New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

312-49v9 ECCouncil Computer Hacking Forensic Investigator (V9) Questions and Answers

Questions 4

Which of these ISO standards define the file system for optical storage media, such as CD-ROM and DVD-ROM?

Options:

A.

ISO 9660

B.

ISO 13346

C.

ISO 9960

D.

ISO 13490

Buy Now
Questions 5

If you are concerned about a high level of compression but not concerned about any possible data loss, what type of compression would you use?

Options:

A.

Lossful compression

B.

Lossy compression

C.

Lossless compression

D.

Time-loss compression

Buy Now
Questions 6

Which among the following search warrants allows the first responder to search and seize the victim’s computer components such as hardware, software, storage devices, and documentation?

Options:

A.

John Doe Search Warrant

B.

Citizen Informant Search Warrant

C.

Electronic Storage Device Search Warrant

D.

Service Provider Search Warrant

Buy Now
Questions 7

In both pharming and phishing attacks an attacker can create websites that look similar to legitimate sites with the intent of collecting personal identifiable information from its victims. What is the difference between pharming and phishing attacks?

Options:

A.

Both pharming and phishing attacks are purely technical and are not considered forms of social engineering

B.

In a pharming attack a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a phishing attack an attacker provides the victim with a URL that is either misspelled or looks similar to the actual websites domain name

C.

In a phishing attack a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a pharming attack an attacker provides the victim with a URL that is either misspelled or looks very similar to the actual websites domain name

D.

Both pharming and phishing attacks are identical

Buy Now
Questions 8

UEFI is a specification that defines a software interface between an OS and platform firmware. Where does this interface store information about files present on a disk?

Options:

A.

BIOS-MBR

B.

GUID Partition Table (GPT)

C.

Master Boot Record (MBR)

D.

BIOS Parameter Block

Buy Now
Questions 9

In a computer that has Dropbox client installed, which of the following files related to the Dropbox client store information about local Dropbox installation and the Dropbox user account, along with email IDs linked with the account?

Options:

A.

config.db

B.

install.db

C.

sigstore.db

D.

filecache.db

Buy Now
Questions 10

BMP (Bitmap) is a standard file format for computers running the Windows operating system. BMP images can range from black and white (1 bit per pixel) up to 24 bit color (16.7 million colors). Each bitmap file contains a header, the RGBQUAD array, information header, and image data. Which of the following element specifies the dimensions, compression type, and color format for the bitmap?

Options:

A.

Information header

B.

Image data

C.

The RGBQUAD array

D.

Header

Buy Now
Questions 11

Select the tool appropriate for finding the dynamically linked lists of an application or malware.

Options:

A.

SysAnalyzer

B.

ResourcesExtract

C.

PEiD

D.

Dependency Walker

Buy Now
Questions 12

As a part of the investigation, Caroline, a forensic expert, was assigned the task to examine the transaction logs pertaining to a database named Transfers. She used SQL Server Management Studio to collect the active transaction log files of the database. Caroline wants to extract detailed information on the logs, including AllocUnitId, page id, slot id, etc. Which of the following commands does she need to execute in order to extract the desired information?

Options:

A.

DBCC LOG(Transfers, 1)

B.

DBCC LOG(Transfers, 3)

C.

DBCC LOG(Transfers, 0)

D.

DBCC LOG(Transfers, 2)

Buy Now
Questions 13

Which of the following tool can reverse machine code to assembly language?

Options:

A.

PEiD

B.

RAM Capturer

C.

IDA Pro

D.

Deep Log Analyzer

Buy Now
Questions 14

Which among the following U.S. laws requires financial institutions—companies that offer consumers financial products or services such as loans, financial or investment advice, or insurance—to protect their customers’ information against security threats?

Options:

A.

SOX

B.

HIPAA

C.

GLBA

D.

FISMA

Buy Now
Questions 15

Which of the following is NOT an anti-forensics technique?

