EC-COUNCIL 312-49 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-49 Online Questions & Answers

• Question 341:

  What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever the course of its lifetime?

  A. forensic duplication of hard drive
  B. analysis of volatile data
  C. comparison of MD5 checksums
  D. review of SIDs in the Registry
  C. comparison of MD5 checksums

• Question 342:

  What type of analysis helps to identify the time and sequence of events in an investigation?

  A. Time-based
  B. Functional
  C. Relational
  D. Temporal
  D. Temporal

• Question 343:

  If a PDA is seized in an investigation while the device is turned on, what would be the proper procedure?

  A. Keep the device powered on
  B. Turn off the device immediately
  C. Remove the battery immediately
  D. Remove any memory cards immediately
  A. Keep the device powered on

• Question 344:

  Harold is a web designer who has completed a website for ghttech.net. As part of the maintenance agreement he signed with the client, Harold is performing research online and seeing how much exposure the site has received so far. Harold navigates to google.com and types in the following search. link:www.ghttech.net What will this search produce?

  A. All sites that ghttech.net links to
  B. All sites that link to ghttech.net
  C. All search engines that link to .net domains
  D. Sites that contain the code: link:www.ghttech.net
  B. All sites that link to ghttech.net

• Question 345:

  After attending a CEH security seminar, you make a list of changes you would like to perform on your network to increase its security. One of the first things you change is to switch the RestrictAnonymous setting from 0 to 1 on your servers. This, as you were told, would prevent anonymous users from establishing a null session on the server. Using Userinfo tool mentioned at the seminar, you succeed in establishing a null session with one of the servers. Why is that?

  A. RestrictAnonymous must be set to "10" for complete security
  B. RestrictAnonymous must be set to "3" for complete security
  C. RestrictAnonymous must be set to "2" for complete security
  D. There is no way to always prevent an anonymous null session from establishing
  C. RestrictAnonymous must be set to "2" for complete security

• Question 346:

  During forensics investigations, investigators tend to collect the system time at first and compare it with UTC. What does the abbreviation UTC stand for?

  A. Coordinated Universal Time
  B. Universal Computer Time
  C. Universal Time for Computers
  D. Correlated Universal Time
  A. Coordinated Universal Time

• Question 347:

  A computer forensics investigator is inspecting the firewall logs for a large financial institution that has employees working 24 hours a day, 7 days a week.

  

  What can the investigator infer from the screenshot seen below?

  A. A smurf attack has been attempted
  B. A denial of service has been attempted
  C. Network intrusion has occurred
  D. Buffer overflow attempt on the firewall.
  C. Network intrusion has occurred

• Question 348:

  What does the command "C:\>wevtutil gl " display?

  A. Configuration information of a specific Event Log
  B. Event logs are saved in .xml format
  C. Event log record structure
  D. List of available Event Logs
  A. Configuration information of a specific Event Log

• Question 349:

  ____________________ is simply the application of Computer Investigation and analysis techniques in the interests of determining potential legal evidence.

  A. Network Forensics
  B. Computer Forensics
  C. Incident Response
  D. Event Reaction
  B. Computer Forensics

• Question 350:

  Which of the following is a precomputed table containing word lists like dictionary files and brute force lists and their hash values?

  A. Directory Table
  B. Rainbow Table
  C. Master file Table (MFT)
  D. Partition Table
  B. Rainbow Table