312-49v9 Exam - ECCouncil Computer Hacking Forensic Investigator (V9)

NEW QUESTION 1
When you carve an image, recovering the image depends on which of the following skills?

• A. Recognizing the pattern of the header content
• B. Recovering the image from a tape backup
• C. Recognizing the pattern of a corrupt file
• D. Recovering the image from the tape backup

Answer: A

NEW QUESTION 2
An attack vector is a path or means by which an attacker can gain access to computer or network resources in order to deliver an attack payload or cause a malicious outcome.

• A. True
• B. False

Answer: A

NEW QUESTION 3
When reviewing web logs, you see an entry for resource not found in the HTTP status code filed. What is the actual error code that you would see in the log for resource not found?

• A. 202
• B. 404
• C. 505
• D. 909

Answer: B

NEW QUESTION 4
An intrusion detection system (IDS) gathers and analyzes information from within a computer or a network to identify any possible violations of security policy, including unauthorized access, as well as misuse.
Which of the following intrusion detection systems audit events that occur on a specific host?

• A. Network-based intrusion detection
• B. Host-based intrusion detection
• C. Log file monitoring
• D. File integrity checking

Answer: B

NEW QUESTION 5
Attacker uses vulnerabilities in the authentication or session management functions such as exposed accounts, session IDs, logout, password management, timeouts, remember me. secret question, account update etc. to impersonate users, if a user simply closes the browser without logging out from sites accessed through a public computer, attacker can use the same browser later and exploit the user's privileges. Which of the following vulnerability/exploitation is referred above?

• A. Session ID in URLs
• B. Timeout Exploitation
• C. I/O exploitation
• D. Password Exploitation

Answer: B

NEW QUESTION 6
Which of the following approaches checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or multiple fields?

• A. Graph-based approach
• B. Neural network-based approach
• C. Rule-based approach
• D. Automated field correlation approach

Answer: D

NEW QUESTION 7
Who is responsible for the following tasks?
? Secure the scene and ensure that it is maintained In a secure state until the Forensic Team advises
? Make notes about the scene that will eventually be handed over to the Forensic Team

• A. Non-Laboratory Staff
• B. System administrators
• C. Local managers or other non-forensic staff
• D. Lawyers

Answer: A

NEW QUESTION 8
What encryption technology is used on Blackberry devices?Password Keeper?

• A. 3DES
• B. AES
• C. Blowfish
• D. RC5

Answer: B

NEW QUESTION 9
The offset in a hexadecimal code is:

• A. The 0x at the beginning of the code
• B. The 0x at the end of the code
• C. The first byte after the colon
• D. The last byte after the colon

Answer: A

NEW QUESTION 10
Tracks numbering on a hard disk begins at 0 from the outer edge and moves towards the center, typically reaching a value of _____.

• A. 1023
• B. 1020
• C. 1024
• D. 2023

Answer: A

NEW QUESTION 11
What happens when a file is deleted by a Microsoft operating system using the FAT file system?

• A. The file is erased and cannot be recovered
• B. The file is erased but can be recovered partially
• C. A copy of the file is stored and the original file is erased
• D. Only the reference to the file is removed from the FAT and can be recovered

Answer: D

NEW QUESTION 12
As a security analyst you setup a false survey website that will reQuire users to create a username and a strong password. You send the link to all the employees of the company. What information will you be able to gather?

• A. The IP address of the employees computers
• B. Bank account numbers and the corresponding routing numbers
• C. The employees network usernames and passwords
• D. The MAC address of theemployees?computers

Answer: C

NEW QUESTION 13
How often must a company keep log files for them to be admissible in a court of law?

• A. All log files are admissible in court no matter their frequency
• B. Weekly
• C. Monthly
• D. Continuously

Answer: D

NEW QUESTION 14
You setup SNMP in multiple offices of your company. Your SNMP software manager is not receiving data from other offices like it is for your main office. You suspect that firewall changes are to blame. What ports should you open for SNMP to work through Firewalls
(Select 2)

• A. 161
• B. 162
• C. 163
• D. 160

Answer: AB

NEW QUESTION 15
When needing to search for a website that is no longer present on the Internet today but was online few years back, what site can be used to view the website collection of pages?view the website? collection of pages?

• A. Proxify.net
• B. Dnsstuff.com
• C. Samspade.org
• D. Archive.org

Answer: D

NEW QUESTION 16
Which of the following refers to the data that might still exist in a cluster even though the original file has been overwritten by another file?

• A. Sector
• B. Metadata
• C. MFT
• D. Slack Space

Answer: D