Weekend Sale 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

Free ECCouncil 312-49v10 Practice Exam with Questions & Answers | Set: 12

Questions 166

Which US law does the interstate or international transportation and receiving of child pornography fall under?

Options:
A.

§18. U.S.C. 1466A

B.

§18. U.S.C 252

C.

§18. U.S.C 146A

D.

§18. U.S.C 2252

ECCouncil 312-49v10 Premium Access
Questions 167

What type of analysis helps to identify the time and sequence of events in an investigation?

Options:
A.

Time-based

B.

Functional

C.

Relational

D.

Temporal

Questions 168

What file is processed at the end of a Windows XP boot to initialize the logon dialog box?

Options:
A.

NTOSKRNL.EXE

B.

NTLDR

C.

LSASS.EXE

D.

NTDETECT.COM

Questions 169

Pagefile.sys is a virtual memory file used to expand the physical memory of a computer. Select the registry path for the page file:

Options:
A.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

B.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\System Management

C.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Device Management

D.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters

Questions 170

Why would a company issue a dongle with the software they sell?

Options:
A.

To provide source code protection

B.

To provide wireless functionality with the software

C.

To provide copyright protection

D.

To ensure that keyloggers cannot be used

Questions 171

Which file is a sequence of bytes organized into blocks understandable by the system’s linker?

Options:
A.

executable file

B.

source file

C.

Object file

D.

None of these

Questions 172

What type of equipment would a forensics investigator store in a StrongHold bag?

Options:
A.

PDAPDA?

B.

Backup tapes

C.

Hard drives

D.

Wireless cards

Questions 173

Which of the following refers to the process of the witness being questioned by the attorney who called the latter to the stand?

Options:
A.

Witness Authentication

B.

Direct Examination

C.

Expert Witness

D.

Cross Questioning

Questions 174

When marking evidence that has been collected with the “aaa/ddmmyy/nnnn/zz” format, what does the “nnnn” denote?

Options:
A.

The initials of the forensics analyst

B.

The sequence number for the parts of the same exhibit

C.

The year he evidence was taken

D.

The sequential number of the exhibits seized by the analyst

Questions 175

Which of the following technique creates a replica of an evidence media?

Options:
A.

Data Extraction

B.

Backup

C.

Bit Stream Imaging

D.

Data Deduplication

Questions 176

When a user deletes a file or folder, the system stores complete path including the original filename is a special hidden file called “INFO2” in the Recycled folder. If the INFO2 file is deleted, it is recovered when you ______________________.

Options:
A.

Undo the last action performed on the system

B.

Reboot Windows

C.

Use a recovery tool to undelete the file

D.

Download the file from Microsoft website

Questions 177

Where does Encase search to recover NTFS files and folders?

Options:
A.

MBR

B.

MFT

C.

Slack space

D.

HAL

Questions 178

Smith, a network administrator with a large MNC, was the first to arrive at a suspected crime scene involving criminal use of compromised computers. What should be his first response while maintaining the integrity of evidence?

Options:
A.

Record the system state by taking photographs of physical system and the display

B.

Perform data acquisition without disturbing the state of the systems

C.

Open the systems, remove the hard disk and secure it

D.

Switch off the systems and carry them to the laboratory

Questions 179

Which of the following Event Correlation Approach checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or multiple fields?

Options:
A.

Rule-Based Approach

B.

Automated Field Correlation

C.

Field-Based Approach

D.

Graph-Based Approach

Questions 180

An executive has leaked the company trade secrets through an external drive. What process should the investigation team take if they could retrieve his system?

Options:
A.

Postmortem Analysis

B.

Real-Time Analysis

C.

Packet Analysis

D.

Malware Analysis