EC-COUNCIL 312-49V10 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-49V10 Online Questions & Answers

• Question 901:

  Derrick, a forensic specialist, was investigating an active computer that was executing various processes. Derrick wanted to check whether this system was used in an incident that occurred earlier. He started inspecting and gathering the contents of RAM, cache, and DLLs to identify incident signatures. Identify the data acquisition method employed by Derrick in the above scenario.

  A. Dead data acquisition
  B. Non-volatile data acquisition
  C. Static data acquisition
  D. Live data acquisition
  D. Live data acquisition

• Question 902:

  Which of the following processes is part of the dynamic malware analysis?

  A. Process Monitoring
  B. Malware disassembly
  C. Searching for the strings
  D. File fingerprinting
  A. Process Monitoring

• Question 903:

  Microsoft Security IDs are available in Windows Registry Editor. The path to locate IDs in Windows 7 is:

  A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion \ProfileList
  B. HKEY_LOCAL_MACHlNE\SOFTWARE\Microsoft\Windows NT\CurrentVersion \NetworkList
  C. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentsVersion \setup
  D. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule
  A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion \ProfileList

• Question 904:

  An investigator is checking a Cisco firewall log that reads as follows:

  Aug 21 2019 09:16:44: %ASA-1 -106021: Deny ICMP reverse path check from 10.0.0.44 to 10.0.0.33 on interface outside

  What does %ASA-1-106021 denote?

  A. Type of request
  B. Mnemonic message
  C. Firewall action
  D. Type of traffic
  B. Mnemonic message

• Question 905:

  What is the name of the standard Linux command that can be used to create bit-stream images?

  A. mcopy
  B. image
  C. MD5
  D. dd
  D. dd

• Question 906:

  When NTFS Is formatted, the format program assigns the __________ sectors to the boot sectors and to the bootstrap code

  A. First 12
  B. First 16
  C. First 22
  D. First 24
  B. First 16

• Question 907:

  After undergoing an external IT audit, George realizes his network is vulnerable to DDoS attacks. What countermeasures could he take to prevent DDoS attacks?

  A. Enable BGP
  B. Enable direct broadcasts
  C. Disable BGP
  D. Disable direct broadcasts
  D. Disable direct broadcasts

• Question 908:

  You are the security analyst working for a private company out of France. Your current assignment is to obtain credit card information from a Swiss bank owned by that company. After initial reconnaissance, you discover that the bank security defenses are very strong and would take too long to penetrate. You decide to get the information by monitoring the traffic between the bank and one of its subsidiaries in London. After monitoring some of the traffic, you see a lot of FTP packets traveling back and forth. You want to sniff the traffic and extract usernames and passwords.

  What tool could you use to get this information?

  A. Snort
  B. Airsnort
  C. Ettercap
  D. RaidSniff
  C. Ettercap

• Question 909:

  An investigator is analyzing a checkpoint firewall log and comes across symbols. What type of log is he looking at?

  

  A. Security event was monitored but not stopped
  B. Malicious URL detected
  C. An email marked as potential spam
  D. Connection rejected
  C. An email marked as potential spam

• Question 910:

  MAC filtering is a security access control methodology, where a ___________ is assigned to each network card to determine access to the network

  A. 16-bit address
  B. 24-bit address
  C. 32-bit address
  D. 48-bit address
  D. 48-bit address