312-49v9 | How Many Questions Of 312-49v9 Exam

Your success in EC-Council 312-49v9 is our sole target and we develop all our 312-49v9 braindumps in a way that facilitates the attainment of this target. Not only is our 312-49v9 study material the best you can find, it is also the most detailed and the most updated. 312-49v9 Practice Exams for EC-Council 312-49v9 are written to the highest standards of technical accuracy.

Free demo questions for EC-Council 312-49v9 Exam Dumps Below:


Which of the following commands shows you the names of all open shared files on a server and number of file locks on each file?

  • A. Net sessions
  • B. Net file
  • C. Netconfig
  • D. Net share

Answer: B


Damaged portions of a disk on which no read/Write operation can be performed is known as ____ .

  • A. Lost sector
  • B. Bad sector
  • C. Empty sector
  • D. Unused sector

Answer: B


Recovery of the deleted partition is the process by which the investigator evaluates and extracts the deleted partitions.

  • A. True
  • B. False

Answer: A


John is working as a computer forensics investigator for a consulting firm in Canada. He is called to seize a computer at a local web caf?John is working as a computer forensics investigator for a consulting firm in Canada. He is called to seize a computer at a local web caf purportedly used as a botnet server. John thoroughly scans the computer and finds
nothing that would lead him to think the computer was a botnet server. John decides to scan the virtual memory of the computer to possibly find something he had missed. What information will the virtual memory scan produce?

  • A. It contains the times and dates of when the system was last patched
  • B. It is not necessary to scan the virtual memory of a computer
  • C. It contains the times and dates of all the system files
  • D. Hidden running processes

Answer: D


Digital evidence validation involves using a hashing algorithm utility to create a binary or hexadecimal number that represents the uniqueness of a data set, such as a disk drive or file.
Which of the following hash algorithms produces a message digest that is 128 bits long?

  • A. CRC-32
  • B. MD5
  • C. SHA-1
  • D. SHA-512

Answer: B


Why is it a good idea to perform a penetration test from the inside?

  • A. It is never a good idea to perform a penetration test from the inside
  • B. It is easier to hack from the inside
  • C. Because 70% of attacks are from inside the organization
  • D. To attack a network from a hacker\'s perspective

Answer: C


Which of the following is not an example of a cyber-crime?

  • A. Fraud achieved by the manipulation of the computer records
  • B. Firing an employee for misconduct
  • C. Deliberate circumvention of the computer security systems
  • D. Intellectual property theft, including software piracy

Answer: B


You are assigned to work in the computer forensics lab of a state police agency. While working on a high profile criminal case, you have followed every applicable procedure, however your boss is still concerned that the defense attorney might question whether evidence has been changed while at the lab. What can you do to prove that the evidence is the same as it was when it first entered the lab?

  • A. make an MD5 hash of the evidence and compare it with the original MD5 hash that was taken when the evidence first entered the lab
  • B. make an MD5 hash of the evidence and compare it to the standard database developed by NIST
  • C. there is no reason to worry about this possible claim because state labs are certified
  • D. sign a statement attesting that the evidence is the same as it was when it entered the lab

Answer: A


What is the target host IP in the following command? C:\\> firewalk -F 80 -p UDP

  • A.
  • B. This command is using FIN packets, which cannot scan target hosts
  • C. Firewalk does not scan target hosts
  • D.

Answer: D


Injection flaws are web application vulnerabilities that allow untrusted data to be Interpreted and executed as part of a command or query. Attackers exploit injection flaws by constructing malicious commands or queries that result in data loss or corruption, lack of accountability, or denial of access. Which of the following injection flaws involves the injection of malicious code through a web application?

  • A. SQL Injection
  • B. Password brute force
  • C. Nmap Scanning
  • D. Footprinting

Answer: A


\"312-49v9With the standard Linux second extended file system (Ext2fs), a file is deleted when the inode internal link count reaches ____

  • A. 1
  • B. 10
  • C. 100

Answer: A


In Microsoft file structures, sectors are grouped together to form:

  • A. Mastered
  • B. Not Mastered

Answer: A


During first responder procedure you should follow all laws while collecting the evidence, and contact a computer forensic examiner as soon as possible

  • A. True
  • B. False

Answer: A


The disk in the disk drive rotates at high speed, and heads in the disk drive are used only to read data.

  • A. True
  • B. False

Answer: B


At what layer of the OSI model do routers function on?

  • A. 4
  • B. 3
  • C. 1
  • D. 5

Answer: B


Harold is finishing up a report on a case of network intrusion, corporate spying, and embezzlement that he has been working on for over six months. He is trying to find the right term to use in his report to describe network-enabled spying. What term should Harold use?

