Adam, a forensic investigator, is investigating an attack on Microsoft Exchange Server of a large organization. As the first step of the investigation, he examined the PRIV.EDB file and found the source from where the mail originated and the name of the file that disappeared upon execution. Now, he wants to examine the MIME stream content. Which of the following files is he going to examine?
A. PRIV.STM
B. gwcheck.db
C. PRIV.EDB
D. PUB.EDB
Which of the following is a database in which information about every file and directory on an NT File System (NTFS) volume is stored?
A. Volume Boot Record
B. Master Boot Record
C. GUID Partition Table
D. Master File Table
Smith, a network administrator with a large MNC, was the first to arrive at a suspected crime scene involving criminal use of compromised computers. What should be his first response while maintaining the integrity of evidence?
A. Record the system state by taking photographs of physical system and the display
B. Perform data acquisition without disturbing the state of the systems
C. Open the systems, remove the hard disk and secure it
D. Switch off the systems and carry them to the laboratory
Which of the following files stores information about a local Google Drive installation such as User email ID, Local Sync Root Path, and Client version installed?
A. filecache.db
B. config.db
C. sigstore.db
D. Sync_config.db
An expert witness is a __________________ who is normally appointed by a party to assist the formulation and preparation of a party's claim or defense.
A. Expert in criminal investigation
B. Subject matter specialist
C. Witness present at the crime scene
D. Expert law graduate appointed by attorney
Annie is searching for certain deleted files on a system running Windows XP OS. Where will she find the files if they were not completely deleted from the system?
A. C: $Recycled.Bin
B. C: \$Recycle.Bin
C. C:\RECYCLER
D. C:\$RECYCLER
In Steganalysis, which of the following describes a Known-stego attack?
A. The hidden message and the corresponding stego-image are known
B. During the communication process, active attackers can change cover
C. Original and stego-object are available and the steganography algorithm is known
D. Only the steganography medium is available for analysis
What is the size value of a nibble?
A. 0.5 kilo byte
B. 0.5 bit
C. 0.5 byte
D. 2 bits
Which of the following tool enables a user to reset his/her lost admin password in a Windows system?
A. Advanced Office Password Recovery
B. Active@ Password Changer
C. Smartkey Password Recovery Bundle Standard
D. Passware Kit Forensic
Which of the following acts as a network intrusion detection system as well as network intrusion prevention system?
A. Accunetix
B. Nikto
C. Snort
D. Kismet
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.