DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Latest ECCouncil 312-49 Exam Questions and Answers, 2025 Update | SPOTO

SPOTO's latest exam dumps on the homepage, with a 100% pass rate! SPOTO delivers authentic Cisco CCNA, CCNP study materials, CCIE Lab solutions, PMP, CISA, CISM, AWS, and Palo Alto exam dumps. Our comprehensive study materials are meticulously aligned with the latest exam objectives. With a proven track record, we have enabled thousands of candidates worldwide to pass their IT certifications on their first attempt. Over the past 20+ years, SPOTO has successfully placed numerous IT professionals in Fortune 500 companies.
Take other online exams
Question #1
When an investigator contacts by telephone the domain administrator or controller listed by a Who is lookup to request all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail records?
A. Title 18, Section 1030
B. Title 18, Section 2703(d)
C. Title 18, Section Chapter 90
D. Title 18, Section 2703(f)
View answer
Correct Answer: D
Question #2
You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer data. What method would be most efficient for you to acquire digital evidence from this network?
A. create a compressed copy of the file with DoubleSpace
B. create a sparse data copy of a folder or file
C. make a bit-stream disk-to-image file
D. make a bit-stream disk-to-disk file
View answer
Correct Answer: C
Question #3
Which of the following information is displayed when Netstat is used with -ano switch?
A. Details of TCP and UDP connections
B. Contents of IP routing table
C. Details of routing table
D. Ethernet statistics
View answer
Correct Answer: A
Question #4
You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?
A. 0:1000, 150
B. 0:1709, 150
C. 1:1709, 150
D. 0:1709-1858
View answer
Correct Answer: B
Question #5
You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer data. What method would be most efficient for you to acquire digital evidence from this network?
A. create a compressed copy of the file with DoubleSpace
B. create a sparse data copy of a folder or file
C. make a bit-stream disk-to-image file
D. make a bit-stream disk-to-disk file
View answer
Correct Answer: C
Question #6
Which of the following commands shows you all of the network services running on Windows-based servers?
A. Net use
B. Net config
C. Netstart
D. Net Session
View answer
Correct Answer: C
Question #7
Item 2If you come across a sheepdip machine at your client site, what would you infer?
A. A sheepdip coordinates several honeypots
B. A sheepdip computer is another name for a honeypot
C. A sheepdip computer is used only for virus-checking
D. A sheepdip computer defers a denial of service attack
View answer
Correct Answer: C
Question #8
How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?
A. 128
B. 64
C. 32
D. 16
View answer
Correct Answer: D
Question #9
When an investigator contacts by telephone the domain administrator or controller listed by a Who is lookup to request all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail records?
A. Title 18, Section 1030
B. Title 18, Section 2703(d)
C. Title 18, Section Chapter 90
D. Title 18, Section 2703(f)
View answer
Correct Answer: D
Question #10
When an investigator contacts by telephone the domain administrator or controller listed by a Who is lookup to request all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail records?
A. Title 18, Section 1030
B. Title 18, Section 2703(d)
C. Title 18, Section Chapter 90
D. Title 18, Section 2703(f)
View answer
Correct Answer: D
Question #11
In which step of the computer forensics investigation methodology would you run MD5 checksum on the evidence?
A. Obtain search warrant
B. Evaluate and secure the scene
C. Collect the evidence
D. Acquire the data
View answer
Correct Answer: D
Question #12
A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker. Given below is an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by studying the log. Please note that you are required to infer only what is explicit in the excerpt. (Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.) 03/15-20:21:24.107053 211.185.
A. The attacker has conducted a network sweep on port 111
B. The attacker has scanned and exploited the system using Buffer Overflow
C. The attacker has used a Trojan on port 32773
D. The attacker has installed a backdoor
View answer
Correct Answer: A
Question #13
Which of the following commands shows you the NetBIOS name table each?
A. nbtstat -n
B. nbtstat -c
C. nbtstat -r
D. nbtstat -s
View answer
Correct Answer: A
Question #14
Before you are called to testify as an expert, what must an attorney do first?
