Try Free and Start Using Realistic Verified 312-49v10 Dumps Instantly
312-49v10 Actual Questions - Instant Download 705 Questions
EC-COUNCIL 312-49v10 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
NEW QUESTION 129
Software firewalls work at which layer of the OSI model?
- A. Transport
- B. Network
- C. Data Link
- D. Application
Answer: C
NEW QUESTION 130
When setting up a wireless network with multiple access points, why is it important to set each access point on a different channel?
- A. Avoid cross talk
- B. So that the access points will work on different frequencies
- C. Avoid over-saturation of wireless signals
- D. Multiple access points can be set up on the same channel without any issues
Answer: A
NEW QUESTION 131
A picture file is recovered from a computer under investigation. During the investigation process, the file is enlarged 500% to get a better view of its contents. The picture quality is not degraded at all from this process. What kind of picture is this file. What kind of picture is this file?
- A. Raster image
- B. Vector image
- C. Metafile image
- D. Catalog image
Answer: B
NEW QUESTION 132
If a suspect computer is located in an area that may have toxic chemicals, you must:
- A. coordinate with the HAZMAT team
- B. assume the suspect machine is contaminated
- C. determine a way to obtain the suspect computer
- D. do not enter alone
Answer: A
NEW QUESTION 133
What is the name of the first reserved sector in File allocation table?
- A. Partition Boot Sector
- B. Volume Boot Record
- C. BIOS Parameter Block
- D. Master Boot Record
Answer: D
NEW QUESTION 134
On an Active Directory network using NTLM authentication, where on the domain controllers are the passwords stored?
- A. Shadow file
- B. AMS
- C. SAM
- D. Password.conf
Answer: C
NEW QUESTION 135
An investigator has extracted the device descriptor for a 1GB thumb drive that looks like: Disk&Ven_Best_Buy&Prod_Geek_Squad_U3&Rev_6.15. What does the "Geek_Squad" part represent?
- A. Developer description
- B. Manufacturer Details
- C. Product description
- D. Software or OS used
Answer: C
NEW QUESTION 136
Larry is an IT consultant who works for corporations and government agencies. Larry plans on shutting down the city's network using BGP devices and zombies? What type of Penetration Testing is Larry planning to carry out?
- A. Internal Penetration Testing
- B. Router Penetration Testing
- C. DoS Penetration Testing
- D. Firewall Penetration Testing
Answer: C
NEW QUESTION 137
An investigator wants to extract passwords from SAM and System Files. Which tool can the Investigator use to obtain a list of users, passwords, and their hashes In this case?
- A. Nuix
- B. FileMerlin
- C. HashKey
- D. PWdump7
Answer: D
NEW QUESTION 138
Which of the following are small pieces of data sent from a website and stored on the user's computer by the user's web browser to track, validate, and maintain specific user information?
- A. Cookies
- B. Web Browser Cache
- C. Open files
- D. Temporary Files
Answer: A
NEW QUESTION 139
A forensics investigator needs to copy data from a computer to some type of removable media so he can examine the information at another location. The problem is that the data is around 42GB in size. What type of removable media could the investigator use?
- A. HD-DVD
- B. Blu-Ray dual-layer
- C. DVD-18
- D. Blu-Ray single-layer
Answer: B
NEW QUESTION 140
You are a security analyst performing a penetration tests for a company in the Midwest. After some initial reconnaissance, you discover the IP addresses of some Cisco routers used by the company. You type in the following URL that includes the IP address of one of the routers:
http://172.168.4.131/level/99/exec/show/config
After typing in this URL, you are presented with the entire configuration file for that router. What have you discovered?
- A. Cisco IOS Arbitrary Administrative Access Online Vulnerability
- B. HTTP Configuration Arbitrary Administrative Access Vulnerability
- C. HTML Configuration Arbitrary Administrative Access Vulnerability
- D. URL Obfuscation Arbitrary Administrative Access Vulnerability
Answer: B
NEW QUESTION 141
An investigator Is examining a file to identify any potentially malicious content. To avoid code execution and still be able to uncover hidden indicators of compromise (IOC), which type of examination should the investigator perform:
- A. Static analysis
- B. Threat hunting
- C. Dynamic analysis
- D. Threat analysis
Answer: D
NEW QUESTION 142
Study the log given below and answer the following question:
Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169 Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482 Apr 24 18:01:05 [4663]: IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53 Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 -> 172.16.1.107:21 Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53 Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111 Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80 Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53 Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53 Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by (uid=0) Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506) Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080 Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558 Precautionary measures to prevent this attack would include writing firewall rules. Of these firewall rules, which among the following would be appropriate?
- A. Allow UDP53 in from DNS server to outside
- B. Disallow UDP53 in from outside to DNS server
- C. Block all UDP traffic
- D. Disallow TCP53 in from secondaries or ISP server to DNS server
Answer: B
NEW QUESTION 143
During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore, you report this evidence. This type of evidence is known as:
- A. Terrible evidence
- B. Inculpatory evidence
- C. Exculpatory evidence
- D. Mandatory evidence
Answer: C
NEW QUESTION 144
You are the security analyst working for a private company out of France. Your current assignment is to obtain credit card information from a Swiss bank owned by that company. After initial reconnaissance, you discover that the bank security defenses are very strong and would take too long to penetrate. You decide to get the information by monitoring the traffic between the bank and one of its subsidiaries in London. After monitoring some of the traffic, you see a lot of FTP packets traveling back and forth. You want to sniff the traffic and extract usernames and passwords. What tool could you use to get this information?
- A. Snort
- B. Airsnort
- C. Ettercap
- D. RaidSniff
Answer: C
NEW QUESTION 145
Web browsers can store relevant information from user activities. Forensic investigators may retrieve files, lists, access history, cookies, among other digital footprints. Which tool can contribute to this task?
- A. Most Recently Used (MRU) list
- B. MZCacheView
- C. Task Manager
- D. Google Chrome Recovery Utility
Answer: B
NEW QUESTION 146
You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud by printing cheques that have not been authorized. You have exhaustively searched all data files on a bitmap image of the target computer, but have found no evidence. You suspect the files may not have been saved. What should you examine next in this case?
- A. The registry
- B. The swap file
- C. The metadata
- D. The recycle bin
Answer: B
NEW QUESTION 147
John is working on his company policies and guidelines. The section he is currently working on covers company documents; how they should be handled, stored, and eventually destroyed. John is concerned about the process whereby outdated documents are destroyed. What type of shredder should John write in the guidelines to be used when destroying documents?
- A. Strip-cut shredder
- B. Cross-hatch shredder
- C. Cris-cross shredder
- D. Cross-cut shredder
Answer: D
NEW QUESTION 148
What is the smallest physical storage unit on a hard drive?
- A. Platter
- B. Cluster
- C. Track
- D. Sector
Answer: D
NEW QUESTION 149
In a Linux-based system, what does the command "Last -F" display?
- A. Last run processes
- B. Last functions performed
- C. Login and logout times and dates of the system
- D. Recently opened files
Answer: C
NEW QUESTION 150
......
Download Free Latest Exam 312-49v10 Certified Sample Questions: https://www.suretorrent.com/312-49v10-exam-guide-torrent.html
Prepare for your exam certification with our 312-49v10 Certified EC-COUNCIL: https://drive.google.com/open?id=16sG72wH82Shl7N2MURhQafquypwe6EmA