Options:

A.

Data Deduplication

B.

Steganography

C.

Encryption

D.

Password Protection

Buy Now
Questions 16

Which of the following statements is TRUE about SQL Server error logs?

Options:

A.

SQL Server error logs record all the events occurred on the SQL Server and its databases

B.

Forensic investigator uses SQL Server Profiler to view error log files

C.

Error logs contain IP address of SQL Server client connections

D.

Trace files record, user-defined events, and specific system events

Buy Now
Questions 17

What do you call the process in which an attacker uses magnetic field over the digital media device to delete any previously stored data?

Options:

A.

Disk deletion

B.

Disk cleaning

C.

Disk degaussing

D.

Disk magnetization

Buy Now
Questions 18

Hard disk data addressing is a method of allotting addresses to each _______ of data on a hard disk.

Options:

A.

Physical block

B.

Operating system block

C.

Hard disk block

D.

Logical block

Buy Now
Questions 19

You have been given the task to investigate web attacks on a Windows-based server. Which of the following commands will you use to look at the sessions the machine has opened with other systems?

Options:

A.

Net sessions

B.

Net config

C.

Net share

D.

Net use

Buy Now
Questions 20

Which Event Correlation approach assumes and predicts what an attacker can do next after the attack by studying statistics and probability?

Options:

A.

Profile/Fingerprint-Based Approach

B.

Bayesian Correlation

C.

Time (Clock Time) or Role-Based Approach

D.

Automated Field Correlation

Buy Now
Questions 21

Which of the following is a device monitoring tool?

Options:

A.

Capsa

B.

Driver Detective

C.

Regshot

D.

RAM Capturer

Buy Now
Questions 22

Korey, a data mining specialist in a knowledge processing firm DataHub.com, reported his CISO that he has lost certain sensitive data stored on his laptop. The CISO wants his forensics investigation team to find if the data loss was accident or intentional. In which of the following category this case will fall?

Options:

A.

Civil Investigation

B.

Administrative Investigation

C.

Both Civil and Criminal Investigations

D.

Criminal Investigation

Buy Now
Questions 23

Which component in the hard disk moves over the platter to read and write information?

Options:

A.

Actuator

B.

Spindle

C.

Actuator Axis

D.

Head

Buy Now
Questions 24

Which command line tool is used to determine active network connections?

Options:

A.

netsh

B.

nbstat

C.

nslookup

D.

netstat

Buy Now
Questions 25

Which of the following is NOT an anti-forensics technique?

Options:

A.

Data Deduplication

B.

Password Protection

C.

Encryption

D.

Steganography

Buy Now
Questions 26

Which among the following laws emphasizes the need for each Federal agency to develop, document, and implement an organization-wide program to provide information security for the information systems that support its operations and assets?

Options:

A.

FISMA

B.

HIPAA

C.

GLBA

D.

SOX

Buy Now
Questions 27

What type of analysis helps to identify the time and sequence of events in an investigation?

Options:

A.

Time-based

B.

Functional

C.

Relational

D.

Temporal

Buy Now
Questions 28

Pagefile.sys is a virtual memory file used to expand the physical memory of a computer. Select the registry path for the page file:

Options:

A.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

B.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\System Management

C.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Device Management

D.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters

Buy Now
Questions 29

Which US law does the interstate or international transportation and receiving of child pornography fall under?

Options:

A.

§18. U.S.C. 1466A

B.

§18. U.S.C 252

C.

§18. U.S.C 146A

D.

§18. U.S.C 2252

Buy Now
Questions 30

How many bits is Source Port Number in TCP Header packet?

Options:

A.

16

B.

32

C.

48

D.

64

Buy Now
Questions 31

Madison is on trial for allegedly breaking into her university internal network. The police raided her dorm room and seized all of her computer equipment. Madison lawyer is trying to convince the judge that the seizure was unfounded and baseless. Under which US Amendment is Madison lawyer trying to prove the police violated?

