• Home
  • Articles
  • [Oct-2021] 312-49 Pre-Exam Practice Tests Exam Questions and Answers for Certified Ethical Hacker Study Guide [Q74-Q96]

[Oct-2021] 312-49 Pre-Exam Practice Tests Exam Questions and Answers for Certified Ethical Hacker Study Guide [Q74-Q96]

Share

[Oct-2021] 312-49 Pre-Exam Practice Tests | Exam Questions and Answers for Certified Ethical Hacker Study Guide

Computer Hacking Forensic Investigator Certification Sample Questions

NEW QUESTION 74
In what way do the procedures for dealing with evidence in a criminal case differ from the procedures for dealing with evidence in a civil case?

  • A. evidence in a criminal case must be secured more tightly than in a civil case
  • B. evidence must be handled in the same way regardless of the type of case
  • C. evidence in a civil case must be secured more tightly than in a criminal case
  • D. evidence procedures are not important unless you work for a law enforcement agency

Answer: A

 

NEW QUESTION 75
You have used a newly released forensic investigation tool, which doesn't meet the Daubert Test, during a case. The case has ended-up in court. What argument could the defense make to weaken your case?

  • A. The total has not been reviewed and accepted by your peers
  • B. You are not certified for using the tool
  • C. Only the local law enforcement should use the tool
  • D. The tool hasn't been tested by the International Standards Organization (ISO)

Answer: A

 

NEW QUESTION 76
Sniffers that place NICs in promiscuous mode work at what layer of the OSI model?

  • A. Physical
  • B. Network
  • C. Transport
  • D. Data Link

Answer: A

 

NEW QUESTION 77
What binary coding is used most often for e-mail purposes?

  • A. MIME
  • B. IMAP
  • C. SMTP
  • D. Uuencode

Answer: A

 

NEW QUESTION 78
Travis, a computer forensics investigator, is finishing up a case he has been working on for over a month involving copyright infringement and embezzlement. His last task is to prepare an investigative report for the president of the company he has been working for. Travis must submit a hard copy and an electronic copy to this president. In what electronic format should Travis send this report?

  • A. DOC
  • B. WPD
  • C. PDF
  • D. TIFF-8

Answer: C

 

NEW QUESTION 79
When should an MD5 hash check be performed when processing evidence?

  • A. Before the evidence examination has been completed
  • B. On an hourly basis during the evidence examination
  • C. After the evidence examination has been completed
  • D. Before and after evidence examination

Answer: D

 

NEW QUESTION 80
What must be obtained before an investigation is carried out at a location?

  • A. Subpoena
  • B. Search warrant
  • C. Habeas corpus
  • D. Modus operandi

Answer: B

 

NEW QUESTION 81
John is working on his company policies and guidelines. The section he is currently working on covers company documents; how they shouldJohn is working on his company? policies and guidelines. The section he is currently working on covers company documents; how they should be handled, stored, and eventually destroyed. John is concerned about the process whereby outdated documents are destroyed. What type of shredder should
John write in the guidelines to be used when destroying documents?

  • A. Strip-cut shredder
  • B. Cross-hatch shredder
  • C. Cross-cut shredder
  • D. Cris-cross shredder

Answer: C

 

NEW QUESTION 82
What is the slave device connected to the secondary IDE controller on a Linux OS referred to?

  • A. hdb
  • B. hdc
  • C. hda
  • D. hdd

Answer: D

 

NEW QUESTION 83
A forensics investigator needs to copy data from a computer to some type of removable media so he can examine the information at another location. The problem is that the data is around 42GB in size. What type of removable media could the investigator use?

  • A. DVD-18
  • B. HD-DVD
  • C. Blu-Ray dual-layer
  • D. Blu-Ray single-layer

Answer: C

 

NEW QUESTION 84
Paraben Lockdown device uses which operating system to write hard drive data?Paraben?
Lockdown device uses which operating system to write hard drive data?

  • A. Mac OS
  • B. Red Hat
  • C. Unix
  • D. Windows

Answer: D

 

NEW QUESTION 85
George is a senior security analyst working for a state agency in Florida. His state's congress just passed a bill mandating every state agency to undergo a security audit annually. After learning what will be required, George needs to implement an IDS as soon as possible before the first audit occurs. The state bill requires that an IDS with a "time-based induction machine" be used.
What IDS feature must George implement to meet this requirement?

