case/s to ruin your professional reputation as a computer forensics examiner?

A.

by law, three

B.

quite a few

C.

only one

D.

at least two

Jim performed a vulnerability analysis on his network and found no potential problems. He runs another utility that executes exploits against his system to verify the results of the vulnerability test.

The second utility executes five known exploits against his network in which the vulnerability analysis said were not exploitable. What kind of results did Jim receive from his vulnerability analysis?

A.

False negatives

B.

False positives

C.

True negatives

D.

True positives

You should make at least how many bit-stream copies of a suspect drive?

A.

1

B.

2

C.

3

D.

4

The following excerpt is taken from a honeypot log. The log captures activities across three days.

There are several intrusion attempts; however, a few are successful.

(Note: The objective of this question is to test whether the student can read basic information from log entries and interpret the nature of attack.)

Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169

Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482

Apr 24 18:01:05 [4663]: IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53

Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 -> 172.16.1.107:21

Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53

Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53

Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53

Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111

Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80

Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53

Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53

Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by (uid=0)

Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506)

Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080

Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558

From the options given below choose the one which best interprets the following entry:

Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53

A.

An IDS evasion technique

B.

A buffer overflow attempt

C.

A DNS zone transfer

D.

Data being retrieved from 63.226.81.13

While working for a prosecutor, what do you think you should do if the evidence you found appears to be exculpatory and is not being released to the defense?

A.

Keep the information of file for later review

B.

Destroy the evidence

C.

Bring the information to the attention of the prosecutor, his or her supervisor or finally to the judge

D.

Present the evidence to the defense attorney

In Linux, what is the smallest possible shellcode?

A.

24 bytes

B.

8 bytes

C.

800 bytes

D.

80 bytes

Corporate investigations are typically easier than public investigations because:

A.

the users have standard corporate equipment and software

B.

the investigator does not have to get a warrant

C.

the investigator has to get a warrant

D.

the users can load whatever they want on their machines

Larry is an IT consultant who works for corporations and government agencies. Larry plans on shutting down the city's network using BGP devices and zombies? What type of Penetration Testing is Larry planning to carry out?

A.

Router Penetration Testing

B.

DoS Penetration Testing

C.

Firewall Penetration Testing

D.

Internal Penetration Testing

What information do you need to recover when searching a victim’s computer for a crime committed with specific e-mail message?

A.

Internet service provider information

B.

E-mail header

C.

Username and password

D.

Firewall log

During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore, you report this evidence. This type of evidence is known as:

A.

Inculpatory evidence

B.

Mandatory evidence

C.

Exculpatory evidence

D.

Terrible evidence

You are conducting an investigation of fraudulent claims in an insurance company that involves complex text searches through large numbers of documents. Which of the following tools would allow you to quickly and efficiently search for a string within a file on the bitmap image of the target computer?

A.

Stringsearch

B.

grep

C.

dir

D.

vim

You setup SNMP in multiple offices of your company. Your SNMP software manager is not receiving data from other offices like it is for your main office. You suspect that firewall changes are to blame. What ports should you open for SNMP to work through Firewalls? (Choose two.)

A.

162

B.

161

C.

163

D.

160

In Microsoft file structures, sectors are grouped together to form:

A.

Clusters

B.

Drives

C.

Bitstreams

D.

Partitions

Kimberly is studying to be an IT security analyst at a vocational school in her town. The school offers many different programming as well as networking languages. What networking protocol language should she learn that routers utilize?

A.

ATM

B.

UDP

C.

BPG

D.

OSPF

Office documents (Word, Excel, PowerPoint) contain a code that allows tracking the MAC, or unique identifier, of the machine that created the document. What is that code called?

A.

the Microsoft Virtual Machine Identifier

B.

the Personal Application Protocol

C.

the Globally Unique ID

D.

the Individual ASCII String