Online Questions - Valid Practice To your 312-49v9 Exam (Updated 586 Questions)
Practice To 312-49v9 - Remarkable Practice On your ECCouncil Computer Hacking Forensic Investigator (V9) Exam
EC-COUNCIL 312-49v9 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
NEW QUESTION 252
What is a first sector ("sector zero") of a hard disk?
- A. Master boot record
- B. System boot record
- C. Hard disk boot record
- D. Secondary boot record
Answer: A
NEW QUESTION 253
Which wireless standard has bandwidth up to 54 Mbps and signals in a regulated frequency spectrum around 5 GHz?
- A. 802.11i
- B. 802.11b
- C. 802.11g
- D. 802.11a
Answer: D
NEW QUESTION 254
You are trying to locate Microsoft Outlook Web Access Default Portal using Google search on the Internet. What search string will you use to locate them?
- A. locate:"logon page"
- B. outlook:"search"
- C. intitle:"exchange server"
- D. allinurl:"exchange/logon.asp"
Answer: D
NEW QUESTION 255
What does the bytes 0x0B-0x53 represent in the boot sector of NTFS volume on Windows 2000?
- A. Jump instruction and the OEM ID
- B. Bootstrap code and the end of the sector marker
- C. BIOS Parameter Block (BPB) and the extended BPB
- D. BIOS Parameter Block (BPB) and the OEM ID
Answer: C
NEW QUESTION 256
Gary, a computer technician, is facing allegations of abusing children online by befriending them and sending them illicit adult images from his office computer. What type of investigation does this case require?
- A. Administrative Investigation
- B. Civil Investigation
- C. Both Criminal and Administrative Investigation
- D. Criminal Investigation
Answer: D
NEW QUESTION 257
The following excerpt is taken from a honeypot log. The log captures activities across three days.
There are several intrusion attempts; however, a few are successful.
(Note: The objective of this question is to test whether the student can read basic information from log entries and interpret the nature of attack.) Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169 Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482 Apr 24 18:01:05 [4663]: IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53 Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 -> 172.16.1.107:21 Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53 Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111 Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80 Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53 Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53 Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by (uid=0) Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506) Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080 Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558 From the options given below choose the one which best interprets the following entry:
Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53
- A. A DNS zone transfer
- B. Data being retrieved from 63.226.81.13
- C. A buffer overflow attempt
- D. An IDS evasion technique
Answer: D
NEW QUESTION 258
Corporate investigations are typically easier than public investigations because:
- A. the users have standard corporate equipment and software
- B. the investigator does not have to get a warrant
- C. the investigator has to get a warrant
- D. the users can load whatever they want on their machines
Answer: B
NEW QUESTION 259
A swap file is a space on a hard disk used as the virtual memory extension of a computer's
RAM. Where is the hidden swap file in Windows located?
- A. C:\hiberfil.sys
- B. C:\pagefile.sys
- C. C:\ALCSetup.log
- D. C:\config.sys
Answer: B
NEW QUESTION 260
You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company clients. You have rummaged through their trash and found very little information. You do not want to set off any alarms on their network, so you plan on performing passive foot printing against their Web servers. What tool should you use?
- A. Nmap
- B. Netcraft
- C. Dig
- D. Ping sweep
Answer: B
NEW QUESTION 261
UEFI is a specification that defines a software interface between an OS and platform firmware.
Where does this interface store information about files present on a disk?
- A. GUID Partition Table (GPT)
- B. Master Boot Record (MBR)
- C. BIOS-MBR
- D. BIOS Parameter Block
Answer: A
NEW QUESTION 262
Michael works for Kimball Construction Company as senior security analyst. As part of yearly security audit, Michael scans his network for vulnerabilities. Using Nmap, Michael conducts XMAS scan and most of the ports scanned do not give a response. In what state are these ports?
- A. Filtered
- B. Closed
- C. Stealth
- D. Open
Answer: D
NEW QUESTION 263
You are called in to assist the police in an investigation involving a suspected drug dealer.
