• Home
  • Articles
  • EC-COUNCIL 312-49v10 Certification Exam Dumps with 706 Practice Test Questions [Q213-Q231]

EC-COUNCIL 312-49v10 Certification Exam Dumps with 706 Practice Test Questions [Q213-Q231]

Share

EC-COUNCIL 312-49v10 Certification Exam Dumps with 706 Practice Test Questions

New 312-49v10 Exam Dumps with High Passing Rate


The EC-COUNCIL 312-49v10 exam covers a wide range of topics that are essential in the field of computer forensics. The curriculum includes the basics of computer forensics, such as understanding the digital forensic process, evidence acquisition, and analysis. It also covers advanced topics such as network forensics, mobile device forensics, and cloud forensics. 312-49v10 exam is designed to test the candidate's ability to analyze and interpret digital evidence, identify security breaches, and recover lost data.

 

NEW QUESTION # 213
According to RFC 3227, which of the following is considered as the most volatile item on a typical system?

  • A. Registers and cache
  • B. Archival media
  • C. Temporary system files
  • D. Kernel statistics and memory

Answer: A


NEW QUESTION # 214
When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?

  • A. a disk editor
  • B. a protocol analyzer
  • C. a firewall
  • D. a write-blocker

Answer: D


NEW QUESTION # 215
Microsoft Security IDs are available in Windows Registry Editor. The path to locate IDs in Windows 7 is:

  • A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Regedit
  • B. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProfileList
  • C. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
  • D. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegList

Answer: C


NEW QUESTION # 216
Frank is working on a vulnerability assessment for a company on the West coast. The company hired Frank to assess its network security through scanning, pen tests, and vulnerability assessments. After discovering numerous known vulnerabilities detected by a temporary IDS he set up, he notices a number of items that show up as unknown but Questionable in the logs. He looks up the behavior on the Internet, but cannot find anything related. What organization should Frank submit the log to find out if it is a new vulnerability or not?

  • A. RIPE
  • B. IANA
  • C. CVE
  • D. APIPA

Answer: C


NEW QUESTION # 217
Corporate investigations are typically easier than public investigations because:

  • A. the users can load whatever they want on their machines
  • B. the investigator has to get a warrant
  • C. the users have standard corporate equipment and software
  • D. the investigator does not have to get a warrant

Answer: D


NEW QUESTION # 218
When operating systems mark a cluster as used but not allocated, the cluster is considered as _________

  • A. Corrupt
  • B. Lost
  • C. Bad
  • D. Unallocated

Answer: B


NEW QUESTION # 219
What encryption technology is used on Blackberry devices Password Keeper?

  • A. AES
  • B. Blowfish
  • C. RC5
  • D. 3DES

Answer: A


NEW QUESTION # 220
Brian has the job of analyzing malware for a software security company. Brian has setup a virtual environment that includes virtual machines running various versions of OSes. Additionally, Brian has setup separated virtual networks within this environment The virtual environment does not connect to the company's intranet nor does it connect to the external Internet. With everything setup, Brian now received an executable file from client that has undergone a cyberattack. Brian ran the executable file In the virtual environment to see what it would do. What type of analysis did Brian perform?

  • A. Status malware analysis
  • B. Static malware analysis
  • C. Dynamic malware analysis
  • D. Static OS analysis

Answer: C


NEW QUESTION # 221
Which MySQL log file contains information on server start and stop?

  • A. Binary log
  • B. General query log file
  • C. Error log file
  • D. Slow query log file

Answer: C


NEW QUESTION # 222
If the partition size is 4 GB, each cluster will be 32 K. Even if a file needs only 10 K, the entire 32 K will be allocated, resulting in 22 K of ________.

  • A. Deleted space
  • B. Sector space
  • C. Slack space
  • D. Cluster space

Answer: C


NEW QUESTION # 223
Which of these rootkit detection techniques function by comparing a snapshot of the file system, boot records, or memory with a known and trusted baseline?

  • A. Signature-Based Detection
  • B. Integrity-Based Detection
  • C. Heuristic/Behavior-Based Detection
  • D. Cross View-Based Detection

Answer: B


NEW QUESTION # 224
What malware analysis operation can the investigator perform using the jv16 tool?

  • A. Registry Analysis/Monitoring
  • B. Network Traffic Monitoring/Analysis
  • C. Files and Folder Monitor
  • D. Installation Monitor

Answer: A


NEW QUESTION # 225
What is the primary function of the tool CHKDSK in Windows that authenticates the file system reliability of a volume?

  • A. Check the disk for Slack Space
  • B. Check the disk for connectivity errors
  • C. Check the disk for hardware errors
  • D. Repairs logical file system errors

Answer: D


NEW QUESTION # 226
In both pharming and phishing attacks an attacker can create websites that look similar to legitimate sites with the intent of collecting personal identifiable information from its victims. What is the difference between pharming and phishing attacks?

  • A. Both pharming and phishing attacks are identical
  • B. Both pharming and phishing attacks are purely technical and are not considered forms of social engineering
  • C. In a pharming attack a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a phishing attack an attacker provides the victim with a URL that is either misspelled or looks similar to the actual websites domain name
  • D. In a phishing attack a victim is redirected to a fake website by modifying their host configuration file or by exploiting vulnerabilities in DNS. In a pharming attack an attacker provides the victim with a URL that is either misspelled or looks very similar to the actual websites domain name

Answer: C


NEW QUESTION # 227
An investigator is analyzing a checkpoint firewall log and comes across symbols. What type of log is he looking at?

  • A. Security event was monitored but not stopped
  • B. Connection rejected
  • C. Malicious URL detected
  • D. An email marked as potential spam

Answer: D


NEW QUESTION # 228
Which is a standard procedure to perform during all computer forensics investigations?

  • A. with the hard drive in the suspect PC, check the date and time in the File Allocation Table
  • B. with the hard drive removed from the suspect PC, check the date and time in the system's RAM
  • C. with the hard drive removed from the suspect PC, check the date and time in the system's CMOS
  • D. with the hard drive in the suspect PC, check the date and time in the system's CMOS

Answer: C


NEW QUESTION # 229
Which set of anti-forensic tools/techniques allows a program to compress and/or encrypt an executable file to hide attack tools from being detected by reverse-engineering or scanning?

  • A. Password crackers
  • B. Packers
  • C. Botnets
  • D. Emulators

Answer: B


NEW QUESTION # 230
The newer Macintosh Operating System is based on:

  • A. BSD Unix
  • B. Linux
  • C. Microsoft Windows
  • D. OS/2

Answer: A


NEW QUESTION # 231
......

Get 312-49v10 Braindumps & 312-49v10 Real Exam Questions: https://pass4lead.premiumvcedump.com/EC-COUNCIL/valid-312-49v10-premium-vce-exam-dumps.html

Related Articles

more
EC-COUNCIL 312-49v10 Certification Practice Exam