EC-COUNCIL 312-49 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-49 Online Questions & Answers

• Question 191:

  Which of the following file contains the traces of the applications installed, run, or uninstalled from a system?

  A. Shortcut Files
  B. Virtual files
  C. Prefetch Files
  D. Image Files
  A. Shortcut Files

• Question 192:

  Terri works for a security consulting firm that is currently performing a penetration test on First National Bank in Tokyo. Terri's duties include bypassing firewalls and switches to gain access to the network. Terri sends an IP packet to one of the company's switches with ACK bit and the source address of her machine set. What is Terri trying to accomplish by sending this IP packet?

  A. Trick the switch into thinking it already has a session with Terri's computer
  B. Poison the switch's MAC address table by flooding it with ACK bits
  C. Crash the switch with a DoS attack since switches cannot send ACK bits
  D. Enable tunneling feature on the switch
  A. Trick the switch into thinking it already has a session with Terri's computer

• Question 193:

  In the following email header, where did the email first originate from?

  

  A. Somedomain.com
  B. Smtp1.somedomain.com
  C. Simon1.state.ok.gov.us
  D. David1.state.ok.gov.us
  C. Simon1.state.ok.gov.us

• Question 194:

  What does mactime, an essential part of the coroner's toolkit do?

  A. It traverses the file system and produces a listing of all files based on the modification, access and change timestamps
  B. It can recover deleted file space and search it for data. However, it does not allow the investigator to preview them
  C. The tools scans for i-node information, which is used by other tools in the tool kit
  D. It is too specific to the MAC OS and forms a core component of the toolkit
  A. It traverses the file system and produces a listing of all files based on the modification, access and change timestamps

• Question 195:

  Which of the following options will help users to enable or disable the last access time on a system running Windows 10 OS?

  A. wmic service
  B. Reg.exe
  C. fsutil
  D. Devcon
  C. fsutil

• Question 196:

  Examination of a computer by a technically unauthorized person will almost always result in:

  A. Rendering any evidence found inadmissible in a court of law
  B. Completely accurate results of the examination
  C. The chain of custody being fully maintained
  D. Rendering any evidence found admissible in a court of law
  A. Rendering any evidence found inadmissible in a court of law

• Question 197:

  How many bits is Source Port Number in TCP Header packet?

  A. 16
  B. 32
  C. 48
  D. 64
  A. 16

• Question 198:

  While analyzing a hard disk, the investigator finds that the file system does not use UEFI-based interface. Which of the following operating systems is present on the hard disk?

  A. Windows 10
  B. Windows 8
  C. Windows 7
  D. Windows 8.1
  C. Windows 7

• Question 199:

  What technique is used by JPEGs for compression?

  A. TIFF-8
  B. ZIP
  C. DCT
  D. TCD
  C. DCT

• Question 200:

  Simon is a former employee of Trinitron XML Inc. He feels he was wrongly terminated and wants to hack into his former company's network. Since Simon remembers some of the server names, he attempts to run the axfr and ixfr commands using DIG. What is Simon trying to accomplish here?

  A. Send DOS commands to crash the DNS servers
  B. Perform DNS poisoning
  C. Perform a zone transfer
  D. Enumerate all the users in the domain
  C. Perform a zone transfer