Options:

A.

The 10th Amendment

B.

The 5th Amendment

C.

The 1st Amendment

D.

The 4th Amendment

Buy Now
Questions 32

An employee is attempting to wipe out data stored on a couple of compact discs (CDs) and digital video discs (DVDs) by using a large magnet. You inform him that this method will not be effective in wiping out the data because CDs and DVDs are ______________ media used to store large amounts of data and are not affected by the magnet.

Options:

A.

logical

B.

anti-magnetic

C.

magnetic

D.

optical

Buy Now
Questions 33

This organization maintains a database of hash signatures for known software.

Options:

A.

International Standards Organization

B.

Institute of Electrical and Electronics Engineers

C.

National Software Reference Library

D.

American National standards Institute

Buy Now
Questions 34

A state department site was recently attacked and all the servers had their disks erased. The incident response team sealed the area and commenced investigation. During evidence collection they came across a zip disks that did not have the standard labeling on it. The incident team ran the disk on an isolated system and found that the system disk was accidentally erased. They decided to call in the FBI for further investigation. Meanwhile, they short listed possible suspects including three summer interns. Where did the incident team go wrong?

Options:

A.

They examined the actual evidence on an unrelated system

B.

They attempted to implicate personnel without proof

C.

They tampered with evidence by using it

D.

They called in the FBI without correlating with the fingerprint data

Buy Now
Questions 35

An "idle" system is also referred to as what?

Options:

A.

PC not connected to the Internet

B.

Zombie

C.

PC not being used

D.

Bot

Buy Now
Questions 36

One technique for hiding information is to change the file extension from the correct one to one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?

Options:

A.

the File Allocation Table

B.

the file header

C.

the file footer

D.

the sector map

Buy Now
Questions 37

James is testing the ability of his routers to withstand DoS attacks. James sends ICMP ECHO requests to the broadcast address of his network. What type of DoS attack is James testing against his network?

Options:

A.

Smurf

B.

Trinoo

C.

Fraggle

D.

SYN flood

Buy Now
Questions 38

What binary coding is used most often for e-mail purposes?

Options:

A.

MIME

B.

Uuencode

C.

IMAP

D.

SMTP

Buy Now
Questions 39

Which of the following files store the MySQL database data permanently, including the data that had been deleted, helping the forensic investigator in examining the case and finding the culprit?

Options:

A.

mysql-bin

B.

mysql-log

C.

iblog

D.

ibdata1

Buy Now
Questions 40

Jacky encrypts her documents using a password. It is known that she uses her daughter’s year of birth as part of the password. Which password cracking technique would be optimal to crack her password?

Options:

A.

Rule-based attack

B.

Brute force attack

C.

Syllable attack

D.

Hybrid attack

Buy Now
Questions 41

Your company's network just finished going through a SAS 70 audit. This audit reported that overall, your network is secure, but there are some areas that needs improvement. The major area was SNMP security. The audit company recommended turning off SNMP, but that is not an option since you have so many remote nodes to keep track of. What step could you take to help secure SNMP on your network?

Options:

A.

Block all internal MAC address from using SNMP

B.

Block access to UDP port 171

C.

Block access to TCP port 171

D.

Change the default community string names

Buy Now
Questions 42

Which of the following commands shows you all of the network services running on Windows-based servers?

Options:

A.

Netstart

B.

Net Session

C.

Net use

D.

Net config

Buy Now
Questions 43

Which of the following is a federal law enacted in the US to control the ways that financial institutions deal with the private information of individuals?

Options:

A.

SOX

B.

HIPAA 1996

C.

GLBA

D.

PCI DSS

Buy Now
Questions 44

You have been asked to investigate after a user has reported a threatening e-mail they have received from an external source. Which of the following are you most interested in when trying to trace the source of the message?

Options:

A.

The X509 Address

B.

