What must an investigator do before disconnecting an iPod from any type of computer?
A. Unmount the iPod
B. Mount the iPod
C. Disjoin the iPod
D. Join the iPod
In the context of file deletion process, which of the following statement holds true?
A. When files are deleted, the data is overwritten and the cluster marked as available
B. The longer a disk is in use, the less likely it is that deleted files will be overwritten
C. While booting, the machine may create temporary files that can delete evidence
D. Secure delete programs work by completely overwriting the file in one go
What is the smallest physical storage unit on a hard drive?
A. Track
B. Cluster
C. Sector
D. Platter
Which legal document allows law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime?
A. Search warrant
B. Subpoena
C. Wire tap
D. Bench warrant
What term is used to describe a cryptographic technique for embedding information into something else for the sole purpose of hiding that information from the casual observer?
A. Key escrow
B. Steganography
C. Rootkit
D. Offset
John is working on his company policies and guidelines. The section he is currently working on covers company documents; how they shouldJohn is working on his company? policies and guidelines. The section he is currently working on covers company documents; how they should be handled, stored, and eventually destroyed. John is concerned about the process whereby outdated documents are destroyed. What type of shredder should John write in the guidelines to be used when destroying documents?
A. Strip-cut shredder
B. Cross-cut shredder
C. Cross-hatch shredder
D. Cris-cross shredder
What will the following command accomplish? dd if=/dev/xxx of=mbr.backup bs=512 count=1
A. Back up the master boot record
B. Restore the master boot record
C. Mount the master boot record on the first partition of the hard drive
D. Restore the first 512 bytes of the first partition of the hard drive
When making the preliminary investigations in a sexual harassment case, how many investigators are you recommended having?
A. One
B. Two
C. Three
D. Four
When investigating a network that uses DHCP to assign IP addresses, where would you look to determine which system (MAC address) had a specific IP address at a specific time?
A. On the individual computer ARP cacheOn the individual computer? ARP cache
B. In the Web Server log files
C. In the DHCP Server log files
D. There is no way to determine the specific IP address
What method of copying should always be performed first before carrying out an investigation?
A. Parity-bit copy
B. Bit-stream copy
C. MS-DOS disc copy
D. System level copy
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.