for EC-Council certification, Real Success Guaranteed with Updated . 100% PASS 312-49v9 ECCouncil Computer Hacking Forensic Investigator (V9) exam Today!
Online EC-Council 312-49v9 free dumps demo Below:
NEW QUESTION 1
The status of the network interface cards (NICs) connected to a system gives information about whether the system is connected to a wireless access point and what IP address is being used.
Which command displays the network configuration of the NICs on the system?
- A. ipconfig /all
- B. netstat
- C. net session
- D. tasklist
NEW QUESTION 2
Chris has been called upon to investigate a hacking incident reported by one of his clients. The company suspects the involvement of an insider accomplice in the attack. Upon reaching the incident scene, Chris secures the physical area, records the scene using visual media. He shuts the system down by pulling the power plug so that he does not disturb the system in any way. He labels all cables and connectors prior to disconnecting any. What do you think would be the next sequence of events?
- A. Connect the target media; Prepare the system for acquisition; Secure the evidence; Copy the media
- B. Prepare the system for acquisition; Connect the target media; Copy the media; Secure the evidence
- C. Connect the target media; Delete the system for acquisition; Secure the evidence; Copy the media
- D. Secure the evidence; Prepare the system for acquisition; Connect the target media; Copy the media
NEW QUESTION 3
You are working on a thesis for your doctorate degree in Computer Science. Your thesis is based on HTML, DHTML, and other web-based languages and how they have evolved over the years. You navigate to archive. org and view the HTML code of news.com. You then navigate to the current news.com website and copy over the source code. While searching through the code, you come across something abnormal: What have you found?
- A. Web bug
- B. CGI code
- C. Trojan.downloader
- D. Blind bug
NEW QUESTION 4
You are a computer forensics investigator working with local police department and you are called to assist in an investigation of threatening emails. The complainant has printed out 27 email messages from the suspect and gives the printouts to you. You inform her that you will need to examine her computer because you need access to the ____ in order to track the emails back to the suspect.
- A. Routing Table
- B. Firewall log
- C. Configuration files
- D. Email Header
NEW QUESTION 5
You are running through a series of tests on your network to check for any security vulnerabilities. After normal working hours, you initiate a DoS attack against your external firewall. The firewall Quickly freezes up and becomes unusable. You then initiate an FTP connection from an external IP into your internal network. The connection is successful even though you have FTP blocked at the external firewall. What has happened?
- A. The firewall failed-open
- B. The firewall failed-closed
- C. The firewall ACL has been purged
- D. The firewall failed-bypass
NEW QUESTION 6
One technique for hiding information is to change the file extension from the correct one to one that might not be noticed by an investigator. For example, changing a
.jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?
- A. the File Allocation Table
- B. the file header
- C. the file footer
- D. the sector map
NEW QUESTION 7
The following excerpt is taken from a honeypot log. The log captures activities across three days. There are several intrusion attempts; however, a few are successful.
(Note: The objective of this question is to test whether the student can read basic information from log entries and interpret the nature of attack.)
Apr 24 14:46:46 : spp_portscan: portscan detected from 22.214.171.124
Apr 24 14:46:46 : IDS27/FIN Scan: 126.96.36.199:56693 -> 172.16.1.107:482 Apr 24 18:01:05 :
IDS/DNS-version-query: 188.8.131.52:3485 -> 172.16.1.107:53
Apr 24 19:04:01 : IDS213/ftp-passwd-retrieval: 184.108.40.206:1425 -> 172.16.1.107:21
Apr 25 08:02:41 : spp_portscan: PORTSCAN DETECTED from 220.127.116.11
Apr 25 02:08:07 : IDS277/DNS-version-query: 18.104.22.168:4499 -> 172.16.1.107:53
Apr 25 02:08:07 : IDS277/DNS-version-query: 22.214.171.124:4630 -> 172.16.1.101:53
Apr 25 02:38:17 : IDS/RPC-rpcinfo-query: 126.96.36.199:642 -> 172.16.1.107:111
Apr 25 19:37:32 : IDS230/web-cgi-space-wildcard: 188.8.131.52:4221 -> 172.16.1.107:80
Apr 26 05:45:12 : IDS212/dns-zone-transfer: 184.108.40.206:2291 -> 172.16.1.101:53 Apr 26 06:43:05 :
IDS181/nops-x86: 220.127.116.11:1351 -> 172.16.1.107:53
Apr 26 06:44:25 victim7 PAM_pwdb: (login) session opened for user simple by (uid=0)
Apr 26 06:44:36 victim7 PAM_pwdb: (su) session opened for user simon by simple(uid=506) Apr 26 06:45:34 : IDS175/socks-probe: 18.104.22.168:20 -> 172.16.1.107:1080
Apr 26 06:52:10 : IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 22.214.171.124:4558
From the options given below choose the one which best interprets the following entry: Apr 26 06:43:05 : IDS181/nops-x86: 126.96.36.199:1351 -> 172.16.1.107:53
- A. An IDS evasion technique
- B. A buffer overflow attempt
- C. A DNS zone transfer
- D. Data being retrieved from 188.8.131.52
NEW QUESTION 8
Digital evidence validation involves using a hashing algorithm utility to create a binary or hexadecimal number that represents the uniqueness of a data set, such as a disk drive or file.
