Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home EC-Council 312-49v10

EC-Council 312-49v10 Exam Practice Questions (P. 1)

  • Full Access (831 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #1
When an investigator contacts by telephone the domain administrator or controller listed by a Who is lookup to request all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail records?
  1. A
    Title 18, Section 1030
  2. B
    Title 18, Section 2703(d)
  3. C
    Title 18, Section Chapter 90
  4. D
    Title 18, Section 2703(f)

Correct Answer:
D
chatbot-img GPT-4o - Answer
Title 18, Section 2703(f) specifically permits an investigator to legally request the preservation of email records from an ISP. This section mandates the ISP to retain the pertinent records and evidence for up to 90 days, with the possibility of a further 90-day extension if needed, thereby ensuring that vital information remains available during an investigation. This compliance is crucial for maintaining the integrity and availability of electronic evidence which may be critical in a forensic investigation.

Question #2
Item 2If you come across a sheepdip machine at your client site, what would you infer?
  1. A
    A sheepdip coordinates several honeypots
  2. B
    A sheepdip computer is another name for a honeypot
  3. C
    A sheepdip computer is used only for virus-checking.
  4. D
    A sheepdip computer defers a denial of service attack

Correct Answer:
C
chatbot-img GPT-4o - Answer
A sheepdip computer is specifically set up for the role of checking and sanitizing files and devices for viruses before they are connected to or used within the primary network infrastructure. This process ensures a greatly reduced risk of introducing malware to secure environments, acting as a critical defense layer against potential security breaches. Therefore, user comment 1 accurately captures the primary function of a sheepdip machine.

Question #3
In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?
  1. A
    rules of evidence
  2. B
    law of probability
  3. C
    chain of custody
  4. D
    policy of separation

Correct Answer:
C
chatbot-img GPT-4o - Answer
The chain of custody is vital in computer forensics as it traces the handling, transfer, and storage of evidence from discovery through to legal proceedings. This full tracking not only maintains the integrity of the evidence but also ensures its admissibility in court by documenting all individuals involved in the handling processes. Understanding this concept is crucial for correctly managing forensic evidence in any legal context.

Question #4
How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?
  1. A
    128
  2. B
    64
  3. C
    32
  4. D
    16

Correct Answer:
C
chatbot-img GPT-4o - Answer
The MD5 hashing algorithm generates a checksum that is 128 bits long. For readability and practical usage, this is typically represented as a 32-character hexadecimal string. Each byte (8 bits) of the 16-byte hash translates to exactly two hexadecimal characters, leading to the 32 characters mentioned in the correct answer. Note that while MD5 is still used for data integrity checks, its security vulnerabilities for cryptographic purposes should not be overlooked.

Question #5
You are working on a thesis for your doctorate degree in Computer Science. Your thesis is based on HTML, DHTML, and other web-based languages and how they have evolved over the years.
You navigate to archive. org and view the HTML code of news.com. You then navigate to the current news.com website and copy over the source code. While searching through the code, you come across something abnormal: What have you found?
  1. A
    Web bug
  2. B
    CGI code
  3. C
    Trojan.downloader
  4. D
    Blind bug

Correct Answer:
A
chatbot-img GPT-4o - Answer
In discussing the identification of abnormalities in HTML code from archival versus current websites, the term "web bug" fits effectively. Web bugs are often small, usually invisible objects embedded in web pages, primarily used for tracking user behavior and gathering data. Such elements might not be evident in older archived code but could appear in the more modern implementation, reflecting an evolution in how web technologies are utilized for data analysis and tracking across different time frames. This usage aligns with the question focus on technological advancements in web-based languages.

Question #6
You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?
  1. A
    0:1000, 150
  2. B
    0:1709, 150
  3. C
    1:1709, 150
  4. D
    0:1709-1858

Correct Answer:
B
chatbot-img GPT-4o - Answer
In using DriveSpy, specifying the exact sectors for a forensic copy must include both the correct starting sector and the count of sectors to copy. The notation "0:1709, 150" is correct because it explicitly defines the start at sector 1709 and the following 150 sectors on the primary drive (denoted by '0'). This yields a precise sector range necessary for an accurate forensic duplication. This notation method directly indicates the scope of data extraction essential for forensic examination, maintaining methodological accuracy in digital investigation processes.

