EC-COUNCIL 312-49V10 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-49V10 Online Questions & Answers

• Question 601:

  Which of the following statement is not correct when dealing with a powered-on computer at the crime scene?

  A. If a computer is switched on and the screen is viewable, record the programs running on screen and photograph the screen
  B. If a computer is on and the monitor shows some picture or screen saver, move the mouse slowly without depressing any mouse button and take a photograph of the screen and record the information displayed
  C. If a monitor is powered on and the display is blank, move the mouse slowly without depressing any mouse button and take a photograph
  D. If the computer is switched off. power on the computer to take screenshot of the desktop
  D. If the computer is switched off. power on the computer to take screenshot of the desktop

• Question 602:

  Select the tool appropriate for finding the dynamically linked lists of an application or malware.

  A. SysAnalyzer
  B. ResourcesExtract
  C. PEiD
  D. Dependency Walker
  D. Dependency Walker

• Question 603:

  Why is it still possible to recover files that have been emptied from the Recycle Bin on a Windows computer?

  A. The data is still present until the original location of the file is used
  B. The data is moved to the Restore directory and is kept there indefinitely
  C. The data will reside in the L2 cache on a Windows computer until it is manually deleted
  D. It is not possible to recover data that has been emptied from the Recycle Bin
  A. The data is still present until the original location of the file is used

• Question 604:

  When investigating a potential e-mail crime, what is your first step in the investigation?

  A. Trace the IP address to its origin
  B. Write a report
  C. Determine whether a crime was actually committed
  D. Recover the evidence
  A. Trace the IP address to its origin

• Question 605:

  Which of the following standard is based on a legal precedent regarding the admissibility of scientific examinations or experiments in legal cases?

  A. Daubert Standard
  B. Schneiderman Standard
  C. Frye Standard
  D. FERPA standard
  C. Frye Standard

• Question 606:

  The information security manager at a national legal firm has received several alerts from the intrusion detection system that a known attack signature was detected against the organization's file server. What should the information security manager do first?

  A. Disconnect the file server from the network
  B. Update the anti-virus definitions on the file server
  C. Report the incident to senior management
  D. Manually investigate to verify that an incident has occurred
  D. Manually investigate to verify that an incident has occurred

• Question 607:

  Which of the following statements is incorrect related to acquiring electronic evidence at crime scene?

  A. Sample banners are used to record the system activities when used by the unauthorized user
  B. In warning banners, organizations give clear and unequivocal notice to intruders that by signing onto the system they are expressly consenting to such monitoring
  C. The equipment is seized which is connected to the case, knowing the role of the computer which will indicate what should be taken
  D. At the time of seizing process, you need to shut down the computer immediately
  D. At the time of seizing process, you need to shut down the computer immediately

• Question 608:

  When investigating a system, the forensics analyst discovers that malicious scripts were injected into benign and trusted websites. The attacker used a web application to send malicious code, in the form of a browser side script, to a different end-user. What attack was performed here?

  A. SQL injection attack
  B. Cookie poisoning attack
  C. Cross-site scripting attack
  D. Brute-force attack
  C. Cross-site scripting attack

• Question 609:

  After attending a CEH security seminar, you make a list of changes you would like to perform on your network to increase its security. One of the first things you change is to switch the RestrictAnonymous setting from 0 to 1 on your servers. This, as you were told, would prevent anonymous users from establishing a null session on the server.

  Using Userinfo tool mentioned at the seminar, you succeed in establishing a null session with one of the servers. Why is that?

  A. RestrictAnonymous must be set to "2" for complete security
  B. There is no way to always prevent an anonymous null session from establishing
  C. RestrictAnonymous must be set to "10" for complete security
  D. RestrictAnonymous must be set to "3" for complete security
  A. RestrictAnonymous must be set to "2" for complete security

• Question 610:

  A multinational company has recently fallen victim to a severe cyberattack. As part of the incident response team, you are analyzing the Apache web server logs to track the attacker s activities. You notice that modifications are made to the HTTP.REQUEST component of the Apache core, suggesting changes in request handling.

  To discern the type of modifications made, which of the following elements of the Apache web server architecture would you focus on examining?

  A. Apache modules: To uncover extended functionalities that may have been tampered with
  B. http_protocol module: To identify the client and server data exchange details
  C. http_config module: To check alterations in configuration files and modules management
  D. http_main module: To identify server startups and timeouts
  A. Apache modules: To uncover extended functionalities that may have been tampered with