EC-COUNCIL 312-49 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-49 Online Questions & Answers

• Question 451:

  Where should the investigator look for the Edge browser's browsing records, including history, cache, and cookies?

  A. ESE Database
  B. Virtual Memory
  C. Sparse files
  D. Slack Space
  A. ESE Database

• Question 452:

  Which of the following commands shows you all of the network services running on Windows-based servers?

  A. Netstart
  B. Net Session
  C. Net use
  D. Net config
  A. Netstart

• Question 453:

  Which of the following Windows-based tool displays who is logged onto a computer, either locally or remotely?

  A. Tokenmon
  B. PSLoggedon
  C. TCPView
  D. Process Monitor
  B. PSLoggedon

• Question 454:

  What will the following Linux command accomplish? dd if=/dev/mem of=/home/sam/mem.bin bs=1024

  A. Copy the master boot record to a file
  B. Copy the contents of the system folder to a file
  C. Copy the running memory to a file
  D. Copy the memory dump file to an image file
  C. Copy the running memory to a file

• Question 455:

  Which of the following files gives information about the client sync sessions in Google Drive on Windows?

  A. sync_log.log
  B. Sync_log.log
  C. sync.log
  D. Sync.log
  B. Sync_log.log

• Question 456:

  An Employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the Employees Computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekend. You detain the Employee before he leaves the building and recover the floppy disks and secure his computer. Will you be able to break the encryption so that you can verify that that the employee was in possession of the proprietary information?

  A. EFS uses a 128-bit key that can't be cracked, so you will not be able to recover the information
  B. When the encrypted file was copied to the floppy disk, it was automatically unencrypted, so you can recover the information.
  C. The EFS Revoked Key Agent can be used on the Computer to recover the information
  D. When the Encrypted file was copied to the floppy disk, the EFS private key was also copied to the floppy disk, so you can recover the information.
  B. When the encrypted file was copied to the floppy disk, it was automatically unencrypted, so you can recover the information.

• Question 457:

  Which US law does the interstate or international transportation and receiving of child pornography fall under?

  A. - 8. U.S.C. 1466A
  B. - 8. U.S.C 252
  C. - 8. U.S.C 146A
  D. - 8. U.S.C 2252
  D. - 8. U.S.C 2252

• Question 458:

  During an investigation, an employee was found to have deleted harassing emails that were sent to someone else. The company was using Microsoft Exchange and had message tracking enabled. Where could the investigator search to find the message tracking log file on the Exchange server?

  A. C:\Program Files\Exchsrvr\servername.log
  B. D:\Exchsrvr\Message Tracking\servername.log
  C. C:\Exchsrvr\Message Tracking\servername.log
  D. C:\Program Files\Microsoft Exchange\srvr\servername.log
  A. C:\Program Files\Exchsrvr\servername.log

• Question 459:

  Which of the following standard represents a legal precedent regarding the admissibility of scientific examinations or experiments in legal cases?

  A. SWGDE and SWGIT
  B. Daubert
  C. Frye
  D. IOCE
  C. Frye

• Question 460:

  In the context of file deletion process, which of the following statement holds true?

  A. When files are deleted, the data is overwritten and the cluster marked as available
  B. The longer a disk is in use, the less likely it is that deleted files will be overwritten
  C. While booting, the machine may create temporary files that can delete evidence
  D. Secure delete programs work by completely overwriting the file in one go
  C. While booting, the machine may create temporary files that can delete evidence