312-49v9 Exam - ECCouncil Computer Hacking Forensic Investigator (V9)

certleader.com

for EC-Council certification, Real Success Guaranteed with Updated . 100% PASS 312-49v9 ECCouncil Computer Hacking Forensic Investigator (V9) exam Today!

Online 312-49v9 free questions and answers of New Version:

NEW QUESTION 1
What document does the screenshot represent?
312-49v9 dumps exhibit

  • A. Chain of custody form
  • B. Search warrant form
  • C. Evidence collection form
  • D. Expert witness form

Answer: A

NEW QUESTION 2
Damaged portions of a disk on which no read/Write operation can be performed is known as ____ .

  • A. Lost sector
  • B. Bad sector
  • C. Empty sector
  • D. Unused sector

Answer: B

NEW QUESTION 3
What term is used to describe a cryptographic technique for embedding information into something else for the sole
purpose of hiding that information from the casual observer?

  • A. Key escrow
  • B. Steganography
  • C. Rootkit
  • D. Offset

Answer: B

NEW QUESTION 4
In conducting a computer abuse investigation you become aware that the suspect of the investigation is using ABC Company as his Internet Service Provider (ISP). You contact the ISP and request that they provide you assistance with your investigation. What assistance can the ISP provide?

  • A. The ISP can investigate anyone using their service and can provide you with assistance
  • B. The ISP can investigate computer abuse committed by their employees, but must preserve the privacy of their customers and therefore cannot assist you without a warrant
  • C. The ISP cannot conduct any type of investigations on anyone and therefore cannot assist you
  • D. ISPs never maintain log files so they would be of no use to your investigation

Answer: B

NEW QUESTION 5
Network forensics allows Investigators to inspect network traffic and logs to identify and locate the attack system Network forensics can reveal: (Select three answers)

  • A. Source of security incidents’ and network attacks
  • B. Path of the attack
  • C. Intrusion techniques used by attackers
  • D. Hardware configuration of the attacker's system

Answer: ABC

NEW QUESTION 6
Which of the following statements is incorrect related to acquiring electronic evidence at crime scene?

  • A. Sample banners are used to record the system activities when used by the unauthorized user
  • B. In warning banners, organizations give clear and unequivocal notice to intruders that by signing onto the system they are expressly consenting to such monitoring
  • C. The equipment is seized which is connected to the case, knowing the role of the computer which will indicate what should be taken
  • D. At the time of seizing process, you need to shut down the computer immediately

Answer: D

NEW QUESTION 7
After attending a CEH security seminar, you make a list of changes you would like to perform on your network to increase its security. One of the first things you change is to switch the RestrictAnonymous setting from 0 to 1 on your servers. This, as you were told, would prevent anonymous users from establishing a null session on the server. Using Userinfo tool mentioned at the seminar, you succeed in establishing a null session with one of the servers. Why is that?

  • A. RestrictAnonymous must be set to "2" for complete security
  • B. There is no way to always prevent an anonymous null session from establishing
  • C. RestrictAnonymous must be set to "10" for complete security
  • D. RestrictAnonymous must be set to "3" for complete security

Answer: A

NEW QUESTION 8
The following excerpt is taken from a honeypot log. The log captures activities across three days. There are several intrusion attempts; however, a few are successful.
(Note: The objective of this question is to test whether the student can read basic information from log entries and interpret the nature of attack.)
Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169
Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482 Apr 24 18:01:05 [4663]:
IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53
Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 -> 172.16.1.107:21
Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53
Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53
Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53
Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111
Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80
Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53 Apr 26 06:43:05 [6283]:
IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53
Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by (uid=0)
Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506) Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080
Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558
From the options given below choose the one which best interprets the following entry: Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53

  • A. An IDS evasion technique
  • B. A buffer overflow attempt
  • C. A DNS zone transfer
  • D. Data being retrieved from 63.226.81.13

Answer: A

NEW QUESTION 9
Which of the following standard is based on a legal precedent regarding the admissibility of scientific examinations or experiments in legal cases?

  • A. Daubert Standard
  • B. Schneiderman Standard
  • C. Frye Standard
  • D. FERPA standard

Answer: C

NEW QUESTION 10
Identify the attack from following sequence of actions?
Step 1: A user logs in to a trusted site and creates a new session
Step 2: The trusted site stores a session identifier for the session in a cookie in the web browser Step 3: The user is tricked to visit a malicious site
Step 4: the malicious site sends a request from the user's browser using his session cookie

  • A. Web Application Denial-of-Service (DoS) Attack
  • B. Cross-Site Scripting (XSS) Attacks
  • C. Cross-Site Request Forgery (CSRF) Attack
  • D. Hidden Field Manipulation Attack

Answer: C

NEW QUESTION 11
Which of the following steganography types hides the secret message in a specifically designed pattern on the document that is unclear to the average reader?

  • A. Open code steganography
  • B. Visual semagrams steganography
  • C. Text semagrams steganography
  • D. Technical steganography

Answer: A

NEW QUESTION 12
While looking through the IIS log file of a web server, you find the following entries:
312-49v9 dumps exhibit
What is evident from this log file?

  • A. Web bugs
  • B. Cross site scripting
  • C. Hidden fields
  • D. SQL injection is possible

Answer: D

NEW QUESTION 13
The ARP table of a router comes in handy for Investigating network attacks, as the table contains IP addresses associated with the respective MAC addresses.
The ARP table can be accessed using the ____ command in Windows 7.

  • A. C:arp -a
  • B. C:arp -d
  • C. C:arp -s
  • D. C:arp -b

Answer: A

NEW QUESTION 14
What is the First Step required in preparing a computer for forensics investigation?

  • A. Do not turn the computer off or on, run any programs, or attempt to access data on a computer
  • B. Secure any relevant media
  • C. Suspend automated document destruction and recycling policies that may pertain to any relevant media or users at Issue
  • D. Identify the type of data you are seeking, the Information you are looking for, and the urgency level of the examination

Answer: A

NEW QUESTION 15
During the seizure of digital evidence, the suspect can be allowed touch the computer system.

  • A. True
  • B. False

Answer: B

NEW QUESTION 16
Sniffers that place NICs in promiscuous mode work at what layer of the OSI model?

  • A. Network
  • B. Transport
  • C. Physical
  • D. Data Link

Answer: C

100% Valid and Newest Version 312-49v9 Questions & Answers shared by Passcertsure, Get Full Dumps HERE: https://www.passcertsure.com/312-49v9-test/ (New 486 Q&As)