EC-COUNCIL 312-49 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-49 Online Questions & Answers

• Question 81:

  In Windows Security Event Log, what does an event id of 530 imply?

  A. Logon Failure - Unknown user name or bad password
  B. Logon Failure - User not allowed to logon at this computer
  C. Logon Failure - Account logon time restriction violation
  D. Logon Failure - Account currently disabled
  C. Logon Failure - Account logon time restriction violation

• Question 82:

  CAN-SPAM act requires that you:

  A. Don't use deceptive subject lines
  B. Don't tell the recipients where you are located
  C. Don't identify the message as an ad
  D. Don't use true header information
  A. Don't use deceptive subject lines

• Question 83:

  One technique for hiding information is to change the file extension from the correct one to one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?

  A. the File Allocation Table
  B. the file header
  C. the file footer
  D. the sector map
  B. the file header

• Question 84:

  What operating system would respond to the following command?

  A. Windows 95
  B. FreeBSD
  C. Windows XP
  D. Mac OS X
  B. FreeBSD

• Question 85:

  You are a security analyst performing reconnaissance on a company you will be carrying out a penetration test for. You conduct a search for IT jobs on Dice.com and find the following information for an open position: 7+ years experience in Windows Server environment 5+ years experience in Exchange 2000/2003 environment Experience with Cisco Pix Firewall, Linksys 1376 router, Oracle 11i and MYOB v3.4 Accounting software are required MCSA desired, MCSE, CEH preferred No Unix/Linux Experience needed What is this information posted on the job website considered?

  A. Social engineering exploit
  B. Competitive exploit
  C. Information vulnerability
  D. Trade secret
  C. Information vulnerability

• Question 86:

  Sniffers that place NICs in promiscuous mode work at what layer of the OSI model?

  A. Network
  B. Transport
  C. Physical
  D. Data Link
  C. Physical

• Question 87:

  Which Intrusion Detection System (IDS) usually produces the most false alarms due to the unpredictable behaviors of users and networks?

  A. network-based IDS systems (NIDS)
  B. host-based IDS systems (HIDS)
  C. anomaly detection
  D. signature recognition
  B. host-based IDS systems (HIDS)

• Question 88:

  Preparing an image drive to copy files to is the first step in Linux forensics. For this purpose, what would the following command accomplish? dcfldd if=/dev/zero of=/dev/hda bs=4096 conv=noerror, sync

  A. Fill the disk with zeros
  B. Low-level format
  C. Fill the disk with 4096 zeros
  D. Copy files from the master disk to the slave disk on the secondary IDE controller
  A. Fill the disk with zeros

• Question 89:

  One technique for hiding information is to change the file extension from the correct one to the one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?

  A. The file header
  B. The File Allocation Table
  C. The file footer
  D. The sector map
  A. The file header

• Question 90:

  Joshua is analyzing an MSSQL database for finding the attack evidence and other details, where should he look for the database logs?

  A. Model.log
  B. Model.txt
  C. Model.ldf
  D. Model.lgf
  C. Model.ldf