  • A. Spycrack
  • B. Spynet
  • C. Netspionage
  • D. Hackspionage

Answer: C


Heather, a computer forensics investigator, is assisting a group of investigators working on a large computer fraud case involving over 20 people. These 20 people, working in different offices, allegedly siphoned off money from many different client accounts. Heather responsibility is to findThese 20 people, working in different offices, allegedly siphoned off money from many different client accounts. Heather? responsibility is to find out how the accused people communicated between each other. She has searched their email and their computers and has not found any useful evidence. Heather then finds some possibly useful evidence under the desk of one of the accused. In an envelope she finds a piece of plastic with numerous holes cut out of it. Heather then finds the same exact piece of plastic with holes at many of the other accused peoples?desks. Heather believes that the 20 people involved in the case were using a cipher to send secret messages in between each other. What type of cipher was used by the accused in this case?

  • A. Grill cipher
  • B. Null cipher
  • C. Text semagram
  • D. Visual semagram

Answer: A


Buffer Overflow occurs when an application writes more data to a block of memory, or buffer, than the buffer is allocated to hold. Buffer overflow attacks allow an attacker to modify the ___ in order to control the process execution, crash the process and modify internal variables.

  • A. Target process\'s address space
  • B. Target remote access
  • C. Target rainbow table
  • D. Target SAM file

Answer: A


Email archiving is a systematic approach to save and protect the data contained in emails so that it can be accessed fast at a later date. There are two main archive types, namely Local Archive and Server Storage Archive. Which of the following statements is correct while dealing with local archives?

  • A. It is difficult to deal with the webmail as there is no offline archive in most case
  • B. So consult your counsel on the case as to the best way to approach and gain access to the required data on servers
  • C. Local archives do not have evidentiary value as the email client may alter the message data
  • D. Local archives should be stored together with the server storage archives in order to be admissible in a court of law
  • E. Server storage archives are the server information and settings stored on a local system whereas the local archives are the local email client information stored on the mail server

Answer: A


Which of the following would you consider an aspect of organizational security, especially focusing on IT security?

  • A. Biometric information security
  • B. Security from frauds
  • C. Application security
  • D. Information copyright security

Answer: C


At what layer does a cross site scripting attack occur on?

  • A. Presentation
  • B. Application
  • C. Session
  • D. Data Link

Answer: B


Consistency in the investigative report is more important than the exact format in the report to eliminate uncertainty and confusion.

  • A. True
  • B. False

Answer: A


Why is it Important to consider health and safety factors in the work carried out at all stages of the forensic process conducted by the forensic analysts?

  • A. This is to protect the staff and preserve any fingerprints that may need to be recovered at a later date
  • B. All forensic teams should wear protective latex gloves which makes them look professional and cool
  • C. Local law enforcement agencies compel them to wear latest gloves
  • D. It is a part of ANSI 346 forensics standard

Answer: A


Ever-changing advancement or mobile devices increases the complexity of mobile device examinations. Which or the following is an appropriate action for the mobile forensic investigation?

  • A. To avoid unwanted interaction with devices found on the scene, turn on any wireless interfaces such as Bluetooth and Wi-Fi radios
  • B. Do not wear gloves while handling cell phone evidence to maintain integrity of physical evidence
  • C. If the device\'s display is O
  • D. the screen\'s contents should be photographed and, if necessary, recorded manually, capturing the time, service status, battery level, and other displayed icons
  • E. If the phone is in a cradle or connected to a PC with a cable, then unplug the device from the computer

Answer: C


Task list command displays a list of applications and services with their Process ID (PID) for all tasks running on either a local or a remote computer.
Which of the following task list commands provides information about the listed processes, including the image name, PID, name, and number of the session for the process?

  • A. tasklist/s
  • B. tasklist/u
  • C. tasklist/p
  • D. tasklist/V

Answer: D


Jason has set up a honeypot environment by creating a DMZ that has no physical or logical access to his production network. In this honeypot, he has placed a server running Windows Active Directory. He has also placed a Web server in the DMZ that services a number of web pages that offer visitors a chance to download sensitive information by clicking on a button. A week later, Jason finds in his network logs how an intruder accessed the honeypot and downloaded sensitive information. Jason uses the logs to try and prosecute the intruder for stealing sensitive corporate information. Why will this not be viable?

  • A. Enticement
  • B. Entrapment
  • C. Intruding into ahoneypot is not illegal
  • D. Intruding into a DMZ is not illegal

Answer: B


Which forensic investigating concept trails the whole incident from how the attack began to how the victim was affected?

  • A. Point-to-point
  • B. End-to-end
  • C. Thorough
  • D. Complete event analysis

Answer: B


Printing under a Windows Computer normally requires which one of the following files types to be created?

  • A. EME
  • B. MEM
  • C. EMF
  • D. CME

Answer: C


One technique for hiding information is to change the file extension from the correct one to one that might not be noticed by an investigator. For example, changing a
.jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?

  • A. the File Allocation Table
  • B. the file header
  • C. the file footer
  • D. the sector map

Answer: B


Thanks for reading the newest 312-49v9 exam dumps! We recommend you to try the PREMIUM Dumpscollection.com 312-49v9 dumps in VCE and PDF here: https://www.dumpscollection.net/dumps/312-49v9/ (209 Q&As Dumps)