The SMTP reply Address

C.

The E-mail Header

D.

The Host Domain Name

Buy Now
Questions 45

If a suspect computer is located in an area that may have toxic chemicals, you must:

Options:

A.

coordinate with the HAZMAT team

B.

determine a way to obtain the suspect computer

C.

assume the suspect machine is contaminated

D.

do not enter alone

Buy Now
Questions 46

If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?

Options:

A.

The system files have been copied by a remote attacker

B.

The system administrator has created an incremental backup

C.

The system has been compromised using a t0rnrootkit

D.

Nothing in particular as these can be operational files

Buy Now
Questions 47

Law enforcement officers are conducting a legal search for which a valid warrant was obtained.

While conducting the search, officers observe an item of evidence for an unrelated crime that was not included in the warrant. The item was clearly visible to the officers and immediately identified as evidence. What is the term used to describe how this evidence is admissible?

Options:

A.

Plain view doctrine

B.

Corpus delicti

C.

Locard Exchange Principle

D.

Ex Parte Order

Buy Now
Questions 48

Diskcopy is:

Options:

A.

a utility by AccessData

B.

a standard MS-DOS command

C.

Digital Intelligence utility

D.

dd copying tool

Buy Now
Questions 49

What is the name of the Standard Linux Command that is also available as windows application that can be used to create bit-stream images?

Options:

A.

mcopy

B.

image

C.

MD5

D.

dd

Buy Now
Questions 50

When reviewing web logs, you see an entry for resource not found in the HTTP status code filed.

What is the actual error code that you would see in the log for resource not found?

Options:

A.

202

B.

404

C.

505

D.

909

Buy Now
Questions 51

You are assisting a Department of Defense contract company to become compliant with the stringent security policies set by the DoD. One such strict rule is that firewalls must only allow incoming connections that were first initiated by internal computers. What type of firewall must you implement to abide by this policy?

Options:

A.

Packet filtering firewall

B.

Circuit-level proxy firewall

C.

Application-level proxy firewall

D.

Stateful firewall

Buy Now
Questions 52

You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company clients. You have rummaged through their trash and found very little information. You do not want to set off any alarms on their network, so you plan on performing passive foot printing against their Web servers. What tool should you use?

Options:

A.

Ping sweep

B.

Nmap

C.

Netcraft

D.

Dig

Buy Now
Questions 53

What will the following URL produce in an unpatched IIS Web Server?

http://www.thetargetsite.com/scripts/..% co%af../..%co%af../windows/system32/cmd.exe?/c+dir+c:\

Options:

A.

Directory listing of C: drive on the web server

B.

Insert a Trojan horse into the C: drive of the web server

C.

Execute a buffer flow in the C: drive of the web server

D.

Directory listing of the C:\windows\system32 folder on the web server

Buy Now
Questions 54

Office documents (Word, Excel, PowerPoint) contain a code that allows tracking the MAC, or unique identifier, of the machine that created the document. What is that code called?

Options:

A.

the Microsoft Virtual Machine Identifier

B.

the Personal Application Protocol

C.

the Globally Unique ID

D.

the Individual ASCII String

Buy Now
Questions 55

A packet is sent to a router that does not have the packet destination address in its route table.

How will the packet get to its proper destination?

Options:

A.

Root Internet servers

B.

Border Gateway Protocol

C.

Gateway of last resort

D.

Reverse DNS

Buy Now
Questions 56

Travis, a computer forensics investigator, is finishing up a case he has been working on for over a month involving copyright infringement and embezzlement. His last task is to prepare an investigative report for the president of the company he has been working for. Travis must submit a hard copy and an electronic copy to this president. In what electronic format should Travis send this report?

Options:

A.

TIFF-8

B.

DOC

C.

WPD

D.

