Winter Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil 312-49v9 - Computer Hacking Forensic Investigator (v9)

ECCouncil 312-49v9 Premium Access     Download Demo    
Page: 9 / 12
Total 589 questions

Michael works for Kimball Construction Company as senior security analyst. As part of yearly security audit, Michael scans his network for vulnerabilities. Using Nmap, Michael conducts XMAS scan and most of the ports scanned do not give a response. In what state are these ports?

A.

Closed

B.

Open

C.

Stealth

D.

Filtered

You are trying to locate Microsoft Outlook Web Access Default Portal using Google search on the Internet. What search string will you use to locate them?

A.

allinurl:"exchange/logon.asp"

B.

intitle:"exchange server"

C.

locate:"logon page"

D.

outlook:"search"

What does the superblock in Linux define?

A.

filesynames

B.

diskgeometr

C.

location of the firstinode

D.

available space

When setting up a wireless network with multiple access points, why is it important to set each access point on a different channel?

A.

Multiple access points can be set up on the same channel without any issues

B.

Avoid over-saturation of wireless signals

C.

So that the access points will work on different frequencies

D.

Avoid cross talk

Which of the following standard represents a legal precedent sent in 1993 by the Supreme Court of the United States regarding the admissibility of expert witnesses’ testimony during federal legal proceedings?

A.

IOCE

B.

SWGDE & SWGIT

C.

Frye

D.

Daubert

A small law firm located in the Midwest has possibly been breached by a computer hacker looking to obtain information on their clientele. The law firm does not have any on-site IT employees, but wants to search for evidence of the breach themselves to prevent any possible media attention. Why would this not be recommended?

A.

Searching for evidence themselves would not have any ill effects

B.

Searching could possibly crash the machine or device

C.

Searching creates cache files, which would hinder the investigation

D.

Searching can change date/time stamps

Which among the following files provides email header information in the Microsoft Exchange server?

A.

gwcheck.db

B.

PRIV.EDB

C.

PUB.EDB

D.

PRIV.STM

The surface of a hard disk consists of several concentric rings known as tracks; each of these tracks has smaller partitions called disk blocks. What is the size of each block?

A.

512 bits

B.

512 bytes

C.

256 bits

D.

256 bytes

What type of flash memory card comes in either Type I or Type II and consumes only five percent of the power required by small hard drives?

A.

SD memory

B.

CF memory

C.

MMC memory

D.

SM memory

Why should you never power on a computer that you need to acquire digital evidence from?

A.

When the computer boots up, files are written to the computer rendering the data nclean

B.

When the computer boots up, the system cache is cleared which could destroy evidence

C.

When the computer boots up, data in the memory buffer is cleared which could destroy evidence

D.

Powering on a computer has no affect when needing to acquire digital evidence from it

Steven has been given the task of designing a computer forensics lab for the company he works for. He has found documentation on all aspects of how to design a lab except the number of exits needed. How many exits should Steven include in his design for the computer forensics lab?

A.

Three

B.

One

C.

Two

D.

Four

What feature of Windows is the following command trying to utilize?

A.

White space

B.

AFS

C.

ADS

D.

Slack file

Who is responsible for the following tasks?

A.

Non-forensics staff

B.

Lawyers

C.

System administrators

D.

Local managers or other non-forensic staff

Which of the following files DOES NOT use Object Linking and Embedding (OLE) technology to embed and link to other objects?

A.

Portable Document Format

B.

MS-office Word Document

C.

MS-office Word OneNote

D.

MS-office Word PowerPoint

You have been called in to help with an investigation of an alleged network intrusion. After questioning the members of the company IT department, you search through the server log files to find any trace of the intrusion. After that you decide to telnet into one of the company routers to see if there is any evidence to be found. While connected to the router, you see some unusual activity and believe that the attackers are currently connected to that router. You start up an ethereal session to begin capturing traffic on the router that could be used in the investigation. At what layer of the OSI model are you monitoring while watching traffic to and from the router?

A.

Network

B.

Transport

C.

Data Link

D.

Session