EC-COUNCIL 312-49 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-49 Online Questions & Answers

• Question 391:

  Which of the following examinations refers to the process of providing the opposing side in a trial the opportunity to question a witness?

  A. Cross Examination
  B. Direct Examination
  C. Indirect Examination
  D. Witness Examination
  A. Cross Examination

• Question 392:

  Which of the following ISO standard defines file systems and protocol for exchanging data between optical disks?

  A. ISO 9660
  B. ISO/IEC 13940
  C. ISO 9060
  D. IEC 3490
  A. ISO 9660

• Question 393:

  Microsoft Outlook maintains email messages in a proprietary format in what type of file?

  A. .email
  B. .mail
  C. .pst
  D. .doc
  C. .pst

• Question 394:

  At what layer does a cross site scripting attack occur on?

  A. Presentation
  B. Application
  C. Session
  D. Data Link
  B. Application

• Question 395:

  Lance wants to place a honeypot on his network. Which of the following would be your recommendations?

  A. Use a system that has a dynamic addressing on the network
  B. Use a system that is not directly interacting with the router
  C. Use it on a system in an external DMZ in front of the firewall
  D. It doesn't matter as all replies are faked
  D. It doesn't matter as all replies are faked

• Question 396:

  When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?

  A. a write-blocker
  B. a protocol analyzer
  C. a firewall
  D. a disk editor
  A. a write-blocker

• Question 397:

  Which among the following search warrants allows the first responder to get the victim's computer information such as service records, billing records, and subscriber information from the service provider?

  A. Citizen Informant Search Warrant
  B. Electronic Storage Device Search Warrant
  C. John Doe Search Warrant
  D. Service Provider Search Warrant
  B. Electronic Storage Device Search Warrant

• Question 398:

  Email archiving is a systematic approach to save and protect the data contained in emails so that it can be accessed fast at a later date. There are two main archive types, namely Local Archive and Server Storage Archive. Which of the following statements is correct while dealing with local archives?

  A. Server storage archives are the server information and settings stored on a local system, whereas the local archives are the local email client information stored on the mail server
  B. It is difficult to deal with the webmail as there is no offline archive in most cases. So consult your counsel on the case as to the best way to approach and gain access to the required data on servers
  C. Local archives should be stored together with the server storage archives in order to be admissible in a court of law
  D. Local archives do not have evidentiary value as the email client may alter the message data
  B. It is difficult to deal with the webmail as there is no offline archive in most cases. So consult your counsel on the case as to the best way to approach and gain access to the required data on servers

• Question 399:

  The given image displays information about date and time of installation of the OS along with service packs, patches, and sub-directories. What command or tool did the investigator use to view this output?

  

  A. dir /o:d
  B. dir /o:s
  C. dir /o:e
  D. dir /o:n
  A. dir /o:d

• Question 400:

  What does the superblock in Linux define?

  A. filesynames
  B. diskgeometr
  C. location of the firstinode
  D. available space
  C. location of the firstinode