Which of the following tool captures and allows you to interactively browse the traffic on a network?
A. Security Task ManagerRecently, an internal web app that a government agency utilizes has become unresponsive. Betty, a network engineer for the government agency, has been tasked to determine the cause of the web application's unresponsiveness. Betty launches Wireshark and begins capturing the traffic on the local network. While analyzing the results, Betty noticed that a syn flood attack was underway.
How did Betty know a syn flood attack was occurring?
A. Wireshark capture does not show anything unusual and the issue is related to the web applicationWatson, a forensic investigator, is examining a copy of an ISO file stored in CDFS format. What type of evidence is this?
A. Data from a CD copied using WindowsWhich Linux command when executed displays kernel ring buffers or information about device drivers loaded into the kernel?
A. pgrepBilly, a computer forensics expert, has recovered a large number of DBX files during forensic investigation of a laptop. Which of the following email clients he can use to analyze the DBX files?
A. Microsoft OutlookDamaged portions of a disk on which no read/Write operation can be performed is known as ______________.
A. Lost sectorYou are a forensic investigator who is analyzing a hard drive that was recently collected as evidence. You have been unsuccessful at locating any meaningful evidence within the file system and suspect a drive wiping utility may have been used. You have reviewed the keys within the software hive of the Windows registry and did not find any drive wiping utilities.
How can you verify that drive wiping software was used on the hard drive?
A. Check the list of installed programsA forensic investigator encounters a suspicious executable on a compromised system, believed to be packed using a known program packer, andis password-protected. The investigator has knowledge of the tool used for packing and has the corresponding unpacking tool.
What should be the next best course of action to examine the executable?
A. Use the unpacking tool to decompress the executable, without dealing with the passwordIn a situation where an investigator needs to acquire volatile data from a live Linux system, the physical access to the suspect machine is either restricted or unavailable. Which of the following steps will be the most suitable approach to perform this task?
A. The investigator should use the Belkasoft Live RAM Capturer on the forensic workstation, then remotely execute the tool on the suspect machine to acquire the RAM imageAn investigator has been tasked to analyze a suspicious executable file potentially containing malware. She uses a static analysis method to examine the file. Which step below should she NOT include as part of her static malware analysis process?
A. Running the executable in a sandboxed environment to observe its behaviorNowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.