EC-COUNCIL 312-49 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-49 Online Questions & Answers

• Question 431:

  What system details can an investigator obtain from the NetBIOS name table cache?

  A. List of files opened on other systems
  B. List of the system present on a router
  C. List of connections made to other systems
  D. List of files shared between the connected systems
  C. List of connections made to other systems

• Question 432:

  What is kept in the following directory? HKLM\SECURITY\Policy\Secrets

  A. Cached password hashes for the past 20 users
  B. Service account passwords in plain text
  C. IAS account names and passwords
  D. Local store PKI Kerberos certificates
  B. Service account passwords in plain text

• Question 433:

  Which of the following file system is used by Mac OS X?

  A. EFS
  B. HFS+
  C. EXT2
  D. NFS
  B. HFS+

• Question 434:

  You have compromised a lower-level administrator account on an Active Directory network of a small company in Dallas, Texas. You discover Domain Controllers through enumeration. You connect to one of the Domain Controllers on port 389 using ldp.exe. What are you trying to accomplish here?

  A. Poison the DNS records with false records
  B. Enumerate MX and A records from DNS
  C. Establish a remote connection to the Domain Controller
  D. Enumerate domain user accounts and built-in groups
  D. Enumerate domain user accounts and built-in groups

• Question 435:

  How many possible sequence number combinations are there in TCP/IP protocol?

  A. 1 billion
  B. 320 billion
  C. 4 billion
  D. 32 million
  C. 4 billion

• Question 436:

  When analyzing logs, it is important that the clocks of all the network devices are synchronized. Which protocol will help in synchronizing these clocks?

  A. UTC
  B. PTP
  C. Time Protocol
  D. NTP
  D. NTP

• Question 437:

  Smith, a forensic examiner, was analyzing a hard disk image to find and acquire deleted sensitive files. He stumbled upon a $Recycle.Bin folder in the root directory of the disk. Identify the operating system in use.

  A. Windows 98
  B. Linux
  C. Windows 8.1
  D. Windows XP
  D. Windows XP

• Question 438:

  Windows identifies which application to open a file with by examining which of the following?

  A. The File extension
  B. The file attributes
  C. The file Signature at the end of the file
  D. The file signature at the beginning of the file
  A. The File extension

• Question 439:

  Paul is a computer forensics investigator working for Tyler and Company Consultants. Paul has been called upon to help investigate a computer hacking ring broken up by the local police. Paul begins to inventory the PCs found in the hackers hideout. Paul then comes across a PDA left by them that is attached to a number of different peripheral devices. What is the first step that Paul must take with the PDA to ensure the integrity of the investigation?

  A. Place PDA, including all devices, in an antistatic bag
  B. Unplug all connected devices
  C. Power off all devices if currently on
  D. Photograph and document the peripheral devices
  D. Photograph and document the peripheral devices

• Question 440:

  What feature of Decryption Collection allows an investigator to crack a password as quickly as possible?

  A. Cracks every password in 10 minutes
  B. Distribute processing over 16 or fewer computers
  C. Support for Encrypted File System
  D. Support for MD5 hash verification
  B. Distribute processing over 16 or fewer computers