EC-COUNCIL 312-49V10 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-49V10 Online Questions & Answers

• Question 361:

  Smith, an employee of a reputed forensic investigation firm, has been hired by a private organization to investigate a laptop that is suspected to be involved in the hacking of the organization's DC server. Smith wants to find all the values typed into the Run box in the Start menu.

  Which of the following registry keys will Smith check to find the above information?

  A. TypedURLs key
  B. MountedDevices key
  C. UserAssist Key
  D. RunMRU key
  D. RunMRU key

• Question 362:

  Which of the following attack uses HTML tags like ?

  A. Phishing
  B. XSS attack
  C. SQL injection
  D. Spam
  B. XSS attack

• Question 363:

  A honey pot deployed with the IP 172. 16. 1.108 was compromised by an attacker. Given below is an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by studying the log. Please note that you are required to infer only what is explicit in the excerpt. (Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.) 03/15-20:21:24. 107053 211.185. 125. 124:3500 -> 172. 16. 1.108:111 TCP TTL:43 TOS:0x0 ID:29726 IpLen:20 DgmLen:52 DF ***A**** Seq: 0x9B6338C5 Ack: 0x5820ADD0 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 23678634 2878772 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= 03/15-20:21:24. 452051 211.185. 125. 124:789 -> 172. 16. 1.103:111 UDP TTL:43 TOS:0x0 ID:29733 IpLen:20 DgmLen:84 Len: 64 01 0A 8A 0A 00 00 00 00 00 00 00 02 00 01 86 A0 . ............. 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 01 86 B8 00 00 00 01 . ..............

  00 00 00 11 00 00 00 00 ........ =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= 03/15-20:21:24. 730436 211.185. 125. 124:790 -> 172. 16. 1.103:32773

  UDP TTL:43 TOS:0x0 ID:29781 IpLen:20 DgmLen:1104 Len: 1084 47 F7 9F 63 00 00 00 00 00 00 00 02 00 01 86 B8

  A. The attacker has conducted a network sweep on port 111
  B. The attacker has scanned and exploited the system using Buffer Overflow
  C. The attacker has used a Trojan on port 32773
  D. The attacker has installed a backdoor
  A. The attacker has conducted a network sweep on port 111

• Question 364:

  Identify the attack from following sequence of actions? Step 1: A user logs in to a trusted site and creates a new session Step 2: The trusted site stores a session identifier for the session in a cookie in the web browser Step 3: The user is tricked to visit a malicious site Step 4: the malicious site sends a request from the user's browser using his session cookie

  A. Web Application Denial-of-Service (DoS) Attack
  B. Cross-Site Scripting (XSS) Attacks
  C. Cross-Site Request Forgery (CSRF) Attack
  D. Hidden Field Manipulation Attack
  C. Cross-Site Request Forgery (CSRF) Attack

• Question 365:

  Jason is the security administrator of ACMA metal Corporation. One day he notices the company's Oracle database server has been compromised and the customer information along with financial data has been stolen. The financial loss will be in millions of dollars if the database gets into the hands of the competitors. Jason wants to report this crime to the law enforcement agencies immediately.

  Which organization coordinates computer crimes investigations throughout the United States?

  A. Internet Fraud Complaint Center
  B. Local or national office of the U.S. Secret Service
  C. National Infrastructure Protection Center
  D. CERT Coordination Center
  B. Local or national office of the U.S. Secret Service

• Question 366:

  Wireless access control attacks aim to penetrate a network by evading WLAN access control measures such as AP MAC filters and Wi-Fi port access controls. Which of the following wireless access control attacks allow the attacker to set up a rogue access point outside the corporate perimeter and then lure the employees of the organization to connect to it?

  A. Ad hoc associations
  B. Client mis-association
  C. MAC spoofing
  D. Rogue access points
  B. Client mis-association

• Question 367:

  In a recent cybercrime investigation, a forensic analyst found that the suspect had used anti-forensic techniques to complicate the investigationprocess. The criminal had been working to erase data, manipulate metadata, and employ encryption, which made the investigation significantlymore complex.

  Which of the following scenarios would indicate that the suspect had overwritten data and metadata in an attempt to evadeinvestigation?

  A. The investigator detects that the suspect used VeraCrypt for full-volume encryption to protect critical files
  B. AnalyzeMFT tool reveals inconsistencies between $STANDARD_INFORMATION and $FILE_NAME attributes in the NTFS file system
  C. The investigator finds the disk has been completely formatted, wiping its address tables and unlinking all files in the file system
  D. The investigator finds the majority of the hard drive's sectors contain the null character, indicating usage of disk wiping utilities
  D. The investigator finds the majority of the hard drive's sectors contain the null character, indicating usage of disk wiping utilities

• Question 368:

  Gary is checking for the devices connected to USB ports of a suspect system during an investigation. Select the appropriate tool that will help him document all the connected devices.

  A. DevScan
  B. Devcon
  C. fsutil
  D. Reg.exe
  B. Devcon

• Question 369:

  While looking through the IIS log file of a web server, you find the following entries:

  

  What is evident from this log file?

  A. Web bugs
  B. Cross site scripting
  C. Hidden fields
  D. SQL injection is possible
  D. SQL injection is possible

• Question 370:

  What is the name of the Standard Linux Command that is also available as windows application that can be used to create bit-stream images?

  A. mcopy
  B. image
  C. MD5
  D. dd
  D. dd