EC-COUNCIL 312-49V10 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-49V10 Online Questions & Answers

• Question 831:

  Wireless network discovery tools use two different methodologies to detect, monitor and log a WLAN device (i.e. active scanning and passive scanning). Active scanning methodology involves ____________and waiting for responses from available wireless networks.

  A. Broadcasting a probe request frame
  B. Sniffing the packets from the airwave
  C. Scanning the network
  D. Inspecting WLAN and surrounding networks
  A. Broadcasting a probe request frame

• Question 832:

  Which of the following password cracking techniques works like a dictionary attack, but adds some numbers and symbols to the words from the dictionary and tries to crack the password?

  A. Brute forcing attack
  B. Hybrid attack
  C. Syllable attack
  D. Rule-based attack
  B. Hybrid attack

• Question 833:

  As a Computer Hacking Forensic Investigator, you are analysing a system with a UEFI boot process underway. You have reached the Boot Device Selection phase, and you notice that the system is attempting to load MBR boot code into memory.

  What can you infer from this?

  A. The system is transitioning to the DXE phase
  B. The system is stuck in the Pre-EFI initialization phase
  C. The system follows a UEFI boot process
  D. The system is going through a legacy BIOS boot process
  D. The system is going through a legacy BIOS boot process

• Question 834:

  Which layer of iOS architecture should a forensics investigator evaluate to analyze services such as Threading, File Access, Preferences, Networking and high-level features?

  A. Core Services
  B. Media services
  C. Cocoa Touch
  D. Core OS
  D. Core OS

• Question 835:

  Where is the default location for Apache access logs on a Linux computer?

  A. usr/local/apache/logs/access_log
  B. bin/local/home/apache/logs/access_log
  C. usr/logs/access_log
  D. logs/usr/apache/access_log
  A. usr/local/apache/logs/access_log

• Question 836:

  Which one of the following statements is not correct while preparing for testimony?

  A. Go through the documentation thoroughly
  B. Do not determine the basic facts of the case before beginning and examining the evidence
  C. Establish early communication with the attorney
  D. Substantiate the findings with documentation and by collaborating with other computer forensics professionals
  B. Do not determine the basic facts of the case before beginning and examining the evidence

• Question 837:

  FAT32 is a 32-bit version of FAT file system using smaller clusters and results in efficient storage capacity. What is the maximum drive size supported?

  A. 1 terabytes
  B. 2 terabytes
  C. 3 terabytes
  D. 4 terabytes
  B. 2 terabytes

• Question 838:

  When is it appropriate to use computer forensics?

  A. If copyright and intellectual property theft/misuse has occurred
  B. f employees do not care for their boss’s management techniques
  C. If sales drop off for no apparent reason for an extended period of time
  D. If a financial institution is burglarized by robbers
  A. If copyright and intellectual property theft/misuse has occurred

• Question 839:

  Which of the following approaches checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or multiple fields?

  A. Graph-based approach
  B. Neural network-based approach
  C. Rule-based approach
  D. Automated field correlation approach
  D. Automated field correlation approach

• Question 840:

  Volatile information can be easily modified or lost when the system is shut down or rebooted. It helps to determine a logical timeline of the security incident and the users who would be responsible.

  A. True
  B. False
  A. True