A. engage in damage control
B. prove that the tools you used to conduct your examination are perfect
C. read your curriculum vitae to the jury
D. qualify you as an expert witness
View answer
Correct Answer: D
Question #15
In which step of the computer forensics investigation methodology would you run MD5 checksum on the evidence?
A. Evaluate and secure the scene
B. Collect the evidence
C. Acquire the data
D. Obtain search warrant
View answer
Correct Answer: C
Question #16
With Regard to using an Antivirus scanner during a computer forensics investigation, You should:
A. Scan your Forensics workstation before beginning an investigation
B. Never run a scan on your forensics workstation because it could change your systems configuration
C. Scan your forensics workstation at intervals of no more than once every five minutes during an investigation
D. Scan the suspect hard drive before beginning an investigation
View answer
Correct Answer: A
Question #17
What stage of the incident handling process involves reporting events?
A. Follow-up
B. Recovery
C. Containment
D. Identification
View answer
Correct Answer: D
Question #18
Network forensics can be defined as the sniffing, recording, acquisition and analysis of the network traffic and event logs in order to investigate a network security incident.
A. True
B. False
View answer
Correct Answer: A
Question #19
Which of the following is not a part of data acquisition forensics Investigation?
A. Permit only authorized personnel to access
B. Protect the evidence from extremes in temperature
C. Work on the original storage medium not on the duplicated copy
D. Disable all remote access to the system
View answer
Correct Answer: C
Question #20
You are working on a thesis for your doctorate degree in Computer Science. Your thesis is based on HTML, DHTML, and other web-based languages and how they have evolved over the years. You navigate to archive. org and view the HTML code of news.com. You then navigate to the current news.com website and copy over the source code. While searching through the code, you come across something abnormal: What have you found?
A. Web bug
B. CGI code
C. Trojan
D. Blind bug
View answer
Correct Answer: A
Question #21
Unix では印刷時にファイルはどこに一時的に書き込まれるのでしょうか?
A. /var/print
B. /var/spool
C. /usr/spool
D. /spool
View answer
Correct Answer: B
Question #22
In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?
A. rules of evidence
B. law of probability
C. chain of custody
D. policy of separation
View answer
Correct Answer: C
Question #23
Jason, a renowned forensic investigator, is investigating a network attack that resulted in the compromise of several systems in a reputed multinational's network. He started Wireshark to capture the network traffic. Upon investigation, he found that the DNS packets travelling across the network belonged to a non-company configured IP. Which of the following attack Jason can infer from his findings?
A. DNS Redirection
B. DNS Poisoning
C. Cookie Poisoning Attack
D. Session poisoning
View answer
Correct Answer: B
Question #24
System software password cracking is defined as cracking the operating system and all other utilities that enable a computer to function
A. False
B. True
View answer
Correct Answer: B
Question #25
How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?
A. 128
B. 64
C. 32
D. 16
View answer
Correct Answer: C
Question #26
How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?
A. 128
B. 64
C. 32
D. 16
View answer
Correct Answer: D
Question #27
A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker. Given below is an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by studying the log. Please note that you are required to infer only what is explicit in the excerpt. (Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.) 03/15-20:21:24.107053 211.185.
A. The attacker has conducted a network sweep on port 111
B. The attacker has scanned and exploited the system using Buffer Overflow
C. The attacker has used a Trojan on port 32773
D. The attacker has installed a backdoor
View answer
Correct Answer: A
Question #28
Operating System logs are most beneficial for Identifying or Investigating suspicious activities involving a particular host. Which of the following Operating System logs contains information about operational actions performed by OS components?
A. Firewall logs
B. IDS logs
C. Event logs
D. Audit logs
View answer
Correct Answer: C
Question #29
You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer data. What method would be most efficient for you to acquire digital evidence from this network?
A. create a compressed copy of the file with DoubleSpace
B. create a sparse data copy of a folder or file
C. make a bit-stream disk-to-image file
D. make a bit-stream disk-to-disk file
View answer
Correct Answer: C
Question #30
Item 2If you come across a sheepdip machine at your client site, what would you infer?
A. A sheepdip coordinates several honeypots
B. A sheepdip computer is another name for a honeypot
C. A sheepdip computer is used only for virus-checking
D. A sheepdip computer defers a denial of service attack
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.