EC-COUNCIL 312-49 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-49 Online Questions & Answers

• Question 381:

  You are called in to assist the police in an investigation involving a suspected drug dealer. The suspects house was searched by the police after a warrant was obtained and they located a floppy disk in the suspects bedroom. The disk contains several files, but they appear to be password protected. What are two common methods used by password cracking software that you can use to obtain the password?

  A. Limited force and library attack
  B. Brute Force and dictionary Attack
  C. Maximum force and thesaurus Attack
  D. Minimum force and appendix Attack
  B. Brute Force and dictionary Attack

• Question 382:

  How will you categorize a cybercrime that took place within a CSP's cloud environment?

  A. Cloud as a Subject
  B. Cloud as a Tool
  C. Cloud as an Audit
  D. Cloud as an Object
  D. Cloud as an Object

• Question 383:

  Amelia has got an email from a well-reputed company stating in the subject line that she has won a prize money, whereas the email body says that she has to pay a certain amount for being eligible for the contest. Which of the following acts does the email breach?

  A. CAN-SPAM Act
  B. HIPAA
  C. GLBA
  D. SOX
  A. CAN-SPAM Act

• Question 384:

  In the following directory listing,

  

  Which file should be used to restore archived email messages for someone using Microsoft Outlook?

  A. Outlook bak
  B. Outlook ost
  C. Outlook NK2
  D. Outlook pst
  D. Outlook pst

• Question 385:

  You have been called in to help with an investigation of an alleged network intrusion. After questioning the members of the company IT department, you search through the server log files to find any trace of the intrusion. After that you decide to telnet into one of the company routers to see if there is any evidence to be found. While connected to the router, you see some unusual activity and believe that the attackers are currently connected to that router. You start up an ethereal session to begin capturing traffic on the router that could be used in the investigation. At what layer of the OSI model are you monitoring while watching traffic to and from the router?

  A. Network
  B. Transport
  C. Data Link
  D. Session
  A. Network

• Question 386:

  While searching through a computer under investigation, you discover numerous files that appear to have had the first letter of the file name replaced by the hex code byte 5h. What does this indicate on the computer?

  A. The files have been marked as hidden
  B. The files have been marked for deletion
  C. The files are corrupt and cannot be recovered
  D. The files have been marked as read-only
  B. The files have been marked for deletion

• Question 387:

  When reviewing web logs, you see an entry for resource not found in the HTTP status code filed. What is the actual error code that you would see in the log for resource not found?

  A. 202
  B. 404
  C. 505
  D. 909
  B. 404

• Question 388:

  During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore, you report this evidence. This type of evidence is known as:

  A. Inculpatory evidence
  B. Mandatory evidence
  C. Exculpatory evidence
  D. Terrible evidence
  C. Exculpatory evidence

• Question 389:

  Report writing is a crucial stage in the outcome of an investigation. Which information should not be included in the report section?

  A. Speculation or opinion as to the cause of the incident
  B. Purpose of the report
  C. Author of the report
  D. Incident summary
  A. Speculation or opinion as to the cause of the incident

• Question 390:

  If you plan to startup a suspect's computer, you must modify the ___________ to ensure that you do not contaminate or alter data on the suspect's hard drive by booting to the hard drive.

  A. deltree command
  B. CMOS
  C. Boot.sys
  D. Scandisk utility
  C. Boot.sys