Free ECCouncil 312-49v10 Practice Exam with Questions & Answers | Set: 5

You are working as an independent computer forensics investigator and received a call from a systems administrator for a local school system requesting your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer Lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a “simple backup copy” of the hard drive in the PC and put it on this drive and requests that you examine the drive for evidence of the suspected images. You inform him that a “simple backup copy” will not provide deleted files or recover file fragments. What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceeding?

What must an attorney do first before you are called to testify as an expert?

Which of the following examinations refers to the process of providing the opposing side in a trial the opportunity to question a witness?

Which cloud model allows an investigator to acquire the instance of a virtual machine and initiate the forensics examination process?

Which of these ISO standards define the file system for optical storage media, such as CD-ROM and DVD-ROM?

Which of the following information is displayed when Netstat is used with -ano switch?

You are asked to build a forensic lab and your manager has specifically informed you to use copper for lining the walls, ceilings, and floor. What is the main purpose of lining the walls, ceilings, and floor with copper?

In both pharming and phishing attacks an attacker can create websites that look similar to legitimate sites with the intent of collecting personal identifiable information from its victims. What is the difference between pharming and phishing attacks?

When a user deletes a file, the system creates a $I file to store its details. What detail does the $I file not contain?

Which of the following standard represents a legal precedent regarding the admissibility of scientific examinations or experiments in legal cases?

Examination of a computer by a technically unauthorized person will almost always result in:

Which of the following tools is not a data acquisition hardware tool?

You have completed a forensic investigation case. You would like to destroy the data contained in various disks at the forensics lab due to sensitivity of the case. How would you permanently erase the data on the hard disk?

What will the following URL produce in an unpatched IIS Web Server?

http://www.thetargetsite.com/scripts/..% co%af../..%co%af../windows/system32/cmd.exe?/c+dir+c:\

Jason has set up a honeypot environment by creating a DMZ that has no physical or logical access to his production network. In this honeypot, he has placed a server running Windows Active Directory. He has also placed a Web server in the DMZ that services a number of web pages that offer visitors a chance to download sensitive information by clicking on a button. A week later, Jason finds in his network logs how an intruder accessed the honeypot and downloaded sensitive information. Jason uses the logs to try and prosecute the intruder for stealing sensitive corporate information. Why will this not be viable?