• Home
  • Articles
  • [Jan 01, 2022] Fully Updated Dumps PDF - Latest 312-49v10 Exam Questions and Answers [Q271-Q292]

[Jan 01, 2022] Fully Updated Dumps PDF - Latest 312-49v10 Exam Questions and Answers [Q271-Q292]

Share

[Jan 01, 2022] Fully Updated Dumps PDF - Latest 312-49v10 Exam Questions and Answers

100% Free 312-49v10 Exam Dumps to Pass Exam Easily from TestKingFree


EC-COUNCIL 312-49v10 Exam Syllabus Topics:

TopicDetails
Topic 1
  • Computer Forensics Investigation Process
  • Dark Web Forensics
  • Mobile Forensics
Topic 2
  • Understanding Hard Disks and File Systems
  • Investigating Email Crimes
Topic 3
  • Defeating Anti-Forensics Techniques
  • Malware Forensics

 

NEW QUESTION 271
Adam, a forensic analyst, is preparing VMs for analyzing a malware. Which of the following is NOT a best practice?

  • A. Isolating the host device
  • B. Enabling shared folders
  • C. Installing malware analysis tools
  • D. Using network simulation tools

Answer: B

 

NEW QUESTION 272
Which of the following tool can the investigator use to analyze the network to detect Trojan activities?

  • A. Capsa
  • B. RAM Computer
  • C. Regshot
  • D. TRIPWIRE

Answer: A

 

NEW QUESTION 273
Sectors are pie-shaped regions on a hard disk that store dat
a. Which of the following parts of a hard disk do not contribute in determining the addresses of data?

  • A. Sectors
  • B. Interface
  • C. Cylinder
  • D. Heads

Answer: B

 

NEW QUESTION 274
Hard disk data addressing is a method of allotting addresses to each _______ of data on a hard disk.

  • A. Logical block
  • B. Physical block
  • C. Operating system block
  • D. Hard disk block

Answer: B

 

NEW QUESTION 275
Which layer of iOS architecture should a forensics investigator evaluate to analyze services such as Threading, File Access, Preferences, Networking and high-level features?

  • A. Core OS
  • B. Cocoa Touch
  • C. Core Services
  • D. Media services

Answer: A

 

NEW QUESTION 276
When an investigator contacts by telephone the domain administrator or controller listed by a Who is lookup to request all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail records?

  • A. Title 18, Section 2703(f)
  • B. Title 18, Section 1030
  • C. Title 18, Section 2703(d)
  • D. Title 18, Section Chapter 90

Answer: A

 

NEW QUESTION 277
What will the following command accomplish in Linux?
fdisk /dev/hda

  • A. Partition the hard drive
  • B. Delete all files under the /dev/hda folder
  • C. Format the hard drive
  • D. Fill the disk with zeros

Answer: A

 

NEW QUESTION 278
Simon is a former employee of Trinitron XML Inc. He feels he was wrongly terminated and wants to hack into his former company's network. Since Simon remembers some of the server names, he attempts to run the axfr and ixfr commands using DIG. What is Simon trying to accomplish here?

  • A. Enumerate all the users in the domain
  • B. Send DOS commands to crash the DNS servers
  • C. Perform a zone transfer
  • D. Perform DNS poisoning

Answer: C

 

NEW QUESTION 279
When monitoring for both intrusion and security events between multiple computers, it is essential that the computers' clocks are synchronized. Synchronized time allows an administrator to reconstruct what took place during an attack against multiple computers. Without synchronized time, it is very difficult to determine exactly when specific events took place, and how events interlace. What is the name of the service used to synchronize time among multiple computers?

  • A. Time-Sync Protocol
  • B. Network Time Protocol
  • C. SyncTime Service
  • D. Universal Time Set

Answer: B

 

NEW QUESTION 280
What must be obtained before an investigation is carried out at a location?

  • A. Habeas corpus
  • B. Modus operandi
  • C. Search warrant
  • D. Subpoena

Answer: C

 

NEW QUESTION 281
The offset in a hexadecimal code is:

  • A. The first byte after the colon
  • B. The 0x at the beginning of the code
  • C. The 0x at the end of the code
  • D. The last byte after the colon

Answer: B

 

NEW QUESTION 282
An investigator is searching through the firewall logs of a company and notices ICMP packets that are larger than 65,536 bytes. What type of activity is the investigator seeing?

  • A. Ping of death
  • B. Nmap scan
  • C. Smurf
  • D. Fraggle

Answer: A

 

NEW QUESTION 283
One technique for hiding information is to change the file extension from the correct one to the one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?

  • A. The sector map
  • B. The file footer
  • C. The File Allocation Table
  • D. The file header

Answer: D

 

NEW QUESTION 284
Profiling is a forensics technique for analyzing evidence with the goal of identifying the perpetrator from their various activity. After a computer has been compromised by a hacker, which of the following would be most important in forming a profile of the incident?

  • A. The nature of the attack
  • B. The logic, formatting and elegance of the code used in the attack
  • C. The manufacturer of the system compromised
  • D. The vulnerability exploited in the incident

Answer: B

 

NEW QUESTION 285
In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?

  • A. law of probability
  • B. chain of custody
  • C. rules of evidence
  • D. policy of separation

Answer: B

 

NEW QUESTION 286
Examination of a computer by a technically unauthorized person will almost always result in:

  • A. Rendering any evidence found inadmissible in a court of law
  • B. The chain of custody being fully maintained
  • C. Rendering any evidence found admissible in a court of law
  • D. Completely accurate results of the examination

Answer: A

 

NEW QUESTION 287
You have been asked to investigate after a user has reported a threatening e-mail they have received from an external source. Which of the following are you most interested in when trying to trace the source of the message?

  • A. The Host Domain Name
  • B. The SMTP reply Address
  • C. The X509 Address
  • D. The E-mail Header

Answer: D

 

NEW QUESTION 288
Which of the following file formats allows the user to compress the acquired data as well as keep it randomly accessible?

  • A. Advanced Forensics Format (AFF)
  • B. Proprietary Format
  • C. Advanced Forensic Framework 4
  • D. Generic Forensic Zip (gfzip)

Answer: D

 

NEW QUESTION 289
Sniffers that place NICs in promiscuous mode work at what layer of the OSI model?

  • A. Transport
  • B. Data Link
  • C. Physical
  • D. Network

Answer: C

 

NEW QUESTION 290
Which of the following tool is used to locate IP addresses?

  • A. SmartWhois
  • B. XRY LOGICAL
  • C. Deep Log Analyzer
  • D. Towelroot

Answer: A

 

NEW QUESTION 291
Where should the investigator look for the Edge browser's browsing records, including history, cache, and cookies?

  • A. Virtual Memory
  • B. Slack Space
  • C. Sparse files
  • D. ESE Database

Answer: D

 

NEW QUESTION 292
......

Free 312-49v10 Exam Questions 312-49v10 Actual Free Exam Questions: https://www.testkingfree.com/EC-COUNCIL/312-49v10-practice-exam-dumps.html

Verified 312-49v10 dumps and 598 unique questions: https://drive.google.com/open?id=1Jt0HXPEpACeTdG_ti0-1xB5Lo68LCMQn

Related Articles

more
EC-COUNCIL 312-49v10 Certification Practice Exam