312-49v9 Free Update With 100% Exam Passing Guarantee [2021]
[Dec-2021] Verified EC-COUNCIL Exam Dumps with 312-49v9 Exam Study Guide
EC-COUNCIL 312-49v9 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
NEW QUESTION 260
With the standard Linux second extended file system (Ext2fs), a file is deleted when the inode internal link count reaches ______
- A. 0
- B. 1
- C. 2
- D. 3
Answer: C
NEW QUESTION 261
When should an MD5 hash check be performed when processing evidence?
- A. Before the evidence examination has been completed
- B. After the evidence examination has been completed
- C. Before and after evidence examination
- D. On an hourly basis during the evidence examination
Answer: C
NEW QUESTION 262
Billy, a computer forensics expert, has recovered a large number of DBX files during forensic investigation of a laptop. Which of the following email clients he can use to analyze the DBX files?
- A. Microsoft Outlook
- B. Eudora
- C. Microsoft Outlook Express
- D. Mozilla Thunderoird
Answer: C
NEW QUESTION 263
You are assisting in the investigation of a possible Web Server hack. The company who called you stated that customers reported to them that whenever they entered the web address of the company in their browser, what they received was a pornographic web site.
The company checked the web server and nothing appears wrong. When you type in the
IP address of the web site in your browser everything appears normal. What is the name of the attack that affects the DNS cache of the name resolution servers, resulting in those servers directing users to the wrong web site?
- A. ARP Poisoning
- B. DNS Poisoning
- C. IP Spoofing
- D. HTTP redirect attack
Answer: B
NEW QUESTION 264
When cataloging digital evidence, the primary goal is to
- A. Preserve evidence integrity
- B. Make bit-stream images of all hard drives
- C. Not allow the computer to be turned off
- D. Not remove the evidence from the scene
Answer: A
NEW QUESTION 265
When the operating system marks cluster as used, but does not allocate them to any file, such clusters are known as ___________.
- A. Empty clusters
- B. Lost clusters
- C. Bad clusters
- D. Unused clusters
Answer: B
NEW QUESTION 266
Larry is an IT consultant who works for corporations and government agencies. Larry plans on shutting down the city's network using BGP devices and zombies? What type of Penetration Testing is Larry planning to carry out?
- A. DoS Penetration Testing
- B. Internal Penetration Testing
- C. Router Penetration Testing
- D. Firewall Penetration Testing
Answer: A
NEW QUESTION 267
The given image displays information about date and time of installation of the OS along with service packs, patches, and sub-directories. What command or tool did the investigator use to view this output?
- A. dir /o:d
- B. dir /o:s
- C. dir /o:n
- D. dir /o:e
Answer: A
NEW QUESTION 268
Operating System logs are most beneficial for Identifying or Investigating suspicious activities involving a particular host. Which of the following Operating System logs contains information about operational actions performed by OS components?
- A. Audit logs
- B. Firewall logs
- C. IDS logs
- D. Event logs
Answer: D
NEW QUESTION 269
In the context of file deletion process, which of the following statement holds true?
- A. When files are deleted, the data is overwritten and the cluster marked as available
- B. The longer a disk is in use, the less likely it is that deleted files will be overwritten
- C. Secure delete programs work by completely overwriting the file in one go
- D. While booting, the machine may create temporary files that can delete evidence
Answer: D
NEW QUESTION 270
Paul is a computer forensics investigator working for Tyler & Company Consultants. Paul has been called upon to help investigate a computer hacking ring broken up by the local police. Paul begins to inventory the PCs found in the hackers hideout. Paul then comes across a PDA left by them that is attached to a number of different peripheral devices. What is the first step that Paul must take with the PDA to ensure the integrity of the investigation?
- A. Power off all devices if currently on
- B. Unplug all connected devices
- C. Photograph and document the peripheral devices
- D. Place PDA, including all devices, in an antistatic bag
Answer: C
NEW QUESTION 271
Julia is a senior security analyst for Berber Consulting group. She is currently working on a contract for a small accounting firm in Florida. They have given her permission to perform social engineering attacks on the company to see if their in-house training did any good.
Julia calls the main number for the accounting firm and talks to the receptionist. Julia says that she is an IT technician from the company's main office in Iowa. She states that she needs the receptionist's network username and password to troubleshoot a problem they are having. Julia says that Bill Hammond, the CEO of the company, reQuested this information. After hearing the name of the CEO, the receptionist gave Julia all the information she asked for. What principal of social engineering did Julia use?
- A. Friendship/Liking
- B. Reciprocation
- C. Scarcity
- D. Social Validation
Answer: B
NEW QUESTION 272
What is the smallest physical storage unit on a hard drive?
- A. Cluster
- B. Sector
- C. Platter
- D. Track
Answer: B
NEW QUESTION 273
Smith, an employee of a reputed forensic investigation firm, has been hired by a private organization to investigate a laptop that is suspected to be involved in the hacking of the organization's DC server. Smith wants to find all the values typed into the Run box in the Start menu. Which of the following registry keys will Smith check to find the above information?
- A. TypedURLs key
- B. RunMRU key
- C. UserAssist Key
- D. MountedDevices key
Answer: B
NEW QUESTION 274
Which of the following is NOT a part of pre-investigation phase?
- A. Gathering evidence data
- B. Creating an investigation team
- C. Gathering information about the incident
- D. Building forensics workstation
Answer: A
NEW QUESTION 275
Which of the following is a database in which information about every file and directory on an NT File System (NTFS) volume is stored?
- A. Master Boot Record
- B. Volume Boot Record
- C. Master File Table
- D. GUID Partition Table
Answer: C
NEW QUESTION 276
What technique is used by JPEGs for compression?
- A. TCD
- B. TIFF-8
- C. ZIP
- D. DCT
Answer: D
NEW QUESTION 277
WPA2 provides enterprise and Wi-Fi users with stronger data protection and network access control which of the following encryption algorithm is used DVWPA2?
- A. RC4-CCMP
- B. AES-CCMP
- C. AES-TKIP
- D. RC4-TKIP
Answer: B
NEW QUESTION 278
Lynne receives the following email:
Dear [email protected]! We are sorry to inform you that your ID has been temporarily frozen due to incorrect or missing information saved at 2016/11/10 20:40:24 You have 24 hours to fix this problem or risk to be closed permanently!
To proceed Please Connect >> My Apple ID
Thank
You The link to My Apple ID shows http://byggarbetsplatsen.se/backup/signon/ What type of attack is this?
- A. Phishing
- B. Email Spamming
- C. Mail Bombing
- D. Email Spoofing
Answer: A
NEW QUESTION 279
You are employed directly by an attorney to help investigate an alleged sexual harassment case at a large pharmaceutical manufacturer. While at the corporate office of the company, the CEO demands to know the status of the investigation. What prevents you from discussing the case with the CEO?
- A. Trade secrets
- B. ISO 17799
- C. Good manners
- D. The attorney-work-product rule
Answer: D
NEW QUESTION 280
......
Authentic Best resources for 312-49v9 Online Practice Exam: https://www.examcost.com/312-49v9-practice-exam.html
