EC-COUNCIL 312-49V9 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-49V9 Online Questions & Answers

• Question 191:

  When making the preliminary investigations in a sexual harassment case, how many investigators are you recommended having?

  A. One
  B. Two
  C. Three
  D. Four
  B. Two

• Question 192:

  Using Linux to carry out a forensics investigation, what would the following command accomplish? dd if=/usr/home/partition.image of=/dev/sdb2 bs=4096 conv=notrunc,noerror

  A. Search for disk errors within an image file
  B. Backup a disk to an image file
  C. Copy a partition to an image file
  D. Restore a disk from an image file
  D. Restore a disk from an image file

• Question 193:

  Ever-changing advancement or mobile devices increases the complexity of mobile device examinations. Which or the following is an appropriate action for the mobile forensic investigation?

  A. To avoid unwanted interaction with devices found on the scene, turn on any wireless interfaces such as Bluetooth and Wi-Fi radios
  B. Do not wear gloves while handling cell phone evidence to maintain integrity of physical evidence
  C. If the device's display is ON. the screen's contents should be photographed and, if necessary, recorded manually, capturing the time, service status, battery level, and other displayed icons
  D. If the phone is in a cradle or connected to a PC with a cable, then unplug the device from the computer
  C. If the device's display is ON. the screen's contents should be photographed and, if necessary, recorded manually, capturing the time, service status, battery level, and other displayed icons

• Question 194:

  First responder is a person who arrives first at the crime scene and accesses the victim's computer system after the incident. He or She is responsible for protecting, integrating, and preserving the evidence obtained from the crime scene. Which of the following is not a role of first responder?

  A. Identify and analyze the crime scene
  B. Protect and secure the crime scene
  C. Package and transport the electronic evidence to forensics lab
  D. Prosecute the suspect in court of law
  D. Prosecute the suspect in court of law

• Question 195:

  What is a chain of custody?

  A. A legal document that demonstrates the progression of evidence as it travels from the original evidence location to the forensic laboratory
  B. It is a search warrant that is required for seizing evidence at a crime scene
  C. It Is a document that lists chain of windows process events
  D. Chain of custody refers to obtaining preemptive court order to restrict further damage of evidence in electronic seizures
  A. A legal document that demonstrates the progression of evidence as it travels from the original evidence location to the forensic laboratory

• Question 196:

  How do you define forensic computing?

  A. It is the science of capturing, processing, and investigating data security incidents and making it acceptable to a court of law.
  B. It is a methodology of guidelines that deals with the process of cyber investigation
  C. It Is a preliminary and mandatory course necessary to pursue and understand fundamental principles of ethical hacking
  D. It is the administrative and legal proceeding in the process of forensic investigation
  A. It is the science of capturing, processing, and investigating data security incidents and making it acceptable to a court of law.

• Question 197:

  ____________________ is simply the application of Computer Investigation and analysis techniques in the interests of determining potential legal evidence.

  A. Network Forensics
  B. Computer Forensics
  C. Incident Response
  D. Event Reaction
  B. Computer Forensics

• Question 198:

  You are working as an independent computer forensics investigator and receive a call from a systems administrator for a local school system requesting your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer Lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a implePC in the Computer Lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a ?imple backup copy?of the hard drive in the PC and put it on this drive and requests that you examine the drive for evidence of the suspected images. You inform him that a imple backup copy?will not provide deleted files or recover file fragments. What type of copy do you need to make toYou inform him that a ?imple backup copy?will not provide deleted files or recover file fragments. What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceedings?

  A. Bit-stream copy
  B. Robust copy
  C. Full backup copy
  D. Incremental backup copy
  A. Bit-stream copy

• Question 199:

  Madison is on trial for allegedly breaking into her university internal network. The police raided her dorm room and seized all of her computerMadison is on trial for allegedly breaking into her university? internal network. The police raided her dorm room and seized all of her computer equipment. Madison lawyer is trying to convince the judge that the seizure was unfounded and baseless. Under which US Amendment isequipment. Madison? lawyer is trying to convince the judge that the seizure was unfounded and baseless. Under which US Amendment is Madison lawyer trying to prove the police violated?Madison? lawyer trying to prove the police violated?

  A. The 10th Amendment
  B. The 5th Amendment
  C. The 1st Amendment
  D. The 4th Amendment
  D. The 4th Amendment

• Question 200:

  When searching through file headers for picture file formats, what should be searched to find a JPEG file in hexadecimal format?

  A. FF D8 FF E0 00 10
  B. FF FF FF FF FF FF
  C. FF 00 FF 00 FF 00
  D. EF 00 EF 00 EF 00
  A. FF D8 FF E0 00 10