EC-COUNCIL 312-49V9 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-49V9 Online Questions & Answers

• Question 221:

  John and Hillary works at the same department in the company. John wants to find out Hillary's network password so he can take a look at her documents on the file server. He enables Lophtcrack program to sniffing mode. John sends Hillary an email with a link to Error! Reference source not found. What information will he be able to gather from this?

  A. The SID of Hillary network account
  B. The SAM file from Hillary computer
  C. The network shares that Hillary has permissions
  D. Hillary network username and password hash
  D. Hillary network username and password hash

• Question 222:

  Data Acquisition is the process of imaging or otherwise obtaining information from a digital device and its peripheral equipment and media

  A. True
  B. False
  A. True

• Question 223:

  What should you do when approached by a reporter about a case that you are working on or have worked on?

  A. Refer the reporter to the attorney that retained you
  B. Say, o comment?Say, ?o comment
  C. Answer all the reporter questions as completely as possibleAnswer all the reporter? questions as completely as possible
  D. Answer only the questions that help your case
  B. Say, o comment?Say, ?o comment

• Question 224:

  You are called by an author who is writing a book and he wants to know how long the copyright for his book will last after he has the book published?

  A. 70 years
  B. The life of the author
  C. The life of the author plus 70 years
  D. Copyrights last forever
  C. The life of the author plus 70 years

• Question 225:

  What technique is used by JPEGs for compression?

  A. ZIP
  B. TCD
  C. DCT
  D. TIFF-8
  C. DCT

• Question 226:

  A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker . Given below is an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by studying the log. Please note that you are required to infer only what is explicit in the excerpt. (Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.) 03/15-20:21:24.107053 211.185.125.124:3500 -> 172.16.1.108:111 TCP TTL:43 TOS:0x0 ID:29726 IpLen:20 DgmLen:52 DF ***A**** Seq: 0x9B6338C5 Ack: 0x5820ADD0 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 23678634 2878772 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= +=

  03/15-20:21:24.452051 211.185.125.124:789 -> 172.16.1.103:111 UDP TTL:43 TOS:0x0 ID:29733 IpLen:20 DgmLen:84 Len: 64

  01 0A 8A 0A 00 00 00 00 00 00 00 02 00 01 86 A0 ................

  00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 00 ................

  00 00 00 00 00 00 00 00 00 01 86 B8 00 00 00 01 ................

  00 00 00 11 00 00 00 00 ........

  =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= +=

  03/15-20:21:24.730436 211.185.125.124:790 -> 172.16.1.103:32773

  UDP TTL:43 TOS:0x0 ID:29781 IpLen:20 DgmLen:1104

  Len: 1084

  47 F7 9F 63 00 00 00 00 00 00 00 02 00 01 86 B8 G..c............

  00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 20 ...............

  3A B1 5E E5 00 00 00 09 6C 6F 63 61 6C 68 6F 73 :.^.....localhost

  =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= +=+=+

  03/15-20:21:36.539731 211.185.125.124:4450 -> 172.16.1.108:39168

  TCP TTL:43 TOS:0x0 ID:31660 IpLen:20 DgmLen:71 DF

  ***AP*** Seq: 0x9C6D2BFF Ack: 0x59606333 Win: 0x7D78 TcpLen: 32

  TCP Options (3) => NOP NOP TS: 23679878 2880015

  63 64 20 2F 3B 20 75 6E 61 6D 65 20 2D 61 3B 20 cd /; uname -a;

  69 64 3B id;

  A. The attacker has conducted a network sweep on port 111
  B. The attacker has scanned and exploited the system using Buffer Overflow
  C. The attacker has used a Trojan on port 32773
  D. The attacker has installed a backdoor
  A. The attacker has conducted a network sweep on port 111

• Question 227:

  Which of the following is not a part of data acquisition forensics Investigation?

  A. Permit only authorized personnel to access
  B. Protect the evidence from extremes in temperature
  C. Work on the original storage medium not on the duplicated copy
  D. Disable all remote access to the system
  C. Work on the original storage medium not on the duplicated copy

• Question 228:

  When marking evidence that has been collected with the aa/ddmmyy/nnnn/zz?format, what does the nnn?denote?When marking evidence that has been collected with the ?aa/ddmmyy/nnnn/zz?format, what does the ?nnn?denote?

  A. The year the evidence was taken
  B. The sequence number for the parts of the same exhibit
  C. The initials of the forensics analyst
  D. The sequential number of the exhibits seized
  D. The sequential number of the exhibits seized

• Question 229:

  In handling computer-related incidents, which IT role should be responsible for recovery, containment, and prevention to constituents?

  A. Security Administrator
  B. Network Administrator
  C. Director of Information Technology
  D. Director of Administration
  B. Network Administrator

• Question 230:

  How do you define Technical Steganography?

  A. Steganography that uses physical or chemical means to hide the existence of a message
  B. Steganography that utilizes written natural language to hide the message in the carrier in some non-obvious ways
  C. Steganography that utilizes written JAVA language to hide the message in the carrier in some non-obvious ways
  D. Steganography that utilizes visual symbols or signs to hide secret messages
  A. Steganography that uses physical or chemical means to hide the existence of a message