Black Friday Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

How to Easily Pass the ECCouncil 312-49v9 Exam: Expert Advice

Questions 31

What is the following command trying to accomplish?

Options:

A.

Verify that UDP port 445 is open for the 192.168.0.0 network

B.

Verify that TCP port 445 is open for the 192.168.0.0 network

C.

Verify that NETBIOS is running for the 192.168.0.0 network

D.

Verify that UDP port 445 is closed for the 192.168.0.0 network

Buy Now
Questions 32

While working for a prosecutor, what do you think you should do if the evidence you found appears to be exculpatory and is not being released to the defense?

Options:

A.

Keep the information of file for later review

B.

Destroy the evidence

C.

Bring the information to the attention of the prosecutor, his or her supervisor or finally to the judge

D.

Present the evidence to the defense attorney

Buy Now
Questions 33

As a CHFI professional, which of the following is the most important to your professional reputation?

Options:

A.

Your Certifications

B.

The correct, successful management of each and every case

C.

The free that you charge

D.

The friendship of local law enforcement officers

Buy Now
Questions 34

What happens when a file is deleted by a Microsoft operating system using the FAT file system?

Options:

A.

only the reference to the file is removed from the FAT

B.

the file is erased and cannot be recovered

C.

a copy of the file is stored and the original file is erased

D.

the file is erased but can be recovered

Buy Now
Questions 35

James is testing the ability of his routers to withstand DoS attacks. James sends ICMP ECHO requests to the broadcast address of his network. What type of DoS attack is James testing against his network?

Options:

A.

Smurf

B.

Trinoo

C.

Fraggle

D.

SYN flood

Buy Now
Questions 36

During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore, you report this evidence. This type of evidence is known as:

Options:

A.

Inculpatory evidence

B.

Mandatory evidence

C.

Exculpatory evidence

D.

Terrible evidence

Buy Now
Questions 37

When investigating a Windows System, it is important to view the contents of the page or swap file because:

Options:

A.

Windows stores all of the systems configuration information in this file

B.

This is file that windows use to communicate directly with Registry

C.

A Large volume of data can exist within the swap file of which the computer user has no knowledge

D.

This is the file that windows use to store the history of the last 100 commands that were run from the command line

Buy Now
Questions 38

The ____________________ refers to handing over the results of private investigations to the authorities because of indications of criminal activity.

Options:

A.

Locard Exchange Principle

B.

Clark Standard

C.

Kelly Policy

D.

Silver-Platter Doctrine

Buy Now
Questions 39

In the context of file deletion process, which of the following statement holds true?

Options:

A.

When files are deleted, the data is overwritten and the cluster marked as available

B.

The longer a disk is in use, the less likely it is that deleted files will be overwritten

C.

While booting, the machine may create temporary files that can delete evidence

D.

Secure delete programs work by completely overwriting the file in one go

Buy Now
Questions 40

You are working as an independent computer forensics investigator and received a call from a systems administrator for a local school system requesting your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a “simple backup copy” of the hard drive in the PC and put it on this drive and requests that you examine that drive for evidence of the suspected images. You inform him that a “simple backup copy” will not provide deleted files or recover file fragments.

What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceeding?

Options:

A.

Bit-stream Copy

B.

Robust Copy

C.

Full backup Copy

D.

Incremental Backup Copy

Buy Now
Questions 41

When examining the log files from a Windows IIS Web Server, how often is a new log file created?

Options:

A.

the same log is used at all times

B.

a new log file is created everyday

C.

a new log file is created each week

D.

a new log is created each time the Web Server is started

Buy Now
Questions 42

When examining a hard disk without a write-blocker, you should not start windows because Windows will write data to the:

Options:

A.

Recycle Bin

B.

MSDOS.sys

C.

BIOS

D.

Case files

Buy Now
Questions 43

After undergoing an external IT audit, George realizes his network is vulnerable to DDoS attacks.

What countermeasures could he take to prevent DDoS attacks?

Options:

A.

Enable direct broadcasts

B.

Disable direct broadcasts

C.

Disable BGP

D.

Enable BGP

Buy Now
Questions 44

What will the following command accomplish?

Options:

A.

Test ability of a router to handle over-sized packets

B.

Test the ability of a router to handle under-sized packets

C.

Test the ability of a WLAN to handle fragmented packets

D.

Test the ability of a router to handle fragmented packets

Buy Now
Questions 45

You are running known exploits against your network to test for possible vulnerabilities. To test the strength of your virus software, you load a test network to mimic your production network. Your software successfully blocks some simple macro and encrypted viruses. You decide to really test the software by using virus code where the code rewrites itself entirely and the signatures change from child to child, but the functionality stays the same. What type of virus is this that you are testing?

Options:

A.

Polymorphic

B.

Metamorphic

C.

Oligomorhic

D.

Transmorphic

Buy Now
Exam Code: 312-49v9
Exam Name: Computer Hacking Forensic Investigator (v9)
Last Update: Dec 12, 2024
Questions: 589

PDF + Testing Engine

$164.99
$66

Testing Engine

$124.99
$50

PDF (Q&A)

$104.99
$42