DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

ECCouncil 312-49 Exam Questions and Answers, Computer Hacking Forensic Investigator | SPOTO

SPOTO's latest exam dumps on the homepage, with a 100% pass rate! SPOTO delivers authentic Cisco CCNA, CCNP study materials, CCIE Lab solutions, PMP, CISA, CISM, AWS, and Palo Alto exam dumps. Our comprehensive study materials are meticulously aligned with the latest exam objectives. With a proven track record, we have enabled thousands of candidates worldwide to pass their IT certifications on their first attempt. Over the past 20+ years, SPOTO has successfully placed numerous IT professionals in Fortune 500 companies.
Take other online exams
Question #1
What does the 63.78.199.4(161) denotes in a Cisco router log? Mar 14 22:57:53.425 EST: %SEC-6-IPACCESSLOGP: list internet-inbound denied udp 66.56.16.77(1029) -> 63.78.199.4(161), 1 packet
A. Login IP address
B. Destination IP address
C. None of the above
D. Source IP address
View answer
Correct Answer: B
Question #2
When making the preliminary investigations in a sexual harassment case, how many investigators are you recommended having?
A. Two
B. One
C. Four
D. Three
View answer
Correct Answer: A
Question #3
The newer Macintosh Operating System is based on:
A. OS/2
B. BSD Unix
C. Linux
D. Microsoft Windows
View answer
Correct Answer: B
Question #4
In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?
A. rules of evidence
B. law of probability
C. chain of custody
D. policy of separation
View answer
Correct Answer: C
Question #5
Which network attack is described by the following statement? "At least five Russian major banks came under a continuous hacker attack, although online client services were not disrupted. The attack came from a wide-scale botnet involving at least 24,000 computers, located in 30 countries."
A. Man-in-the-Middle Attack
B. Sniffer Attack
C. Buffer Overflow
D. DDoS
View answer
Correct Answer: D
Question #6
A Computer Hacking Forensics Investigator is analyzing a malware sample named "payload.exe". They have run the malware on a test workstation, and used a tool named WhatChanged Portable to monitor host integrity by capturing the system state before and after the malware execution. After comparing these two snapshots, the investigator observes that an entry named CjNWWyUJ has been created under the Run registry key with value C:\Users\\AppData\Local\Temp\xKNkeLQI.vbs. Given this information, what conclusion c
A. The malware is performing a denial of service attack
B. The malware has deleted system files on the workstation
C. The malware has corrupted the Windows registry
D. The malware creates a persistent connection with the machine on startup
View answer
Correct Answer: D
Question #7
Event correlation is a procedure that is assigned with a new meaning for a set of events that occur in a predefined interval of time. Which type of correlation will you use if your organization wants to use different OS and network hardware platforms throughout the network?
A. Cross-platform correlation
B. Same-platform correlation
C. Multiple-platform correlation
D. Network-platform correlation
View answer
Correct Answer: A
Question #8
You are working on a thesis for your doctorate degree in Computer Science. Your thesis is based on HTML, DHTML, and other web-based languages and how they have evolved over the years. You navigate to archive. org and view the HTML code of news.com. You then navigate to the current news.com website and copy over the source code. While searching through the code, you come across something abnormal: What have you found?
A. Web bug
B. CGI code
C. Trojan
D. Blind bug
View answer
Correct Answer: A
Question #9
The Recycle Bin exists as a metaphor for throwing files away, but it also allows user to retrieve and restore files. Once the file is moved to the recycle bin, a record is added to the log file that exists in the Recycle Bin. Which of the following files contains records that correspond to each deleted file in the Recycle Bin?
A. INFO2 file
B. INFO1 file
C. LOGINFO2 file
D. LOGINFO1 file
View answer
Correct Answer: A
Question #10
Which of the following commands shows you the names of all open shared files on a server and number of file locks on each file?
A. Net sessions
B. Net file
C. Netconfig
D. Net share
View answer
Correct Answer: B
Question #11
In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?
A. rules of evidence
B. law of probability
C. chain of custody
D. policy of separation
View answer
Correct Answer: C
Question #12
During first responder procedure you should follow all laws while collecting the evidence, and contact a computer forensic examiner as soon as possible
A. True
B. False
View answer
Correct Answer: A
Question #13
The newer Macintosh Operating System is based on:
A. OS/2
B. BSD Unix
C. Linux
D. Microsoft Windows
View answer
Correct Answer: B
Question #14
Before you are called to testify as an expert, what must an attorney do first?
A. engage in damage control
B. prove that the tools you used to conduct your examination are perfect
C. read your curriculum vitae to the jury
D. qualify you as an expert witness
View answer
Correct Answer: D
Question #15
