EC-COUNCIL 312-49 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-49 Online Questions & Answers

• Question 241:

  Sheila is a forensics trainee and is searching for hidden image files on a hard disk. She used a forensic investigation tool to view the media in hexadecimal code for simplifying the search process. Which of the following hex codes should she look for to identify image files?

  A. ff d8 ff
  B. 25 50 44 46
  C. d0 0f 11 e0
  D. 50 41 03 04
  A. ff d8 ff

• Question 242:

  Volatile Memory is one of the leading problems for forensics. Worms such as code Red are memory resident and do write themselves to the hard drive, if you turn the system off they disappear. In a lab environment, which of the following options would you suggest as the most appropriate to overcome the problem of capturing volatile memory?

  A. Use VMware to be able to capture the data in memory and examine it
  B. Give the Operating System a minimal amount of memory, forcing it to use a swap file
  C. Create a Separate partition of several hundred megabytes and place the swap file there
  D. Use intrusion forensic techniques to study memory resident infections
  C. Create a Separate partition of several hundred megabytes and place the swap file there

• Question 243:

  Which of the following technique creates a replica of an evidence media?

  A. Data Extraction
  B. Backup
  C. Bit Stream Imaging
  D. Data Deduplication
  C. Bit Stream Imaging

• Question 244:

  Jason discovered a file named $RIYG6VR.doc in the C:\$Recycle.Bin\\ while analyzing a hard disk image for the deleted data. What inferences can he make from the file name?

  A. It is a doc file deleted in seventh sequential order
  B. RIYG6VR.doc is the name of the doc file deleted from the system
  C. It is file deleted from R drive
  D. It is a deleted doc file
  D. It is a deleted doc file

• Question 245:

  Which password cracking technique uses every possible combination of character sets?

  A. Rainbow table attack
  B. Brute force attack
  C. Rule-based attack
  D. Dictionary attack
  B. Brute force attack

• Question 246:

  For what purpose do the investigators use tools like iPhoneBrowser, iFunBox, OpenSSHSSH, and iMazing?

  A. Bypassing iPhone passcode
  B. Debugging iPhone
  C. Rooting iPhone
  D. Copying contents of iPhone
  A. Bypassing iPhone passcode

• Question 247:

  What will the following command accomplish? dd if=/dev/xxx of=mbr.backup bs=512 count=1

  A. Back up the master boot record
  B. Restore the master boot record
  C. Mount the master boot record on the first partition of the hard drive
  D. Restore the first 512 bytes of the first partition of the hard drive
  A. Back up the master boot record

• Question 248:

  When investigating a computer forensics case where Microsoft Exchange and Blackberry Enterprise server are used, where would investigator need to search to find email sent from a Blackberry device?

  A. RIM Messaging center
  B. Blackberry Enterprise server
  C. Microsoft Exchange server
  D. Blackberry desktop redirector
  C. Microsoft Exchange server

• Question 249:

  When should an MD5 hash check be performed when processing evidence?

  A. After the evidence examination has been completed
  B. On an hourly basis during the evidence examination
  C. Before and after evidence examination
  D. Before the evidence examination has been completed
  C. Before and after evidence examination

• Question 250:

  Jacky encrypts her documents using a password. It is known that she uses her daughter's year of birth as part of the password. Which password cracking technique would be optimal to crack her password?

  A. Rule-based attack
  B. Brute force attack
  C. Syllable attack
  D. Hybrid attack
  A. Rule-based attack