EC-COUNCIL 312-49 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-49 Online Questions & Answers

• Question 471:

  Which file is a sequence of bytes organized into blocks understandable by the system's linker?

  A. executable file
  B. source file
  C. Object file
  D. None of these
  C. Object file

• Question 472:

  An investigator is searching through the firewall logs of a company and notices ICMP packets that are larger than 65,536 bytes. What type of activity is the investigator seeing?

  A. Smurf
  B. Ping of death
  C. Fraggle
  D. Nmap scan
  B. Ping of death

• Question 473:

  How often must a company keep log files for them to be admissible in a court of law?

  A. All log files are admissible in court no matter their frequency
  B. Weekly
  C. Monthly
  D. Continuously
  D. Continuously

• Question 474:

  A state department site was recently attacked and all the servers had their disks erased. The incident response team sealed the area and commenced investigation. During evidence collection they came across a zip disks that did not have the standard labeling on it. The incident team ran the disk on an isolated system and found that the system disk was accidentally erased. They decided to call in the FBI for further investigation. Meanwhile, they short listed possible suspects including three summer interns. Where did the incident team go wrong?

  A. They examined the actual evidence on an unrelated system
  B. They attempted to implicate personnel without proof
  C. They tampered with evidence by using it
  D. They called in the FBI without correlating with the fingerprint data
  C. They tampered with evidence by using it

• Question 475:

  What header field in the TCP/IP protocol stack involves the hacker exploit known as the Ping of Death?

  A. ICMP header field
  B. TCP header field
  C. IP header field
  D. UDP header field
  B. TCP header field

• Question 476:

  What do you call the process in which an attacker uses magnetic field over the digital media device to delete any previously stored data?

  A. Disk deletion
  B. Disk cleaning
  C. Disk degaussing
  D. Disk magnetization
  C. Disk degaussing

• Question 477:

  Analyze the hex representation of mysql-bin.000013 file in the screenshot below. Which of the following will be an inference from this analysis?

  

  A. A user with username bad_guy has logged into the WordPress web application
  B. A WordPress user has been created with the username anonymous_hacker
  C. An attacker with name anonymous_hacker has replaced a user bad_guy in the WordPress database
  D. A WordPress user has been created with the username bad_guy
  D. A WordPress user has been created with the username bad_guy

• Question 478:

  What method of copying should always be performed first before carrying out an investigation?

  A. Parity-bit copy
  B. Bit-stream copy
  C. MS-DOS disc copy
  D. System level copy
  B. Bit-stream copy

• Question 479:

  Raw data acquisition format creates _________ of a data set or suspect drive.

  A. Segmented image files
  B. Simple sequential flat files
  C. Compressed image files
  D. Segmented files
  B. Simple sequential flat files

• Question 480:

  Company ABC has employed a firewall, IDS, Antivirus, Domain Controller, and SIEM. The company's domain controller goes down. From which system would you begin your investigation?

  A. Domain Controller
  B. Firewall
  C. SIEM
  D. IDS
  C. SIEM