Data compression involves encoding the data to take up less storage space and less bandwidth for transmission. It helps in saving cost and high data manipulation in many business applications. Which data compression technique maintains data integrity?
A. Lossy video compression
B. Speech encoding compression
C. Lossy compression
D. Lossless compression
View answer
Correct Answer: D
Question #16
What is the First Step required in preparing a computer for forensics investigation?
A. Do not turn the computer off or on, run any programs, or attempt to access data on a computer
B. Secure any relevant media
C. Suspend automated document destruction and recycling policies that may pertain to any relevant media or users at Issue
D. Identify the type of data you are seeking, the Information you are looking for, and the urgency level of the examination
View answer
Correct Answer: A
Question #17
Why would you need to find out the gateway of a device when investigating a wireless attack?
A. The gateway will be the IP of the proxy server used by the attacker to launch the attack
B. The gateway will be the IP used to manage the access point
C. The gateway will be the IP used to manage the RADIUS server
D. The gateway will be the IP of the attacker computer
View answer
Correct Answer: B
Question #18
Which of the following Android libraries are used to render 2D (SGL) or 3D (OpenGL/ES) graphics content to the screen?
A. Surface Manager
B. OpenGL/ES and SGL
C. WebKit
D. Media framework
View answer
Correct Answer: B
Question #19
You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?
A. 0:1000, 150
B. 0:1709, 150
C. 1:1709, 150
D. 0:1709-1858
View answer
Correct Answer: B
Question #20
Which of the following commands shows you all of the network services running on Windows-based servers?
A. Net start
B. Net use
C. Net Session
D. Net share
View answer
Correct Answer: A
Question #21
Before you are called to testify as an expert, what must an attorney do first?
A. engage in damage control
B. prove that the tools you used to conduct your examination are perfect
C. read your curriculum vitae to the jury
D. qualify you as an expert witness
View answer
Correct Answer: D
Question #22
You are conducting an investigation of fraudulent claims in an insurance company that involves complex text searches through large numbers of documents. Which of the following tools would allow you to quickly and efficiently search for a string within a file on the bitmap image of the target computer?
A. dir
B. vim
C. grep
D. Stringsearch
View answer
Correct Answer: C
Question #23
Which of the following is not a part of disk imaging tool requirements?
A. The tool should not change the original content
B. The tool should log I/O errors in an accessible and readable form, including the type and location of the error
C. The tool must have the ability to be held up to scientific and peer review
D. The tool should not compute a hash value for the complete bit stream copy generated from an image file of the source
View answer
Correct Answer: D
Question #24
Which of the following commands shows you the names of all open shared files on a server and number of file locks on each file?
A. Net sessions
B. Net file
C. Netconfig
D. Net share
View answer
Correct Answer: B
Question #25
You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?
A. 0:1000, 150
B. 0:1709, 150
C. 1:1709, 150
D. 0:1709-1858
View answer
Correct Answer: B
Question #26
JPEG is a commonly used method of compressing photographic Images. It uses a compression algorithm to minimize the size of the natural image, without affecting the quality of the image. The JPEG lossy algorithm divides the image in separate blocks of____________.
A. 4x4 pixels
B. 8x8 pixels
C. 16x16 pixels
D. 32x32 pixels
View answer
Correct Answer: B
Question #27
In Java, when multiple applications are launched, multiple Dalvik Virtual Machine instances occur that consume memory and time. To avoid that. Android Implements a process that enables low memory consumption and quick start-up time. What is the process called?
A. init
B. Daemon
C. Media server
D. Zygote
View answer
Correct Answer: D
Question #28
Which of the following statements is not a part of securing and evaluating electronic crime scene checklist?
A. Transmit additional flash messages to other responding units
B. Request additional help at the scene if needed
C. Blog about the incident on the internet
D. Locate and help the victim
View answer
Correct Answer: C
Question #29
The newer Macintosh Operating System is based on:
A. OS/2
B. BSD Unix
C. Linux
D. Microsoft Windows
View answer
Correct Answer: B
Question #30
Heather, a computer forensics investigator, is assisting a group of investigators working on a large computer fraud case involving over 20 people. These 20 people, working in different offices, allegedly siphoned off money from many different client accounts. Heather responsibility is to find out how the accused people communicated between each other. She has searched their email and their computers and has not found any useful evidence. Heather then finds some possibly useful evidence under the desk of one
A. Grill cipher
B. Null cipher
C. Text semagram
D. Visual semagram
View answer
Correct Answer: A

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.