In handling computer-related incidents, which IT role should be responsible for recovery, containment, and prevention to constituents?
A. Security AdministratorJohn is using Firewalk to test the security of his Cisco PIX firewall. He is also utilizing a sniffer located on a subnet that resides deep inside his network. After analyzing the sniffer log files, he does not see any of the traffic produced by Firewalk. Why is that?
A. Firewalk sets all packets with a TTL of oneYou are assigned to work in the computer forensics lab of a state police agency. While working on a high profile criminal case, you have followed every applicable procedure, however your boss is still concerned that the defense attorney might question wheather evidence has been changed while at the lab.
What can you do to prove that the evidence is the same as it was when it first entered the lab?
A. Sign a statement attesting that the evidence is the same as it was when it entered the labYou should always work with original evidence
A. TrueAn investigator is examining a compromised system and comes across some files that have been compressed with a packer. The investigator knows that these files contain malicious content, but cannot access them due to a password protection mechanism. The investigator does nothave the password.
Which approach is the most suitable for accessing the contents of the packed files?
A. The investigator should attempt static analysis on the packed fileA forensic investigator prepares to present digital evidence related to a high-profile cybercrime case in court. He needs to ensure that the evidence complies with the five basic rules of evidence. Which of the following actions does NOT align with these rules?
A. He gets an expert opinion to confirm the investigation process and make the evidence understandableA CHFI has been tasked to analyze Windows Security Logs in a highly complex and multi-layered security breach investigation. The breach involved an account creation, privilege escalation, and the installation of a service, all happening sequentially within a short duration. The investigator is required to retrieve a combination of Event IDs that would chronologically corroborate these events.
Which combination of Event IDs should the investigator focus on?
A. Event ID 624, Event ID 4670, and Event ID 6011With Regard to using an Antivirus scanner during a computer forensics investigation, You should:
A. Scan the suspect hard drive before beginning an investigationWhich is not a part of environmental conditions of a forensics lab?
A. Large dimensions of the roomYou are assisting a Department of Defense contract company to become compliant with the stringent security policies set by the DoD. One such strict rule is that firewalls must only allow incoming connections that were first initiated by internal computers. What type of firewall must you implement to abide by this policy?
A. Packet filtering firewallNowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.