The police searched the suspect house after aYou are called in to assist the police in an investigation involving a suspected drug dealer. The police searched the suspect? house after a warrant was obtained and they located a floppy disk in the suspect bedroom. The disk contains several files, but they appear to be passwordwarrant was obtained and they located a floppy disk in the suspect? bedroom. The disk contains several files, but they appear to be password protected. What are two common methods used by password cracking software that you could use to obtain the password?
- A. Brute force and dictionary attack
- B. Limited force and library attack
- C. Minimum force and appendix attack
- D. Maximum force and thesaurus attack
Answer: A
NEW QUESTION 264
Sectors in hard disks typically contain how many bytes?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: A
NEW QUESTION 265
Terri works for a security consulting firm that is currently performing a penetration test on
First National Bank in Tokyo. Terri's duties include bypassing firewalls and switches to gain access to the network. Terri sends an IP packet to one of the company's switches with
ACK bit and the source address of her machine set. What is Terri trying to accomplish by sending this IP packet?
- A. Crash the switch with aDoS attack since switches cannot send ACK bits
- B. Enable tunneling feature on the switch
- C. Trick the switch into thinking it already has a session with Terri's computer
- D. Poison the switch's MAC address table by flooding it with ACK bits
Answer: C
NEW QUESTION 266
Lynne receives the following email:
Dear [email protected]!
We are sorry to inform you that your ID has been temporarily frozen due to incorrect or missing information saved at 2016/11 /1 O 20:40:24 You have 24 hours to fix this problem or risk to be closed permanently!
To proceed Please Connect>> My Apple ID
Thank You
The
link to My Apple ID shows http://byggarbetsplatsen.se/backup/signon/
What type of attack is this?
- A. Phishing
- B. Email Spamming
- C. Mail Bombing
- D. Email Spoofing
Answer: A
NEW QUESTION 267
Which of the following tool creates a bit-by-bit image of an evidence media?
- A. Recuva
- B. FileMerlin
- C. AccessData FTK lmager
- D. Xplico
Answer: C
NEW QUESTION 268
When the operating system marks cluster as used, but does not allocate them to any file, such clusters are known as ___________.
- A. Empty clusters
- B. Lost clusters
- C. Bad clusters
- D. Unused clusters
Answer: B
NEW QUESTION 269
During an investigation, Noel found the following SIM card from the suspect's mobile. What does the code 89
44 represent?
- A. TAC and Industry Identifier
- B. Issuer Identifier Number and TAC
- C. Industry Identifier and Country code
- D. Individual Account Identification Number and Country Code
Answer: C
NEW QUESTION 270
Frank is working on a vulnerability assessment for a company on the West coast. The company hired Frank to assess its network security through scanning, pen tests, and vulnerability assessments. After discovering numerous known vulnerabilities detected by a temporary IDS he set up, he notices a number of items that show up as unknown but Questionable in the logs. He looks up the behavior on the Internet, but cannot find anything related. What organization should Frank submit the log to find out if it is a new vulnerability or not?
- A. RIPE
- B. APIPA
- C. IANA
- D. CVE
Answer: D
NEW QUESTION 271
On Linux/Unix based Web servers, what privilege should the daemon service be run under?
- A. Something other than root
- B. You cannot determine what privilege runs the daemon service
- C. Root
- D. Guest
Answer: A
NEW QUESTION 272
Which of the following refers to the process of the witness being questioned by the attorney who called the latter to the stand?
- A. Cross Questioning
- B. Direct Examination
- C. Witness Authentication
- D. Expert Witness
Answer: B
NEW QUESTION 273
Linux operating system has two types of typical bootloaders namely LILO (Linux Loader) and GRUB (Grand Unified Bootloader). In which stage of the booting process do the bootloaders become active?
- A. Bootloader Stage
- B. BootROM Stage
- C. Kernel Stage
- D. BIOS Stage
Answer: C
NEW QUESTION 274
Which legal document allows law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime?
- A. search warrant
- B. wire tap
- C. subpoena
- D. bench warrant
Answer: A
NEW QUESTION 275
......
True 312-49v9 Exam Extraordinary Practice For the Exam: https://www.braindumpsit.com/312-49v9_real-exam.html