312-49v9 Exam - ECCouncil Computer Hacking Forensic Investigator (V9)

NEW QUESTION 1
Which response organization tracks hoaxes as well as viruses?

• A. NIPC
• B. FEDCIRC
• C. CERT
• D. CIAC

Answer: D

Explanation: Note: CIAC (Computer Incident Advisory Capability) Was run by the US Department of energy

NEW QUESTION 2
Which one of the following statements is not correct while preparing for testimony?

• A. Go through the documentation thoroughly
• B. Do not determine the basic facts of the case before beginning and examining the evidence
• C. Establish early communication with the attorney
• D. Substantiate the findings with documentation and by collaborating with other computer forensics professionals

Answer: B

NEW QUESTION 3
During first responder procedure you should follow all laws while collecting the evidence, and contact a computer forensic examiner as soon as possible

• A. True
• B. False

Answer: A

NEW QUESTION 4
Julie is a college student majoring in Information Systems and Computer Science. She is currently writing an essay for her computer crimes class. Julie paper focuses on white-collar crimes in America and how forensics investigators investigate the cases. Julie would like to focus the subjectJulie? paper focuses on white-collar crimes in America and how forensics investigators investigate the cases. Julie would like to focus the subject of the essay on the most common type of crime found in corporate America. What crime should Julie focus on?

• A. Physical theft
• B. Copyright infringement
• C. Industrial espionage
• D. Denial of Service attacks

Answer: C

NEW QUESTION 5
When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?

• A. Passive IDS
• B. Active IDS
• C. NIPS
• D. Progressive IDS

Answer: B

NEW QUESTION 6
In a virtual test environment, Michael is testing the strength and security of BGP using multiple routers to mimic the backbone of the Internet. This project will help him write his doctoral thesis on "bringing down the Internet". Without sniffing the traffic between the routers, Michael sends millions of RESET packets to the routers in an attempt to shut one or all of them down. After a few hours, one of the routers finally shuts itself down. What will the other routers communicate between themselves?

• A. The change in the routing fabric to bypass the affected router
• B. More RESET packets to the affected router to get it to power back up
• C. STOP packets to all other routers warning of where the attack originated
• D. RESTART packets to the affected router to get it to power back up

Answer: A

NEW QUESTION 7
Paul is a computer forensics investigator working for Tyler & Company Consultants. Paul has been called upon to help investigate a computer hacking ring broken up by the local police. Paul begins to inventory the PCs found in the hackers?hideout. Paul then comes across a PDA left by them that is attached to a number of different peripheral devices. What is the first step that Paul must take with the PDA to ensure the integrity of the investigation?

• A. Place PDA, including all devices, in an antistatic bag
• B. Unplug all connected devices
• C. Power off all devices if currently on
• D. Photograph and document the peripheral devices

Answer: D

NEW QUESTION 8
What is a good security method to prevent unauthorized users from "tailgating"?

• A. Pick-resistant locks
• B. Electronic key systems
• C. Man trap
• D. Electronic combination locks

Answer: C

NEW QUESTION 9
You are the security analyst working for a private company out of France. Your current assignment is to obtain credit card information from a Swiss bank owned by that company. After initial reconnaissance, you discover that the bank security defenses are very strong and would take too long to penetrate. You decide to get the information by monitoring the traffic between the bank and one of its subsidiaries in London. After monitoring some of the traffic, you see a lot of FTP packets traveling back and forth. You want to sniff the traffic and extract usernames and passwords. What tool could you use to get this information?

• A. Snort
• B. Airsnort
• C. Ettercap
• D. RaidSniff

Answer: C

NEW QUESTION 10
Router log files provide detailed Information about the network traffic on the Internet. It gives information about the attacks to and from the networks. The router stores log files in the ____ .

• A. Router cache
• B. Application logs
• C. IDS logs
• D. Audit logs

Answer: A

NEW QUESTION 11
Preparing an image drive to copy files to is the first step in Linux forensics. For this purpose, what would the following command accomplish? dcfldd if=/dev/zero of=/dev/hda bs=4096 conv=noerror, sync

• A. Fill the disk with zeros
• B. Low-level format
• C. Fill the disk with 4096 zeros
• D. Copy files from the master disk to the slave disk on the secondary IDE controller

Answer: A

NEW QUESTION 12
The objective of this act was to protect consumers personal financial information held by financial institutions and their service providers.

• A. HIPAA
• B. Sarbanes-Oxley 2002
• C. California SB 1386
• D. Gramm-Leach-Bliley Act

Answer: D

NEW QUESTION 13
When examining a file with a Hex Editor, what space does the file header occupy?

• A. The first several bytes of the file
• B. One byte at the beginning of the file
• C. None, file headers are contained in the FAT
• D. The last several bytes of the file

Answer: A

NEW QUESTION 14
In a FAT32 system, a 123 KB file will use how many sectors?

• A. 34
• B. 25
• C. 11
• D. 56
• E. 246

Answer: E

Explanation: If you assume that we are using 512 bytes sectors, then 123x1024/512 = 246 sectors would be needed.

NEW QUESTION 15
What does the acronym POST mean as it relates to a PC?

• A. Power On Self Test
• B. Pre Operational Situation Test
• C. Primary Operating System Test
• D. Primary Operations Short Test

Answer: A

NEW QUESTION 16
You are a security analyst performing reconnaissance on a company you will be carrying out a penetration test for. You conduct a search for IT jobs on Dice.com and find the following information for an open position: 7+ years experience in Windows Server environment 5+ years experience in Exchange 2000/2003 environment Experience with Cisco Pix Firewall, Linksys 1376 router, Oracle 11i and MYOB v3.4 Accounting software are reQuired MCSA desired, MCSE, CEH preferred No Unix/Linux Experience needed What is this information posted on the job website considered?

• A. Trade secret
• B. Social engineering exploit
• C. Competitive exploit
• D. Information vulnerability

Answer: D