EC-COUNCIL 312-49V10 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-49V10 Online Questions & Answers

• Question 711:

  In the context of cybercrime investigations, when the crime perpetrator uses an anonymity tool like Tor Browser to perform illicit activities, the investigator encounters a significant challenge. Considering the scenario, which of the following would best describe the difficulty faced by the investigator?

  A. The investigator cannot legally access the data without proper authorization and warrants
  B. The investigator is limited by the jurisdiction in which they can carry out their investigation
  C. The investigator struggles with the speed of accessing and interpreting data
  D. The investigator cannot reliably trace the source of the criminal activity
  D. The investigator cannot reliably trace the source of the criminal activity

• Question 712:

  All the Information about the user activity on the network, like details about login and logoff attempts, is collected in the security log of the computer. When a user's login is successful, successful audits generate an entry whereas unsuccessful audits generate an entry for failed login attempts in the logon event ID table.

  In the logon event ID table, which event ID entry (number) represents a successful logging on to a computer?

  A. 528
  B. 529
  C. 530
  D. 531
  A. 528

• Question 713:

  Frank, a cloud administrator in his company, needs to take backup of the OS disks of two Azure VMs that store business-critical data. Which type of Azure blob storage can he use for this purpose?

  A. Append blob
  B. Medium blob
  C. Block blob
  D. Page blob
  D. Page blob

• Question 714:

  A security firm investigating an IoT-based cybercrime involving an Android smartwatch found on the crime scene. The smartwatch is suspected of capturing sensitive information such as PINs and passwords through motion sensors and GPS tracking. The paired smartphone is not available.

  Which of the following steps should the investigator undertake first to proceed with the forensics process effectively?

  A. Extract data from the smartwatch's memory before it gets volatile
  B. Identify APIs like Data API, Message API, and Node API on the smartwatch
  C. Generate forensic images of the evidence found on the crime scene
  D. Look for cloud data and mobile data linked to the smartwatch
  A. Extract data from the smartwatch's memory before it gets volatile

• Question 715:

  What document does the screenshot represent?

  

  A. Expert witness form
  B. Search warrant form
  C. Chain of custody form
  D. Evidence collection form
  C. Chain of custody form

• Question 716:

  Adam, a forensic investigator, is investigating an attack on Microsoft Exchange Server of a large organization. As the first step of the investigation, he examined the PRIV.EDB file and found the source from where the mail originated and the name of the file that disappeared upon execution.

  Now, he wants to examine the MIME stream content. Which of the following files is he going to examine?

  A. PRIV.STM
  B. gwcheck.db
  C. PRIV.EDB
  D. PUB.EDB
  A. PRIV.STM

• Question 717:

  A CHFI expert creates a forensics image of a pen drive using AccessData FTK Imager during a computer forensics investigation. The investigator uses The Sleuth Kit (TSK) to examine an ext4 file system on a Linux disk image and suspects data tampering. The expert decides to verify inode metadata for a critical file. However, he notes an unexpected block allocation in the inode details.

  Which TSK command-line tool and argument should the investigator utilize to examine the addresses of all allocated disk units for the suspicious inode?

  A. fsstat -f ext4
  B. img_stat -i raw
  C. fls -o imgoffset
  D. istat -B num
  D. istat -B num

• Question 718:

  Computer security logs contain information about the events occurring within an organization's systems and networks. Application and Web server log files are useful in detecting web attacks. The source, nature, and time of the attack can be determined by _________of the compromised system.

  A. Analyzing log files
  B. Analyzing SAM file
  C. Analyzing rainbow tables
  D. Analyzing hard disk boot records
  A. Analyzing log files

• Question 719:

  As a Computer Hacking Forensic Investigator (CHFI). you are investigating a possible breach on a web application protected by a Web Application Firewall (WAF). You notice some logs on the WAF that suggest there were some repeated attempts to bypass the SQL injection protection. After inspecting the web server and MySQL database you Find no indications of data manipulation. You then decide to delve deeper and examine the database server logs.

  Which of the following would you most likely infer if you notice a log entry indicating a query command as "1' OR `1'=`1'; -- "?

  A. The WAF successfully blocked the SQL injection attempt and no unauthorized data manipulation occurred
  B. There was a successful SQL injection, and unauthorized data manipulation likely occurred
  C. The SQL injection attempt was unsuccessful, as it is an incorrect syntax for bypassing WAF SQL injection protection.
  D. The WAF failed to detect the SQL injection attempt, but MySQL's built-in protections prevented data manipulation.
  B. There was a successful SQL injection, and unauthorized data manipulation likely occurred

• Question 720:

  Which cloud model allows an investigator to acquire the instance of a virtual machine and initiate the forensics examination process?

  A. PaaS model
  B. IaaS model
  C. SaaS model
  D. SecaaS model
  B. IaaS model