PDF

Buy Now
Questions 57

A small law firm located in the Midwest has possibly been breached by a computer hacker looking to obtain information on their clientele. The law firm does not have any on-site IT employees, but wants to search for evidence of the breach themselves to prevent any possible media attention. Why would this not be recommended?

Options:

A.

Searching for evidence themselves would not have any ill effects

B.

Searching could possibly crash the machine or device

C.

Searching creates cache files, which would hinder the investigation

D.

Searching can change date/time stamps

Buy Now
Questions 58

What must be obtained before an investigation is carried out at a location?

Options:

A.

Search warrant

B.

Subpoena

C.

Habeas corpus

D.

Modus operandi

Buy Now
Questions 59

When investigating a computer forensics case where Microsoft Exchange and Blackberry Enterprise server are used, where would investigator need to search to find email sent from a Blackberry device?

Options:

A.

RIM Messaging center

B.

Blackberry Enterprise server

C.

Microsoft Exchange server

D.

Blackberry desktop redirector

Buy Now
Questions 60

A computer forensics investigator is inspecting the firewall logs for a large financial institution that has employees working 24 hours a day, 7 days a week.

What can the investigator infer from the screenshot seen below?

Options:

A.

A smurf attack has been attempted

B.

A denial of service has been attempted

C.

Network intrusion has occurred

D.

Buffer overflow attempt on the firewall.

Buy Now
Questions 61

Harold is a web designer who has completed a website for ghttech.net. As part of the maintenance agreement he signed with the client, Harold is performing research online and seeing how much exposure the site has received so far. Harold navigates to google.com and types in the following search. link:www.ghttech.net What will this search produce?

Options:

A.

All sites that ghttech.net links to

B.

All sites that link to ghttech.net

C.

All search engines that link to .net domains

D.

Sites that contain the code: link:www.ghttech.net

Buy Now
Questions 62

Jason has set up a honeypot environment by creating a DMZ that has no physical or logical access to his production network. In this honeypot, he has placed a server running Windows Active Directory. He has also placed a Web server in the DMZ that services a number of web pages that offer visitors a chance to download sensitive information by clicking on a button. A week later, Jason finds in his network logs how an intruder accessed the honeypot and downloaded sensitive information. Jason uses the logs to try and prosecute the intruder for stealing sensitive corporate information. Why will this not be viable?

Options:

A.

Entrapment

B.

Enticement

C.

Intruding into a honeypot is not illegal

D.

Intruding into a DMZ is not illegal

Buy Now
Questions 63

Larry is an IT consultant who works for corporations and government agencies. Larry plans on shutting down the city's network using BGP devices and zombies? What type of Penetration Testing is Larry planning to carry out?

Options:

A.

Router Penetration Testing

B.

DoS Penetration Testing

C.

Firewall Penetration Testing

D.

Internal Penetration Testing

Buy Now
Questions 64

During the trial, an investigator observes that one of the principal witnesses is severely ill and cannot be present for the hearing. He decides to record the evidence and present it to the court. Under which rule should he present such evidence?

Options:

A.

Rule 1003: Admissibility of Duplicates

B.

Limited admissibility

C.

Locard’s Principle

D.

Hearsay

Buy Now
Questions 65

Where should the investigator look for the Edge browser’s browsing records, including history, cache, and cookies?

Options:

A.

ESE Database

B.

Virtual Memory

C.

Sparse files

D.

Slack Space

Buy Now
Questions 66

What advantage does the tool Evidor have over the built-in Windows search?

Options:

A.

It can find deleted files even after they have been physically removed

B.

It can find bad sectors on the hard drive

C.

It can search slack space

D.

It can find files hidden within ADS

Buy Now
Questions 67

Under confession, an accused criminal admitted to encrypting child pornography pictures and then hiding them within other pictures. What technique did the accused criminal employ?

Options:

A.

Typography

B.

Steganalysis

C.

Picture encoding

D.

