How will you categorize a cybercrime that took place within a CSP's cloud environment?
A. Cloud as a Subject
B. Cloud as a Tool
C. Cloud as an Audit
D. Cloud as an Object
Which of the following reports are delivered under oath to a board of directors/managers/panel of the jury?
A. Written Formal Report
B. Verbal Formal Report
C. Verbal Informal Report
D. Written Informal Report
Which of the following data structures stores attributes of a process, as well as pointers to other attributes and data structures?
A. Lsproc
B. DumpChk
C. RegEdit
D. EProcess
Smith, as a part his forensic investigation assignment, seized a mobile device. He was asked to recover the Subscriber Identity Module (SIM card) data in the mobile device. Smith found that the SIM was protected by a Personal Identification Number (PIN) code, but he was also aware that people generally leave the PIN numbers to the defaults or use easily guessable numbers such as 1234. He made three unsuccessful attempts, which blocked the SIM card. What can Jason do in this scenario to reset the PIN and access SIM data?
A. He should contact the network operator for a Temporary Unlock Code (TUK)
B. Use system and hardware tools to gain access
C. He can attempt PIN guesses after 24 hours
D. He should contact the network operator for Personal Unlock Number (PUK)
NTFS has reduced slack space than FAT, thus having lesser potential to hide data in the slack space. This is because:
A. FAT does not index files
B. NTFS is a journaling file system
C. NTFS has lower cluster size space
D. FAT is an older and inefficient file system
Which of the following Event Correlation Approach is an advanced correlation method that assumes and predicts what an attacker can do next after the attack by studying the statistics and probability and uses only two variables?
A. Bayesian Correlation
B. Vulnerability-Based Approach
C. Rule-Based Approach
D. Route Correlation
Which password cracking technique uses every possible combination of character sets?
A. Rainbow table attack
B. Brute force attack
C. Rule-based attack
D. Dictionary attack
Which of the following tool enables data acquisition and duplication?
A. Colasoft's Capsa
B. DriveSpy
C. Wireshark
D. Xplico
What does 254 represent in ICCID 89254021520014515744?
A. Industry Identifier Prefix
B. Country Code
C. Individual Account Identification Number
D. Issuer Identifier Number
Shane has started the static analysis of a malware and is using the tool ResourcesExtract to find more details of the malicious program. What part of the analysis is he performing?
A. Identifying File Dependencies
B. Strings search
C. Dynamic analysis
D. File obfuscation
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.