for EC-Council certification, Real Success Guaranteed with Updated . 100% PASS 312-49v9 ECCouncil Computer Hacking Forensic Investigator (V9) exam Today!
Online 312-49v9 free questions and answers of New Version:
NEW QUESTION 1
What document does the screenshot represent?
Answer: A
NEW QUESTION 2
Damaged portions of a disk on which no read/Write operation can be performed is known as ____ .
Answer: B
NEW QUESTION 3
What term is used to describe a cryptographic technique for embedding information into something else for the sole
purpose of hiding that information from the casual observer?
Answer: B
NEW QUESTION 4
In conducting a computer abuse investigation you become aware that the suspect of the investigation is using ABC Company as his Internet Service Provider (ISP). You contact the ISP and request that they provide you assistance with your investigation. What assistance can the ISP provide?
Answer: B
NEW QUESTION 5
Network forensics allows Investigators to inspect network traffic and logs to identify and locate the attack system Network forensics can reveal: (Select three answers)
Answer: ABC
NEW QUESTION 6
Which of the following statements is incorrect related to acquiring electronic evidence at crime scene?
Answer: D
NEW QUESTION 7
After attending a CEH security seminar, you make a list of changes you would like to perform on your network to increase its security. One of the first things you change is to switch the RestrictAnonymous setting from 0 to 1 on your servers. This, as you were told, would prevent anonymous users from establishing a null session on the server. Using Userinfo tool mentioned at the seminar, you succeed in establishing a null session with one of the servers. Why is that?
Answer: A
NEW QUESTION 8
The following excerpt is taken from a honeypot log. The log captures activities across three days. There are several intrusion attempts; however, a few are successful.
(Note: The objective of this question is to test whether the student can read basic information from log entries and interpret the nature of attack.)
Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169
Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482 Apr 24 18:01:05 [4663]:
IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53
Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 -> 172.16.1.107:21
Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53
Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53
Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53
Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111
Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80
Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53 Apr 26 06:43:05 [6283]:
IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53
Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by (uid=0)
Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506) Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080
Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558
From the options given below choose the one which best interprets the following entry: Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53
Answer: A
NEW QUESTION 9
Which of the following standard is based on a legal precedent regarding the admissibility of scientific examinations or experiments in legal cases?
Answer: C
NEW QUESTION 10
Identify the attack from following sequence of actions?
Step 1: A user logs in to a trusted site and creates a new session
Step 2: The trusted site stores a session identifier for the session in a cookie in the web browser Step 3: The user is tricked to visit a malicious site
Step 4: the malicious site sends a request from the user's browser using his session cookie
Answer: C
NEW QUESTION 11
Which of the following steganography types hides the secret message in a specifically designed pattern on the document that is unclear to the average reader?
Answer: A
NEW QUESTION 12
While looking through the IIS log file of a web server, you find the following entries:
What is evident from this log file?
Answer: D
NEW QUESTION 13
The ARP table of a router comes in handy for Investigating network attacks, as the table contains IP addresses associated with the respective MAC addresses.
The ARP table can be accessed using the ____ command in Windows 7.
Answer: A
NEW QUESTION 14
What is the First Step required in preparing a computer for forensics investigation?
Answer: A
NEW QUESTION 15
During the seizure of digital evidence, the suspect can be allowed touch the computer system.
Answer: B
NEW QUESTION 16
Sniffers that place NICs in promiscuous mode work at what layer of the OSI model?
Answer: C
100% Valid and Newest Version 312-49v9 Questions & Answers shared by Passcertsure, Get Full Dumps HERE: https://www.passcertsure.com/312-49v9-test/ (New 486 Q&As)