EC-COUNCIL EC-COUNCIL Certifications 312-49V10 Questions & Answers

• Question 561:

  George was recently fired from his job as an IT analyst at Pitts and Company in Dallas Texas. His main duties as an analyst were to support the company Active Directory structure and to create network polices. George now wants to break into the company network by cracking some ofcompany? Active Directory structure and to create network polices. George now wants to break into the company? network by cracking some of the service accounts he knows about. Which password cracking technique should George use in this situation?

  A. Brute force attack

  B. Syllable attack

  C. Rule-based attack

  D. Dictionary attack

  Correct Answer: C

• Question 562:

  Where does Encase search to recover NTFS files and folders?

  A. MBR

  B. MFT

  C. Slack space

  D. HAL

  Correct Answer: B

• Question 563:

  When carrying out a forensics investigation, why should you never delete a partition on a dynamic disk?

  A. All virtual memory will be deleted

  B. The wrong partition may be set to active

  C. This action can corrupt the disk

  D. The computer will be set in a constant reboot state

  Correct Answer: C

• Question 564:

  In the following directory listing, which file should be used to restore archived email messages for someone using Microsoft Outlook?

  

  A. Outlook bak

  B. Outlook ost

  C. Outlook NK2

  D. Outlook pst

  Correct Answer: D

• Question 565:

  When should an MD5 hash check be performed when processing evidence?

  A. After the evidence examination has been completed

  B. On an hourly basis during the evidence examination

  C. Before and after evidence examination

  D. Before the evidence examination has been completed

  Correct Answer: C

• Question 566:

  What must be obtained before an investigation is carried out at a location?

  A. Search warrant

  B. Subpoena

  C. Habeas corpus

  D. Modus operandi

  Correct Answer: A

• Question 567:

  The offset in a hexadecimal code is:

  A. The 0x at the beginning of the code

  B. The 0x at the end of the code

  C. The first byte after the colon

  D. The last byte after the colon

  Correct Answer: A

• Question 568:

  An investigator is searching through the firewall logs of a company and notices ICMP packets that are larger than 65,536 bytes. What type of activity is the investigator seeing?

  A. Smurf

  B. Ping of death

  C. Fraggle

  D. Nmap scan

  Correct Answer: B

• Question 569:

  Davidson Trucking is a small transportation company that has three local offices in Detroit Michigan. Ten female employees that work for the company have gone to an attorney reporting that male employees repeatedly harassed them and that management did nothing to stop the problem. Davidson has employee policies that outline all company guidelines, including awareness on harassment and how it will not be tolerated. When the case is brought to court, whom should the prosecuting attorney call upon for not upholding company policy?

  A. IT personnel

  B. Employees themselves

  C. Supervisors

  D. Administrative assistant in charge of writing policies

  Correct Answer: C

• Question 570:

  An employee is attempting to wipe out data stored on a couple of compact discs (CDs) and digital video discs (DVDs) by using a large magnet. You inform him that this method will not be effective in wiping out the data because CDs and DVDs are _________ media used to store large amounts of data and are not affected by the magnet.

  A. Magnetic

  B. Optical

  C. Anti-Magnetic

  D. Logical

  Correct Answer: B