EC-COUNCIL 312-49V10 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-49V10 Online Questions & Answers

• Question 171:

  Which forensic investigation methodology believes that criminals commit crimes solely to benefit their criminal enterprises?

  A. Scientific Working Group on Digital Evidence
  B. Daubert Standard
  C. Enterprise Theory of Investigation
  D. Fyre Standard
  C. Enterprise Theory of Investigation

• Question 172:

  You are conducting an investigation of fraudulent claims in an insurance company that involves complex text searches through large numbers of documents. Which of the following tools would allow you to quickly and efficiently search for a string within a file on the bitmap image of the target computer?

  A. Stringsearch
  B. grep
  C. dir
  D. vim
  B. grep

• Question 173:

  Which of the following is NOT a physical evidence?

  A. Removable media
  B. Cables
  C. Image file on a hard disk
  D. Publications
  C. Image file on a hard disk

• Question 174:

  Determine the message length from following hex viewer record:

  

  A. 6E2F
  B. 13
  C. 27
  D. 810D
  D. 810D

• Question 175:

  After an SQL Injection attack, an investigator is examining a log entry in an IIS log from a Windows-based server. The investigator notices a suspicious GET request: Id=ORD-001%27%20or%201=1;--. What can the investigator infer from this decoded query in the investigation?

  A. The attack has attempted to extract database and table names
  B. The attack was made from a Linux machine
  C. The attack has bypassed authentication to access sensitive data from the database
  D. The attack is trying to retrieve the number of columns that are vulnerable to attack
  C. The attack has bypassed authentication to access sensitive data from the database

• Question 176:

  You are assigned a task to examine the log files pertaining to MyISAM storage engine. While examining, you are asked to perform a recovery operation on a MyISAM log file. Which among the following MySQL Utilities allow you to do so?

  A. mysqldump
  B. myisamaccess
  C. myisamlog
  D. myisamchk
  C. myisamlog

• Question 177:

  Which of the following files stores information about a local Google Drive installation such as User email ID, Local Sync Root Path, and Client version installed?

  A. filecache.db
  B. config.db
  C. sigstore.db
  D. Sync_config.db
  D. Sync_config.db

• Question 178:

  Which of the following statements is TRUE with respect to the Registry settings in the user start-up folder HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\

  A. All the values in this subkey run when specific user logs on, as this setting is user-specific
  B. The string specified in the value run executes when user logs on
  C. All the values in this key are executed at system start-up
  D. All values in this subkey run when specific user logs on and then the values are deleted
  D. All values in this subkey run when specific user logs on and then the values are deleted

• Question 179:

  SIM is a removable component that contains essential information about the subscriber. It has both volatile and non-volatile memory. The file system of a SIM resides in _____________ memory.

  A. Volatile
  B. Non-volatile
  B. Non-volatile

• Question 180:

  What is the investigator trying to analyze if the system gives the following image as output?

  

  A. All the logon sessions
  B. Currently active logon sessions
  C. Inactive logon sessions
  D. Details of users who can logon
  B. Currently active logon sessions