Black Friday Special 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bestdeal

How to Easily Pass the ECCouncil 312-49v9 Exam: Expert Advice

Questions 91

Which of the following options will help users to enable or disable the last access time on a system running Windows 10 OS?

Options:

A.

wmic service

B.

Reg.exe

C.

fsutil

D.

Devcon

Buy Now
Questions 92

How many possible sequence number combinations are there in TCP/IP protocol?

Options:

A.

1 billion

B.

320 billion

C.

4 billion

D.

32 million

Buy Now
Questions 93

What does the part of the log, “% SEC-6-IPACCESSLOGP”, extracted from a Cisco router represent?

Options:

A.

The system was not able to process the packet because there was not enough room for all of the desired IP header options

B.

Immediate action required messages

C.

Some packet-matching logs were missed because the access list log messages were rate limited, or no access list log buffers were available

D.

A packet matching the log criteria for the given access list has been detected (TCP or UDP)

Buy Now
Questions 94

Which of the following tool enables data acquisition and duplication?

Options:

A.

Colasoft’s Capsa

B.

DriveSpy

C.

Wireshark

D.

Xplico

Buy Now
Questions 95

Watson, a forensic investigator, is examining a copy of an ISO file stored in CDFS format. What type of evidence is this?

Options:

A.

Data from a CD copied using Windows

B.

Data from a CD copied using Mac-based system

C.

Data from a DVD copied using Windows system

D.

Data from a CD copied using Linux system

Buy Now
Questions 96

Depending upon the jurisdictional areas, different laws apply to different incidents. Which of the following law is related to fraud and related activity in connection with computers?

Options:

A.

18 USC §1029

B.

18 USC §1030

C.

18 USC §1361

D.

18 USC §1371

Buy Now
Questions 97

An investigator is searching through the firewall logs of a company and notices ICMP packets that are larger than 65,536 bytes. What type of activity is the investigator seeing?

Options:

A.

Smurf

B.

Ping of death

C.

Fraggle

D.

Nmap scan

Buy Now
Questions 98

The process of restarting a computer that is already turned on through the operating system is called?

Options:

A.

Warm boot

B.

Ice boot

C.

Hot Boot

D.

Cold boot

Buy Now
Questions 99

The investigator wants to examine changes made to the system’s registry by the suspect program. Which of the following tool can help the investigator?

Options:

A.

TRIPWIRE

B.

RAM Capturer

C.

Regshot

D.

What’s Running

Buy Now
Questions 100

A small law firm located in the Midwest has possibly been breached by a computer hacker looking to obtain information on their clientele. The law firm does not have any on-site IT employees, but wants to search for evidence of the breach themselves to prevent any possible media attention. Why would this not be recommended?

Options:

A.

Searching for evidence themselves would not have any ill effects

B.

Searching could possibly crash the machine or device

C.

Searching creates cache files, which would hinder the investigation

D.

Searching can change date/time stamps

Buy Now
Questions 101

Adam, a forensic investigator, is investigating an attack on Microsoft Exchange Server of a large organization. As the first step of the investigation, he examined the PRIV.EDB file and found the source from where the mail originated and the name of the file that disappeared upon execution. Now, he wants to examine the MIME stream content. Which of the following files is he going to examine?

Options:

A.

PRIV.STM

B.

gwcheck.db

C.

PRIV.EDB

D.

PUB.EDB

Buy Now
Questions 102

During an investigation, an employee was found to have deleted harassing emails that were sent to someone else. The company was using Microsoft Exchange and had message tracking enabled. Where could the investigator search to find the message tracking log file on the Exchange server?

Options:

A.

C:\Program Files\Exchsrvr\servername.log

B.

D:\Exchsrvr\Message Tracking\servername.log

C.

C:\Exchsrvr\Message Tracking\servername.log

D.

C:\Program Files\Microsoft Exchange\srvr\servername.log

Buy Now
Questions 103

Which of the following is a record of the characteristics of a file system, including its size, the block size, the empty and the filled blocks and their respective counts, the size and location of the inode tables, the disk block map and usage information, and the size of the block groups?

Options:

A.

Inode bitmap block

B.

Superblock

C.

Block bitmap block

D.

Data block

Buy Now
Questions 104

Which of the following files DOES NOT use Object Linking and Embedding (OLE) technology to embed and link to other objects?

Options:

A.

Portable Document Format

B.

MS-office Word Document

C.

MS-office Word OneNote

D.

MS-office Word PowerPoint

Buy Now
Questions 105

Why should you never power on a computer that you need to acquire digital evidence from?

Options:

A.

When the computer boots up, files are written to the computer rendering the data nclean

B.

When the computer boots up, the system cache is cleared which could destroy evidence

C.

When the computer boots up, data in the memory buffer is cleared which could destroy evidence

D.

Powering on a computer has no affect when needing to acquire digital evidence from it

Buy Now
Exam Code: 312-49v9
Exam Name: Computer Hacking Forensic Investigator (v9)
Last Update: Dec 4, 2024
Questions: 589

PDF + Testing Engine

$164.99
$66

Testing Engine

$124.99
$50

PDF (Q&A)

$104.99
$42