EC-COUNCIL 312-49V9 Online Practice Questions and Exam Preparation

EC-COUNCIL 312-49V9 Online Questions & Answers

• Question 391:

  You have compromised a lower-level administrator account on an Active Directory network of a small company in Dallas, Texas. You discover Domain Controllers through enumeration. You connect to one of the Domain Controllers on port

  389 using ldp.exe.

  What are you trying to accomplish here?

  A. Enumerate domain user accounts and built-in groups
  B. Enumerate MX and A records from DNS
  C. Establish a remote connection to the Domain Controller
  D. Poison the DNS records with false records
  A. Enumerate domain user accounts and built-in groups

• Question 392:

  You should always work with original evidence

  A. True
  B. False
  B. False

• Question 393:

  Volatile information can be easily modified or lost when the system is shut down or rebooted. It helps to determine a logical timeline of the security incident and the users who would be responsible.

  A. True
  B. False
  A. True

• Question 394:

  During the seizure of digital evidence, the suspect can be allowed touch the computer system.

  A. True
  B. False
  B. False

• Question 395:

  Your company's network just finished going through a SAS 70 audit. This audit reported that overall, your network is secure, but there are some areas that needs improvement. The major area was SNMP security. The audit company recommended turning off SNMP, but that is not an option since you have so many remote nodes to keep track of. What step could you take to help secure SNMP on your network?

  A. Block access to TCP port 171
  B. Change the default community string names
  C. Block all internal MAC address from using SNMP
  D. Block access to UDP port 171
  B. Change the default community string names

• Question 396:

  An investigator is searching through the firewall logs of a company and notices ICMP packets that are larger than 65,536 bytes. What type of activity is the investigator seeing?

  A. Smurf
  B. Ping of death
  C. Fraggle
  D. Nmap scan
  B. Ping of death

• Question 397:

  You are assisting a Department of Defense contract company to become compliant with the stringent security policies set by the DoD. One such strict rule is that firewalls must only allow incoming connections that were first initiated by internal computers. What type of firewall must you implement to abide by this policy?

  A. Packet filtering firewall
  B. Application-level proxy firewall
  C. Statefull firewall
  D. Circuit-level proxy firewall
  C. Statefull firewall

• Question 398:

  In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?

  A. Policy of separation
  B. Chain of custody
  C. Rules of evidence
  D. Law of probability
  B. Chain of custody

• Question 399:

  The following is a log file screenshot from a default installation of IIS 6.0.

  

  What time standard is used by IIS as seen in the screenshot?

  A. UTC
  B. GMT
  C. TAI
  D. UT
  A. UTC

• Question 400:

  When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?

  A. Passive IDS
  B. Active IDS
  C. NIPS
  D. Progressive IDS
  B. Active IDS