312-49v9 by EC-COUNCIL Actual Free Exam Questions And Answers

Question 1

If the partition size is 4 GB, each cluster will be 32 K.
Even if a file needs only 10 K, the entire 32 K will be allocated, resulting in 22 K of ________.

A. Deleted space

B. Slack space

C. Sector space

D. Cluster space

Discussion 0

Correct Answer: B Vote an answer

Question 2

This organization maintains a database of hash signatures for known software.

A. American National standards Institute

B. International Standards Organization

C. National Software Reference Library

D. Institute of Electrical and Electronics Engineers

Discussion 0

Correct Answer: C Vote an answer

Question 3

What is the primary function of the tool CHKDSK in Windows that authenticates the file system reliability of a volume?

A. Check the disk for connectivity errors

B. Check the disk for Slack Space

C. Check the disk for hardware errors

D. Repairs logical file system errors

Discussion 0

Correct Answer: D Vote an answer

Question 4

When investigating a Windows System, it is important to view the contents of the page or swap file because:

A. This is the file that windows use to store the history of the last 100 commands that were run from the command line

B. Windows stores all of the systems configuration information in this file

C. This is file that windows use to communicate directly with Registry

D. A Large volume of data can exist within the swap file of which the computer user has no knowledge

Discussion 0

Correct Answer: D Vote an answer

Question 5

Which among the following files provides email header information in the Microsoft Exchange server?

A. PRIV.STM

B. PRIV.EDB

C. PUB.EDB

D. gwcheck.db

Discussion 0

Correct Answer: B Vote an answer

Question 6

What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever the course of its lifetime?

A. forensic duplication of hard drive

B. analysis of volatile data

C. review of SIDs in the Registry

D. comparison of MD5 checksums

Discussion 0

Correct Answer: D Vote an answer

Question 7

Randy has extracted data from an old version of a Windows-based system and discovered info file Dc5.txt in the system recycle bin. What does the file name denote?

A. A text file copied from D drive to C drive in fifth sequential order

B. A text file copied from C drive to D drive in fifth sequential order

C. A text file deleted from C drive in sixth sequential order

D. A text file deleted from C drive in fifth sequential order

Discussion 0

Correct Answer: D Vote an answer

Question 8

NTFS sets a flag for the file once you encrypt it and creates an EFS attribute where it stores Data Decryption Field (DDF) and Data Recovery Field (DDR). Which of the following is not a part of DDF?

A. EFS Certificate Hash

B. Container Name

C. Checksum

D. Encrypted FEK

Discussion 0

Correct Answer: C Vote an answer

Question 9

You have compromised a lower-level administrator account on an Active Directory network of a small company in Dallas, Texas. You discover Domain Controllers through enumeration. You connect to one of the Domain Controllers on port 389 using ldp.exe. What are you trying to accomplish here?

A. Poison the DNS records with false records

B. Enumerate MX and A records from DNS

C. Establish a remote connection to the Domain Controller

D. Enumerate domain user accounts and built-in groups

Discussion 0

Correct Answer: D Vote an answer

Question 10

Event correlation is the process of finding relevance between the events that produce a final result. What type of correlation will help an organization to correlate events across a set of servers, systems, routers and network?

A. Same-platform correlation

B. Network-platform correlation

C. Cross-platform correlation

D. Multiple-platform correlation

Discussion 0

Correct Answer: C Vote an answer

Question 11

Which of the following acts as a network intrusion detection system as well as network intrusion prevention system?

A. Snort

B. Kismet

C. Accunetix

D. Nikto

Discussion 0

Correct Answer: A Vote an answer

Question 12

The MAC attributes are timestamps that refer to a time at which the file was last modified or last accessed or originally created. Which of the following file systems store MAC attributes in Coordinated Universal Time (UTC) format?

A. Global File System (GFS)

B. New Technology File System (NTFS)

C. File Allocation Table (FAT

D. Hierarchical File System (HFS)

Discussion 0

Correct Answer: B Vote an answer

Question 13

%3cscript%3ealert("XXXXXXXX")%3c/script%3e is a script obtained from a Cross-Site Scripting attack. What type of encoding has the attacker employed?

A. Unicode

B. Base64

C. Double encoding

D. Hex encoding

Discussion 0

Correct Answer: D Vote an answer

Question 14

To preserve digital evidence, an investigator should ____________________.

A. Make two copies of each evidence item using different imaging tools

B. Only store the original evidence item

C. Make a single copy of each evidence item using an approved imaging tool

D. Make two copies of each evidence item using a single imaging tool

Discussion 0

Correct Answer: A Vote an answer

Question 15

A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees don't like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the data ingest department. Using Wireshark to examine the captured traffic, which command can be used as a display filter to find unencrypted file transfers?

A. tcp.port == 21

B. tcp.port == 21 || tcp.port == 22

C. tcp.port = 23

D. tcp.port != 21

Discussion 0

Correct Answer: A Vote an answer

EC-COUNCIL ECCouncil Computer Hacking Forensic Investigator (V9) - 312-49v9 Exam Practice Test

Contact Us

Useful Links

Latest Updated