EC-COUNCIL 312-49 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-49 Online Questions & Answers

• Question 131:

  Korey, a data mining specialist in a knowledge processing firm DataHub.com, reported his CISO that he has lost certain sensitive data stored on his laptop. The CISO wants his forensics investigation team to find if the data loss was accident or intentional. In which of the following category this case will fall?

  A. Civil Investigation
  B. Administrative Investigation
  C. Both Civil and Criminal Investigations
  D. Criminal Investigation
  B. Administrative Investigation

• Question 132:

  A forensics investigator is searching the hard drive of a computer for files that were recently moved to the Recycle Bin. He searches for files in C:\RECYCLED using a command line tool but does not find anything. What is the reason for this?

  A. He should search in C:\Windows\System32\RECYCLED folder
  B. The Recycle Bin does not exist on the hard drive
  C. The files are hidden and he must use switch to view them
  D. Only FAT system contains RECYCLED folder and not NTFS
  C. The files are hidden and he must use switch to view them

• Question 133:

  Centralized binary logging is a process in which many websites write binary and unformatted log data to a single log file. What extension should the investigator look to find its log file?

  A. .cbl
  B. .log
  C. .ibl
  D. .txt
  C. .ibl

• Question 134:

  The rule of thumb when shutting down a system is to pull the power plug. However, it has certain drawbacks. Which of the following would that be?

  A. Any data not yet flushed to the system will be lost
  B. All running processes will be lost
  C. The /tmp directory will be flushed
  D. Power interruption will corrupt the pagefile
  A. Any data not yet flushed to the system will be lost

• Question 135:

  When examining a hard disk without a write-blocker, you should not start windows because Windows will write data to the:

  A. Recycle Bin
  B. MSDOS.sys
  C. BIOS
  D. Case files
  A. Recycle Bin

• Question 136:

  You have used a newly released forensic investigation tool, which doesn't meet the Daubert Test, during a case. The case has ended-up in court. What argument could the defense make to weaken your case?

  A. The tool hasn't been tested by the International Standards Organization (ISO)
  B. Only the local law enforcement should use the tool
  C. The total has not been reviewed and accepted by your peers
  D. You are not certified for using the tool
  C. The total has not been reviewed and accepted by your peers

• Question 137:

  On an Active Directory network using NTLM authentication, where on the domain controllers are the passwords stored?

  A. SAM
  B. AMS
  C. Shadow file
  D. Password.conf
  A. SAM

• Question 138:

  Corporate investigations are typically easier than public investigations because:

  A. the users have standard corporate equipment and software
  B. the investigator does not have to get a warrant
  C. the investigator has to get a warrant
  D. the users can load whatever they want on their machines
  B. the investigator does not have to get a warrant

• Question 139:

  Which of the following is a responsibility of the first responder?

  A. Determine the severity of the incident
  B. Collect as much information about the incident as possible
  C. Share the collected information to determine the root cause
  D. Document the findings
  B. Collect as much information about the incident as possible

• Question 140:

  What feature of Windows is the following command trying to utilize?

  

  A. White space
  B. AFS
  C. ADS
  D. Slack file
  C. ADS