Steganography

Buy Now
Questions 68

A suspect is accused of violating the acceptable use of computing resources, as he has visited adult websites and downloaded images. The investigator wants to demonstrate that the suspect did indeed visit these sites. However, the suspect has cleared the search history and emptied the cookie cache. Moreover, he has removed any images he might have downloaded. What can the investigator do to prove the violation?

Options:

A.

Image the disk and try to recover deleted files

B.

Seek the help of co-workers who are eye-witnesses

C.

Check the Windows registry for connection data (you may or may not recover)

D.

Approach the websites for evidence

Buy Now
Questions 69

Frank is working on a vulnerability assessment for a company on the West coast. The company hired Frank to assess its network security through scanning, pen tests, and vulnerability assessments. After discovering numerous known vulnerabilities detected by a temporary IDS he set up, he notices a number of items that show up as unknown but Questionable in the logs. He looks up the behavior on the Internet, but cannot find anything related. What organization should Frank submit the log to find out if it is a new vulnerability or not?

Options:

A.

APIPA

B.

IANA

C.

CVE

D.

RIPE

Buy Now
Questions 70

Which type of attack is possible when attackers know some credible information about the victim's password, such as the password length, algorithms involved, or the strings and characters used in its creation?

Options:

A.

Rule-Based Attack

B.

Brute-Forcing Attack

C.

Dictionary Attack

D.

Hybrid Password Guessing Attack

Buy Now
Questions 71

Study the log given below and answer the following question:

Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169

Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482

Apr 24 18:01:05 [4663]: IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53

Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 -> 172.16.1.107:21

Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53

Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53

Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53

Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111

Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80

Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53

Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53

Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by (uid=0)

Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506)

Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080

Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558

Precautionary measures to prevent this attack would include writing firewall rules. Of these firewall rules, which among the following would be appropriate?

Options:

A.

Disallow UDP53 in from outside to DNS server

B.

Allow UDP53 in from DNS server to outside

C.

Disallow TCP53 in from secondaries or ISP server to DNS server

D.

Block all UDP traffic

Buy Now
Questions 72

Paul's company is in the process of undergoing a complete security audit including logical and physical security testing. After all logical tests were performed; it is now time for the physical round to begin. None of the employees are made aware of this round of testing. The security-auditing firm sends in a technician dressed as an electrician. He waits outside in the lobby for some employees to get to work and follows behind them when they access the restricted areas. After entering the main office, he is able to get into the server room telling the IT manager that there is a problem with the outlets in that room. What type of attack has the technician performed?

Options:

A.

Tailgating

B.

Backtrapping

C.

Man trap attack

D.

Fuzzing

Buy Now
Questions 73

Area density refers to:

Options:

A.

the amount of data per disk

B.

the amount of data per partition

C.

the amount of data per square inch

D.

the amount of data per platter

Buy Now
Questions 74

You are assisting in the investigation of a possible Web Server Hack. The company who called you stated that customers reported to them that whenever they entered the web address of the company in their browser, what they received was a porno graphic web site. The company checked the web server and nothing appears wrong. When you type in the IP address of the web site in your browser everything appears normal. What is the name of the attack that affects the DNS cache of the name resolution servers, resulting in those servers directing users to the wrong web site?

Options:

A.

ARP Poisoning

B.

DNS Poisoning

C.

HTTP redirect attack

D.

IP Spoofing

Buy Now
Questions 75

Which of the following stages in a Linux boot process involve initialization of the system’s hardware?

Options:

A.

BIOS Stage

B.

Bootloader Stage

C.

BootROM Stage

D.

Kernel Stage

Buy Now
Questions 76

What is the CIDR from the following screenshot?

Options:

A.

/24A./24A./24

B.

/32 B./32 B./32

C.

/16 C./16 C./16

D.

/8D./8D./8

Buy Now
Questions 77

Which of the following attacks allows an attacker to access restricted directories, including application source code, configuration and critical system files, and to execute commands outside of the web server’s root directory?

Options:

A.

Parameter/form tampering

B.

