EC-COUNCIL Certified Ethical Hacker 312-49V9 Questions & Answers

• Question 21:

  In Linux, what is the smallest possible shellcode?

  A. 8 bytes

  B. 24 bytes

  C. 800 bytes

  D. 80 bytes

  Correct Answer: B

• Question 22:

  How many possible sequence number combinations are there in TCP/IP protocol?

  A. 320 billion

  B. 1 billion

  C. 4 billion

  D. 32 million

  Correct Answer: C

• Question 23:

  When is it appropriate to use computer forensics?

  A. If copyright and intellectual property theft/misuse has occurred

  B. If employees do not care for their boss?management techniques

  C. If sales drop off for no apparent reason for an extended period of time

  D. If a financial institution is burglarized by robbers

  Correct Answer: A

• Question 24:

  How many bits is Source Port Number in TCP Header packet?

  A. 16

  B. 48

  C. 32

  D. 64

  Correct Answer: A

• Question 25:

  One technique for hiding information is to change the file extension from the correct one to one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?

  A. the File Allocation Table

  B. the file header

  C. the file footer

  D. the sector map

  Correct Answer: B

• Question 26:

  You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer data. What method would be most efficient for you to acquire digital evidence from this network?

  A. Make a bit-stream disk-to-disk file

  B. Make a bit-stream disk-to-image file

  C. Create a sparse data copy of a folder or file

  D. Create a compressed copy of the file with DoubleSpace

  Correct Answer: C

• Question 27:

  Windows identifies which application to open a file with by examining which of the following?

  A. The File extension

  B. The file attributes

  C. The file Signature at the end of the file

  D. The file signature at the beginning of the file

  Correct Answer: A

• Question 28:

  Jack Smith is a forensics investigator who works for Mason Computer Investigation Services. He is investigating a computer that was infected by Ramen Virus.

  

  He runs the netstat command on the machine to see its current connections. In the following screenshot, what do the 0.0.0.0 IP addresses signify?

  A. Those connections are established

  B. Those connections are in listening mode

  C. Those connections are in closed/waiting mode

  D. Those connections are in timed out/waiting mode

  Correct Answer: B

• Question 29:

  One way to identify the presence of hidden partitions on a suspect hard drive is to:One way to identify the presence of hidden partitions on a suspect? hard drive is to:

  A. Add up the total size of all known partitions and compare it to the total size of the hard drive

  B. Examine the FAT and identify hidden partitions by noting an ?in the artition Type?fieldExamine the FAT and identify hidden partitions by noting an ??in the ?artition Type?field

  C. Examine the LILO and note an ?in the artition Type?fieldExamine the LILO and note an ??in the ? artition Type?field It is not possible to have hidden partitions on a hard drive

  Correct Answer: A

• Question 30:

  Julie is a college student majoring in Information Systems and Computer Science. She is currently writing an essay for her computer crimes class. Julie paper focuses on white- collar crimes in America and how forensics investigators investigate the cases. Julie would like to focus the subjectJulie? paper focuses on white-collar crimes in America and how forensics investigators investigate the cases. Julie would like to focus the subject of the essay on the most common type of crime found in corporate America. What crime should Julie focus on?

  A. Physical theft

  B. Copyright infringement

  C. Industrial espionage

  D. Denial of Service attacks

  Correct Answer: C