EC-COUNCIL 312-49 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-49 Online Questions & Answers

• Question 291:

  The following excerpt is taken from a honeypot log. The log captures activities across three days.

  There are several intrusion attempts; however, a few are successful.

  (Note: The objective of this question is to test whether the student can read basic information from log entries and interpret the nature of attack.)

  Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169

  Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482

  Apr 24 18:01:05 [4663]: IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53

  Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 -> 172.16.1.107:21

  Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53

  Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53

  Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53

  Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111

  Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80

  Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53

  Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53

  Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by (uid=0)

  Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506)

  Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080

  Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558

  From the options given below choose the one which best interprets the following entry:

  Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53

  A. An IDS evasion technique
  B. A buffer overflow attempt
  C. A DNS zone transfer
  D. Data being retrieved from 63.226.81.13
  A. An IDS evasion technique

• Question 292:

  Travis, a computer forensics investigator, is finishing up a case he has been working on for over a month involving copyright infringement and embezzlement. His last task is to prepare an investigative report for the president of the company he has been working for. Travis must submit a hard copy and an electronic copy to this president. In what electronic format should Travis send this report?

  A. TIFF-8
  B. DOC
  C. WPD
  D. PDF
  D. PDF

• Question 293:

  A forensics investigator needs to copy data from a computer to some type of removable media so he can examine the information at another location. The problem is that the data is around 42GB in size. What type of removable media could the investigator use?

  A. Blu-Ray single-layer
  B. HD-DVD
  C. Blu-Ray dual-layer
  D. DVD-18
  C. Blu-Ray dual-layer

• Question 294:

  Why should you never power on a computer that you need to acquire digital evidence from?

  A. When the computer boots up, files are written to the computer rendering the data nclean
  B. When the computer boots up, the system cache is cleared which could destroy evidence
  C. When the computer boots up, data in the memory buffer is cleared which could destroy evidence
  D. Powering on a computer has no affect when needing to acquire digital evidence from it
  A. When the computer boots up, files are written to the computer rendering the data nclean

• Question 295:

  Where is the default location for Apache access logs on a Linux computer?

  A. usr/local/apache/logs/access_log
  B. bin/local/home/apache/logs/access_log
  C. usr/logs/access_log
  D. logs/usr/apache/access_log
  A. usr/local/apache/logs/access_log

• Question 296:

  If an attacker's computer sends an IPID of 31400 to a zombie computer on an open port in IDLE scanning, what will be the response?

  A. The zombie will not send a response
  B. 31402
  C. 31399
  D. 31401
  D. 31401

• Question 297:

  Microsoft Security IDs are available in Windows Registry Editor. The path to locate IDs in Windows 7 is:

  A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
  B. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProfileList
  C. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegList
  D. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Regedit
  A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

• Question 298:

  What is an investigator looking for in the rp.log file stored in a system running on Windows 10 operating system?

  A. Restore point interval
  B. Automatically created restore points
  C. System CheckPoints required for restoring
  D. Restore point functions
  C. System CheckPoints required for restoring

• Question 299:

  Which of the following tool can the investigator use to analyze the network to detect Trojan activities?

  A. Regshot
  B. TRIPWIRE
  C. RAM Computer
  D. Capsa
  D. Capsa

• Question 300:

  What are the security risks of running a "repair" installation for Windows XP?

  A. Pressing Shift+F10gives the user administrative rights
  B. Pressing Shift+F1gives the user administrative rights
  C. Pressing Ctrl+F10 gives the user administrative rights
  D. There are no security risks when running the "repair" installation for Windows XP
  A. Pressing Shift+F10gives the user administrative rights