Which of the following hash algorithms produces a message digest that is 128 bits long?
- A. CRC-32
- B. MD5
- C. SHA-1
- D. SHA-512
NEW QUESTION 9
The police believe that Mevin Matthew has been obtaining unauthorized access to computers belonging to numerous computer software and computer operating systems manufacturers, cellular telephone manufacturers, Internet Service Providers, and educational institutions. They also suspect that he has been stealing, copying, and misappropriating proprietary computer software belonging to the several victim companies. What is preventing the police from breaking down the suspect door and searching his home and seizing all of his computer equipment if they haveis preventing the police from breaking down the suspect? door and searching his home and seizing all of his computer equipment if they
have not yet obtained a warrant?
- A. The USA Patriot Act
- B. The Good Samaritan Laws
- C. The Federal Rules of Evidence
- D. The Fourth Amendment
NEW QUESTION 10
Which of the following is not correct when documenting an electronic crime scene?
- A. Document the physical scene, such as the position of the mouse and the location of components near the system
- B. Document related electronic components that are difficult to find
- C. Record the condition of the computer system, storage media, electronic devices and conventional evidence, including power status of the computer
- D. Write down the color of shirt and pant the suspect was wearing
NEW QUESTION 11
The MD5 program is used to:
- A. wipe magnetic media before recycling it
- B. make directories on a evidence disk
- C. view graphics files on an evidence drive
- D. verify that a disk is not altered when you examine it
NEW QUESTION 12
A forensics investigator needs to copy data from a computer to some type of removable media so he can examine the information at another location. The problem is that the data is around 42GB in size. What type of removable media could the investigator use?
- A. Blu-Ray single-layer
- B. HD-DVD
- C. Blu-Ray dual-layer
- D. DVD-18
NEW QUESTION 13
Which of the following attacks allows an attacker to access restricted directories, including application source code, configuration and critical system files, and to execute commands outside of the web server's root directory?
- A. Unvalidated input
- B. Parameter/form tampering
- C. Directory traversal
- D. Security misconfiguration
NEW QUESTION 14
In which step of the computer forensics investigation methodology would you run MD5 checksum on the evidence?
- A. Obtain search warrant
- B. Evaluate and secure the scene
- C. Collect the evidence
- D. Acquire the data
NEW QUESTION 15
What advantage does the tool Evidor have over the built-in Windows search?
- A. It can find deleted files even after they have been physically removed
- B. It can find bad sectors on the hard drive
- C. It can search slack space
- D. It can find files hidden within ADS
NEW QUESTION 16
When investigating a computer forensics case where Microsoft Exchange and Blackberry Enterprise server are used, where would investigator need to search to find email sent from a Blackberry device?
- A. RIM Messaging center
- B. Blackberry Enterprise server
- C. Microsoft Exchange server
- D. Blackberry desktop redirector
Thanks for reading the newest 312-49v9 exam dumps! We recommend you to try the PREMIUM Passcertsure 312-49v9 dumps in VCE and PDF here: https://www.passcertsure.com/312-49v9-test/ (486 Q&As Dumps)