  • A. Real-time anomaly detection
  • B. Signature-based anomaly detection
  • C. Pattern matching
  • D. Statistical-based anomaly detection

Answer: A

 

NEW QUESTION 86
What information do you need to recover when searching a victim's computer for a crime committed with specific e-mail message?

  • A. E-mail header
  • B. Username and password
  • C. Firewall log
  • D. Internet service provider information

Answer: A

 

NEW QUESTION 87
With the standard Linux second extended file system (Ext2fs), a file is deleted when the inode internal link count reaches ______

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: A

 

NEW QUESTION 88
When monitoring for both intrusion and security events between multiple computers, it is essential that the computers' clocks are synchronized. Synchronized time allows an administrator to reconstruct what took place during an attack against multiple computers. Without synchronized time, it is very difficult to determine exactly when specific events took place, and how events interlace. What is the name of the service used to synchronize time among multiple computers?

  • A. Universal Time Set
  • B. Network Time Protocol
  • C. Time-Sync Protocol
  • D. SyncTime Service

Answer: B

 

NEW QUESTION 89
In handling computer-related incidents, which IT role should be responsible for recovery, containment, and prevention to constituents?

  • A. Security Administrator
  • B. Director of Administration
  • C. Network Administrator
  • D. Director of Information Technology

Answer: C

 

NEW QUESTION 90
George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP programs without obtaining approval from the IT department. Few managers are using SFTP program on their computers. Before talking to his boss, George wants to have some proof of their activity. George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network.
What filter should George use in Ethereal?

  • A. net port 22
  • B. udp port 22 and host 172.16.28.1/24
  • C. src port 22 and dst port 22
  • D. src port 23 and dst port 23

Answer: C

Explanation:
Explanation

 

NEW QUESTION 91
What technique is used by JPEGs for compression?

  • A. DCT
  • B. TCD
  • C. ZIP
  • D. TIFF-8

Answer: A

 

NEW QUESTION 92
When investigating a computer forensics case where Microsoft Exchange and Blackberry Enterprise server are used, where would investigator need to search to find email sent from a Blackberry device?

  • A. Microsoft Exchange server
  • B. Blackberry desktop redirector
  • C. Blackberry Enterprise server
  • D. RIM Messaging center

Answer: A

 

NEW QUESTION 93
Who is responsible for the following tasks?
Secure the scene and ensure that is maintained in a secure state until the Forensic Team advises Make notes about the scene that will eventually be handed over to the Forensic Team

  • A. Lawyers
  • B. Local managers or other non-forensic staff
  • C. Non-forensics staff
  • D. System administrators

Answer: C

 

NEW QUESTION 94
You are assigned to work in the computer forensics lab of a state police agency. While working on a high profile criminal case, you have followed every applicable procedure, however your boss is still concerned that the defense attorney might question wheather evidence has been changed while at the lab. What can you do to prove that the evidence is the same as it was when it first entered the lab?

  • A. Sign a statement attesting that the evidence is the same as it was when it entered the lab
  • B. There is no reason to worry about this possible claim because state labs are certified
  • C. Make MD5 hashes of the evidence and compare it with the original MD5 hash that was taken when the evidence first entered the lab
  • D. Make MD5 hashes of the evidence and compare it to the standard database developed by NIST

Answer: C

 

NEW QUESTION 95
Why are Linux/Unix based computers better to use than Windows computers for idle scanning?

  • A. Windows computers are constantly talking
  • B. Windows computers will not respond to idle scans
  • C. Linux/Unix computers are easier to compromise
  • D. Linux/Unix computers are constantly talking

Answer: A

Explanation:
Explanation

 

NEW QUESTION 96
......

EC-COUNCIL Exam Practice Test To Gain Brilliante Result: https://www.actual4exams.com/312-49-valid-dump.html

Related Articles

more
EC-COUNCIL 312-49 Certification Practice Exam

Take our exam training material as your study reference, and pass your exam with the help of our actual exam dumps. When you choose our latest exam torrent, you will get your IT certification with more confident and more ease.

Latest Actual Exam Dump

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2024 Actual4Exams NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy