• Home
  • Articles
  • 100% Pass Top-selling 312-49v10 Exams - New 2023 EC-COUNCIL Pratice Exam [Q63-Q79]

100% Pass Top-selling 312-49v10 Exams - New 2023 EC-COUNCIL Pratice Exam [Q63-Q79]

Share

100% Pass Top-selling 312-49v10 Exams - New 2023 EC-COUNCIL Pratice Exam

CHFI v10 Dumps 312-49v10 Exam for Full Questions - Exam Study Guide


EC-COUNCIL 312-49v10 Exam Syllabus Topics:

TopicDetails
Topic 1
  • Understanding Hard Disks and File Systems
  • Investigating Email Crimes
Topic 2
  • Computer Forensics in Today’s World
  • Investigating Web Attacks
Topic 3
  • Database Forensics
  • Network Forensics
  • Windows Forensics
Topic 4
  • Defeating Anti-Forensics Techniques
  • Malware Forensics

 

NEW QUESTION 63
If you discover a criminal act while investigating a corporate policy abuse, it becomes a publicsector investigation and should be referred to law enforcement?

  • A. true
  • B. false

Answer: A

 

NEW QUESTION 64
A law enforcement officer may only search for and seize criminal evidence with _______________________, which are facts or circumstances that would lead a reasonable person to believe a crime has been committed or is about to be committed, evidence of the specific crime exists and the evidence of the specific crime exists at the place to be searched.

  • A. Mere Suspicion
  • B. A preponderance of the evidence
  • C. Probable cause
  • D. Beyond a reasonable doubt

Answer: C

 

NEW QUESTION 65
Lance wants to place a honeypot on his network. Which of the following would be your recommendations?

  • A. It doesn't matter as all replies are faked
  • B. Use a system that is not directly interacting with the router
  • C. Use a system that has a dynamic addressing on the network
  • D. Use it on a system in an external DMZ in front of the firewall

Answer: A

 

NEW QUESTION 66
Under confession, an accused criminal admitted to encrypting child pornography pictures and then hiding them within other pictures. What technique did the accused criminal employ?

  • A. Picture encoding
  • B. Steganography
  • C. Steganalysis
  • D. Typography

Answer: B

 

NEW QUESTION 67
Which of these rootkit detection techniques function by comparing a snapshot of the file system, boot records, or memory with a known and trusted baseline?

  • A. Cross View-Based Detection
  • B. Heuristic/Behavior-Based Detection
  • C. Integrity-Based Detection
  • D. Signature-Based Detection

Answer: C

 

NEW QUESTION 68
How will you categorize a cybercrime that took place within a CSP's cloud environment?

  • A. Cloud as a Tool
  • B. Cloud as an Audit
  • C. Cloud as an Object
  • D. Cloud as a Subject

Answer: C

 

NEW QUESTION 69
While working for a prosecutor, what do you think you should do if the evidence you found appears to be exculpatory and is not being released to the defense?

  • A. Bring the information to the attention of the prosecutor, his or her supervisor or finally to the judge
  • B. Keep the information of file for later review
  • C. Destroy the evidence
  • D. Present the evidence to the defense attorney

Answer: A

 

NEW QUESTION 70
Joshua is analyzing an MSSQL database for finding the attack evidence and other details, where should he look for the database logs?

  • A. Model.txt
  • B. Model.lgf
  • C. Model.log
  • D. Model.ldf

Answer: D

 

NEW QUESTION 71
Which set of anti-forensic tools/techniques allows a program to compress and/or encrypt an executable file to hide attack tools from being detected by reverse-engineering or scanning?

  • A. Packers
  • B. Emulators
  • C. Botnets
  • D. Password crackers

Answer: A

 

NEW QUESTION 72
Your company uses Cisco routers exclusively throughout the network. After securing the routers to the best of your knowledge, an outside security firm is brought in to assess the network security.
Although they found very few issues, they were able to enumerate the model, OS version, and capabilities for all your Cisco routers with very little effort. Which feature will you disable to eliminate the ability to enumerate this information on your Cisco routers?

  • A. Cisco Discovery Protocol
  • B. Broadcast System Protocol
  • C. Border Gateway Protocol
  • D. Simple Network Management Protocol

Answer: A

 

NEW QUESTION 73
What does ICMP Type 3/Code 13 mean?

  • A. Protocol Unreachable
  • B. Administratively Blocked
  • C. Host Unreachable
  • D. Port Unreachable

Answer: B

 

NEW QUESTION 74
Which of the following is NOT a part of pre-investigation phase?

  • A. Gathering information about the incident
  • B. Gathering evidence data
  • C. Building forensics workstation
  • D. Creating an investigation team

Answer: B

 

NEW QUESTION 75
In a forensic examination of hard drives for digital evidence, what type of user is most likely to have the most file slack to analyze?

  • A. one who has lots of allocation units per block or cluster
  • B. one who uses dynamic swap file capability
  • C. one who has NTFS 4 or 5 partitions
  • D. one who uses hard disk writes on IRQ 13 and 21

Answer: A

 

NEW QUESTION 76
Why should you never power on a computer that you need to acquire digital evidence from?

  • A. Powering on a computer has no affect when needing to acquire digital evidence from it
  • B. When the computer boots up, data in the memory buffer is cleared which could destroy evidence
  • C. When the computer boots up, the system cache is cleared which could destroy evidence
  • D. When the computer boots up, files are written to the computer rendering the data nclean

Answer: D

 

NEW QUESTION 77
You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation.
Your job is to complete the required evidence custody forms to properly document each piece of evidence as it is collected by other members of your team. Your manager instructs you to complete one multi-evidence form for the entire case and a single-evidence form for each hard drive. How will these forms be stored to help preserve the chain of custody of the case?

  • A. All forms should be placed in an approved secure container because they are now primary evidence in the case.
  • B. The multi-evidence form should be placed in the report file and the single-evidence forms should be kept with each hard drive in an approved secure container.
  • C. The multi-evidence form should be placed in an approved secure container with the hard drives and the single-evidence forms should be placed in the report file.
  • D. All forms should be placed in the report file because they are now primary evidence in the case.

Answer: B

 

NEW QUESTION 78
Which of the following should a computer forensics lab used for investigations have?

  • A. isolation
  • B. open access
  • C. restricted access
  • D. an entry log

Answer: C

 

NEW QUESTION 79
......

Authentic Best resources for 312-49v10 Online Practice Exam: https://www.testkingfree.com/EC-COUNCIL/312-49v10-practice-exam-dumps.html

312-49v10 Test Engine Practice Exam: https://drive.google.com/open?id=1prKi6mFRW2TNcP7GxSUdRNTr4toL3QJN

Related Articles

more
EC-COUNCIL 312-49v10 Certification Practice Exam