Which of the following setups should a tester choose to analyze malware behavior?
A. A virtual system with internet connection
B. A normal system without internet connect
C. A normal system with internet connection
D. A virtual system with network simulation for internet connection
Which among the following search warrants allows the first responder to search and seize the victim's computer components such as hardware, software, storage devices, and documentation?
A. John Doe Search Warrant
B. Citizen Informant Search Warrant
C. Electronic Storage Device Search Warrant
D. Service Provider Search Warrant
Centralized binary logging is a process in which many websites write binary and unformatted log data to a single log file. What extension should the investigator look to find its log file?
A. .cbl
B. .log
C. .ibl
D. .txt
During an investigation of an XSS attack, the investigator comes across the term "[a-zA-Z0-9\%]+" in analyzed evidence details. What is the expression used for?
A. Checks for upper and lower-case alphanumeric string inside the tag, or its hex representation
B. Checks for forward slash used in HTML closing tags, its hex or double-encoded hex equivalent
C. Checks for opening angle bracket, its hex or double-encoded hex equivalent
D. Checks for closing angle bracket, hex or double-encoded hex equivalent
The Recycle Bin exists as a metaphor for throwing files away, but it also allows a user to retrieve and restore files. Once the file is moved to the recycle bin, a record is added to the log file that exists in the Recycle Bin. Which of the following files contains records that correspond to each deleted file in the Recycle Bin?
A. INFO2
B. INFO1
C. LOGINFO1
D. LOGINFO2
Adam, a forensic analyst, is preparing VMs for analyzing a malware. Which of the following is NOT a best practice?
A. Isolating the host device
B. Installing malware analysis tools
C. Using network simulation tools
D. Enabling shared folders
Examination of a computer by a technically unauthorized person will almost always result in:
A. Rendering any evidence found inadmissible in a court of law
B. Completely accurate results of the examination
C. The chain of custody being fully maintained
D. Rendering any evidence found admissible in a court of law
Which of the following attack uses HTML tags like ?
A. Phishing
B. XSS attack
C. SQL injection
D. Spam
Which of the following Perl scripts will help an investigator to access the executable image of a process?
A. Lspd.pl
B. Lpsi.pl
C. Lspm.pl
D. Lspi.pl
In which registry does the system store the Microsoft security IDs?
A. HKEY_CLASSES_ROOT (HKCR)
B. HKEY_CURRENT_CONFIG (HKCC)
C. HKEY_CURRENT_USER (HKCU)
D. HKEY_LOCAL_MACHINE (HKLM)
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.