Unvalidated input

C.

Directory traversal

D.

Security misconfiguration

Buy Now
Questions 78

When a router receives an update for its routing table, what is the metric value change to that path?

Options:

A.

Increased by 2

B.

Decreased by 1

C.

Increased by 1

D.

Decreased by 2

Buy Now
Questions 79

Which of the following acts as a network intrusion detection system as well as network intrusion prevention system?

Options:

A.

Accunetix

B.

Nikto

C.

Snort

D.

Kismet

Buy Now
Questions 80

When a user deletes a file or folder, the system stores complete path including the original filename is a special hidden file called “INFO2” in the Recycled folder. If the INFO2 file is deleted, it is recovered when you ______________________.

Options:

A.

Undo the last action performed on the system

B.

Reboot Windows

C.

Use a recovery tool to undelete the file

D.

Download the file from Microsoft website

Buy Now
Questions 81

You have been called in to help with an investigation of an alleged network intrusion. After questioning the members of the company IT department, you search through the server log files to find any trace of the intrusion. After that you decide to telnet into one of the company routers to see if there is any evidence to be found. While connected to the router, you see some unusual activity and believe that the attackers are currently connected to that router. You start up an ethereal session to begin capturing traffic on the router that could be used in the investigation. At what layer of the OSI model are you monitoring while watching traffic to and from the router?

Options:

A.

Network

B.

Transport

C.

Data Link

D.

Session

Buy Now
Questions 82

What layer of the OSI model do TCP and UDP utilize?

Options:

A.

Data Link

B.

Network

C.

Transport

D.

Session

Buy Now
Questions 83

Preparing an image drive to copy files to is the first step in Linux forensics. For this purpose, what would the following command accomplish?

dcfldd if=/dev/zero of=/dev/hda bs=4096 conv=noerror, sync

Options:

A.

Fill the disk with zeros

B.

Low-level format

C.

Fill the disk with 4096 zeros

D.

Copy files from the master disk to the slave disk on the secondary IDE controller

Buy Now
Questions 84

Which of the following standard represents a legal precedent sent in 1993 by the Supreme Court of the United States regarding the admissibility of expert witnesses’ testimony during federal legal proceedings?

Options:

A.

IOCE

B.

SWGDE & SWGIT

C.

Frye

D.

Daubert

Buy Now
Questions 85

Which MySQL log file contains information on server start and stop?

Options:

A.

Slow query log file

B.

General query log file

C.

Binary log

D.

Error log file

Buy Now
Questions 86

When searching through file headers for picture file formats, what should be searched to find a JPEG file in hexadecimal format?

Options:

A.

FF D8 FF E0 00 10

B.

FF FF FF FF FF FF

C.

FF 00 FF 00 FF 00

D.

EF 00 EF 00 EF 00

Buy Now
Questions 87

A picture file is recovered from a computer under investigation. During the investigation process, the file is enlarged 500% to get a better view of its contents. The picture quality is not degraded at all from this process. What kind of picture is this file. What kind of picture is this file?

Options:

A.

Raster image

B.

Vector image

C.

Metafile image

D.

Catalog image

Buy Now
Questions 88

Which of the following Event Correlation Approach is an advanced correlation method that assumes and predicts what an attacker can do next after the attack by studying the statistics and probability and uses only two variables?

Options:

A.

Bayesian Correlation

B.

Vulnerability-Based Approach

C.

Rule-Based Approach

D.

Route Correlation

Buy Now
Exam Code: 312-49v9
Exam Name: ECCouncil Computer Hacking Forensic Investigator (V9)
Last Update: Dec 26, 2024
Questions: 589
312-49v9 pdf

312-49v9 PDF

$25.5  $84.99
312-49v9 Engine

312-49v9 Testing Engine

$30  $99.99
312-49v9 PDF + Engine

312-49v9 PDF + Testing Engine

$40.5  $134.99