Question #7
A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker. Given below is an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by studying the log. Please note that you are required to infer only what is explicit in the excerpt.
(Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.)
03/15-20:21:24.107053 211.185.125.124:3500 -> 172.16.1.108:111
TCP TTL:43 TOS:0x0 ID:29726 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x9B6338C5 Ack: 0x5820ADD0 Win: 0x7D78 TcpLen: 32
TCP Options (3) => NOP NOP TS: 23678634 2878772 =+=+=+=+=+=+=+=+=+=+=+=+=+=
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
03/15-20:21:24.452051 211.185.125.124:789 -> 172.16.1.103:111
UDP TTL:43 TOS:0x0 ID:29733 IpLen:20 DgmLen:84

Len: 64 -
01 0A 8A 0A 00 00 00 00 00 00 00 02 00 01 86 A0 . .............
00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 01 86 B8 00 00 00 01 . ..............
00 00 00 11 00 00 00 00 ........
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
03/15-20:21:24.730436 211.185.125.124:790 -> 172.16.1.103:32773
UDP TTL:43 TOS:0x0 ID:29781 IpLen:20 DgmLen:1104

Len: 1084 -
47 F7 9F 63 00 00 00 00 00 00 00 02 00 01 86 B8
  1. A
    The attacker has conducted a network sweep on port 111
  2. B
    The attacker has scanned and exploited the system using Buffer Overflow
  3. C
    The attacker has used a Trojan on port 32773
  4. D
    The attacker has installed a backdoor

Correct Answer:
A
chatbot-img GPT-4o - Answer
The excerpt from the Snort capture indicates that the attacker conducted activity focused on port 111, which is commonly associated with network services like Sun RPC. The sequential and targeted tick of logs toward this specific port suggests a scanning approach, typically aimed at identifying responsive services across multiple IP addresses within the target's subnet. This kind of behavior illustrates a precursor to more profound exploitative attacks, defining it as a network sweep. The detailed sequence and transition in ports in the log reinforce this argument, rather than indicating immediate exploitative action such as a buffer overflow or trojan deployment.

Question #8
The newer Macintosh Operating System is based on:
  1. A
    OS/2
  2. B
    BSD Unix
  3. C
    Linux
  4. D
    Microsoft Windows

Correct Answer:
B
chatbot-img GPT-4o - Answer
The Newer Macintosh OS indeed builds its foundation on BSD Unix, primarily due to its robust security features, stable performance, and open-source benefits, making it a suitable choice for Apple's architecture. This confirmation of BSD as the base for macOS aligns closely with its Unix certification and the general public documentation by Apple, ensuring developers and users benefit from a reliable and secure OS environment.

Question #9
Before you are called to testify as an expert, what must an attorney do first?
  1. A
    engage in damage control
  2. B
    prove that the tools you used to conduct your examination are perfect
  3. C
    read your curriculum vitae to the jury
  4. D
    qualify you as an expert witness

Correct Answer:
D
chatbot-img GPT-4o - Answer
To make sure everyone is on the same page for court, it's key that the attorney officially qualifies the person testifying as an expert witness. This is more than just introducing you; it's about establishing that you've got the skills, experience, or knowledge in a particular area. This helps ensure that the expert's opinion is considered valid and seriously weighed in the case.

Question #10
You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer data.
What method would be most efficient for you to acquire digital evidence from this network?
  1. A
    create a compressed copy of the file with DoubleSpace
  2. B
    create a sparse data copy of a folder or file
  3. C
    make a bit-stream disk-to-image file
  4. D
    make a bit-stream disk-to-disk file

Correct Answer:
C
chatbot-img GPT-4o - Answer
For a forensic investigator dealing with such a large volume of data spread across vast storage area networks, the most efficient method to acquire digital evidence would be making a bit-stream disk-to-image file. This approach ensures that you have an exact bitwise copy of the original data, crucial for forensic investigation. It not only maintains the integrity of the evidence by mirroring all data, including deleted files and slack space but also allows the evidence to be stored and analyzed without affecting the original system, crucial for maintaining data authenticity in legal contexts.

Next Questions

All Pages