EC-COUNCIL 312-49V10 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-49V10 Online Questions & Answers

• Question 621:

  What does mactime, an essential part of the coroner's toolkit do?

  A. It traverses the file system and produces a listing of all files based on the modification, access and change timestamps
  B. It can recover deleted file space and search it for data. However, it does not allow the investigator to preview them
  C. The tools scans for i-node information, which is used by other tools in the tool kit
  D. It is too specific to the MAC OS and forms a core component of the toolkit
  A. It traverses the file system and produces a listing of all files based on the modification, access and change timestamps

• Question 622:

  Jason has set up a honeypot environment by creating a DMZ that has no physical or logical access to his production network. In this honeypot, he has placed a server running Windows Active Directory. He has also placed a Web server in the DMZ that services a number of web pages that offer visitors a chance to download sensitive information by clicking on a button. A week later, Jason finds in his network logs how an intruder accessed the honeypot and downloaded sensitive information. Jason uses the logs to try and prosecute the intruder for stealing sensitive corporate information. Why will this not be viable?

  A. Enticement
  B. Entrapment
  C. Intruding into ahoneypot is not illegal
  D. Intruding into a DMZ is not illegal
  B. Entrapment

• Question 623:

  You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet.

  What is the recommended architecture in terms of server placement?

  A. All three servers need to be placed internally
  B. A web server and the database server facing the Internet, an application server on the internal network
  C. A web server facing the Internet, an application server on the internal network, a database server on the internal network
  D. All three servers need to face the Internet so that they can communicate between themselves
  D. All three servers need to face the Internet so that they can communicate between themselves

• Question 624:

  A cybersecurity forensics investigator is tasked with acquiring data from a suspect's drive for a civil litigation case. The suspect drive is 1TB, and due to time constraints, the investigator decides to prioritize and acquire only data of evidentiary value. The original drive cannot be retained.

  In this context, which of the following steps should the investigator prioritize?

  A. Opt for disk-to-image copying for the large suspect drive
  B. Execute logical acquisition considering the one-time opportunity to capture data
  C. Utilize DriveSpace or DoubleSpace to reduce the data size
  D. Use a reliable data acquisition tool to make a copy of the original drive
  B. Execute logical acquisition considering the one-time opportunity to capture data

• Question 625:

  In the following directory listing,

  

  which file should be used to restore archived email messages for someone using Microsoft Outlook?

  A. Outlook bak
  B. Outlook ost
  C. Outlook NK2
  D. Outlook pst
  D. Outlook pst

• Question 626:

  A call detail record (CDR) provides metadata about calls made over a phone service. From the following data fields, which one is not contained in a CDR.

  A. A unique sequence number identifying the record
  B. The call duration
  C. Phone number receiving the call
  D. The language of the call
  D. The language of the call

• Question 627:

  A Computer Hacking Forensic Investigator (CHFI) is trying to identify a hidden data leak happening through seemingly benign PDF documentssent from a corporate network. While examining a suspicious PDF, he discovers a series of unexpected objects in the file's body.

  Given thefollowing hex signatures of various file formats: JPEG (0xffd8), BMP (0x424d), GIF (0x474946), and PNG (0x89504e), which of the followingactions should he take next?

  A. Search for the existence of the hex signature 0x89504e in the PDF's body as a PNC could be embedded
  B. Check for the existence of the hex signature 0xffd8 in the PDF's body as a JPEG could be hidden
  C. Examine the cross-reference table (xref table) for any unusual links to objects
  D. Verify if the PDF document ends with the %EOF value
  B. Check for the existence of the hex signature 0xffd8 in the PDF's body as a JPEG could be hidden

• Question 628:

  Jack is reviewing file headers to verify the file format and hopefully find more information of the file. After a careful review of the data chunks through a hex editor, Jack finds the binary value 0xffd8ff. Based on the above information, what type of format is the file/image saved as?

  A. BMP
  B. ASCII
  C. JPEG
  D. GIF
  C. JPEG

• Question 629:

  Simona has written a regular expression for the detection of web application-specific attack attempt that reads as /((\%3C)|<)((\%2F)| V)*[a-z0- 9\%]+((\%3E)|>)/ix. Which of the following does the part ((\%3E)|>) look for?

  A. Forward slash for a closing tag or its hex equivalent
  B. Alphanumeric string or its hex equivalent
  C. Closing angle bracket or its hex equivalent
  D. Opening angle bracket or its hex equivalent
  C. Closing angle bracket or its hex equivalent

• Question 630:

  Which of the following files stores information about local Dropbox installation and account, email IDs linked with the account, current version/build for the local application, the host_id, and local path information?

  A. host.db
  B. sigstore.db
  C. config.db
  D. filecache.db
  C. config.db