EC-Council 312-49v9 Free Practice Questions

NEW QUESTION 1

Why is it a good idea to perform a penetration test from the inside?

• A. It is never a good idea to perform a penetration test from the inside
• B. It is easier to hack from the inside
• C. Because 70% of attacks are from inside the organization
• D. To attack a network from a hacker's perspective

Answer: C

NEW QUESTION 2

When a router receives an update for its routing table, what is the metric value change to that path?

• A. Increased by 2
• B. Decreased by 1
• C. Increased by 1
• D. Decreased by 2

Answer: C

NEW QUESTION 3

JPEG is a commonly used method of compressing photographic Images. It uses a compression algorithm to minimize the size of the natural image, without affecting the quality of the image. The JPEG lossy algorithm divides the image in separate blocks of ____.

• A. 4x4 pixels
• B. 8x8 pixels
• C. 16x16 pixels
• D. 32x32 pixels

Answer: B

NEW QUESTION 4

George is performing security analysis for Hammond and Sons LLC. He is testing security vulnerabilities of their wireless network. He plans on remaining as "stealthy" as possible during the scan. Why would a scanner like Nessus is not recommended in this situation?

• A. Nessus cannot perform wireless testing
• B. Nessus is too loud
• C. There are no ways of performing a "stealthy" wireless scan
• D. Nessus is not a network scanner

Answer: B

NEW QUESTION 5

What will the following URL produce in an unpatched IIS Web Server? http://www.thetargetsite.com/scripts/..% co%af../..%co%af../windows/system32/cmd.exe?/c+dir+c:\

• A. Directory listing of C: drive on the web server
• B. Execute a buffer flow in the C: drive of the web server
• C. Directory listing of the C:\windows\system32 folder on the web server
• D. Insert a Trojan horse into the C: drive of the web server

Answer: A

NEW QUESTION 6

Which of the following commands shows you the names of all open shared files on a server and number of file locks on each file?

• A. Net sessions
• B. Net file
• C. Netconfig
• D. Net share

Answer: B

NEW QUESTION 7

When setting up a wireless network with multiple access points, why is it important to set each access point on a different channel?

• A. Avoid over-saturation of wireless signals
• B. So that the access points will work on different requencies
• C. Avoid cross talk
• D. Multiple access points can be set up on the same channel without any issues

Answer: C

NEW QUESTION 8

James is testing the ability of his routers to withstand DoS attacks. James sends ICMP ECHO requests to the broadcast address of his network. What type of DoS attack is James testing against his network?

• A. Fraggle
• B. Smurf
• C. SYN flood
• D. Trinoo

Answer: B

Explanation:
The Fraggle attack is like a smurf attack, but uses UDP packets and not ICMP.

NEW QUESTION 9

Travis, a computer forensics investigator, is finishing up a case he has been working on for over a month involving copyright infringement and embezzlement. His last task is to prepare an investigative report for the president of the company he has been working for. Travis must submit a hard copy and an electronic copy to this president. In what electronic format should Travis send this report?

• A. TIFF-8
• B. DOC
• C. WPD
• D. PDF

Answer: D

NEW QUESTION 10

Task list command displays a list of applications and services with their Process ID (PID) for all tasks running on either a local or a remote computer.
Which of the following task list commands provides information about the listed processes, including the image name, PID, name, and number of the session for the process?

• A. tasklist/s
• B. tasklist/u
• C. tasklist/p
• D. tasklist/V

Answer: D

NEW QUESTION 11

Digital evidence validation involves using a hashing algorithm utility to create a binary or hexadecimal number that represents the uniqueness of a data set, such as a disk drive or file.
Which of the following hash algorithms produces a message digest that is 128 bits long?

• A. CRC-32
• B. MD5
• C. SHA-1
• D. SHA-512

Answer: B

NEW QUESTION 12

Which legal document allows law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime?

• A. Search warrant
• B. Subpoena
• C. Wire tap
• D. Bench warrant

Answer: A

NEW QUESTION 13

What should you do when approached by a reporter about a case that you are working on or have worked on?

• A. Refer the reporter to the attorney that retained you
• B. Say, o comment?Say, ?o comment
• C. Answer all the reporter questions as completely as possibleAnswer all the reporter? questions as completely as possible
• D. Answer only the questions that help your case

Answer: B

NEW QUESTION 14

Which of the following attacks allows attacker to acquire access to the communication channels between the victim and server to extract the information?

• A. Man-in-the-middle (MITM) attack
• B. Replay attack
• C. Rainbow attack
• D. Distributed network attack

Answer: A

NEW QUESTION 15

Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM file on a computer. Where should Harold navigate on the computer to find the file?

• A. %systemroot%\LSA
• B. %systemroot%\system32\drivers\etc
• C. %systemroot%\repair
• D. %systemroot%\system32\LSA

Answer: C

NEW QUESTION 16

What happens when a file is deleted by a Microsoft operating system using the FAT file system?

• A. The file is erased and cannot be recovered
• B. The file is erased but can be recovered partially
• C. A copy of the file is stored and the original file is erased
• D. Only the reference to the file is removed from the FAT and can be recovered

Answer: D

NEW QUESTION 17

Heather, a computer forensics investigator, is assisting a group of investigators working on a large computer fraud case involving over 20 people. These 20 people, working in different offices, allegedly siphoned off money from many different client accounts. Heather responsibility is to findThese 20 people, working in different offices, allegedly siphoned off money from many different client accounts. Heather? responsibility is to find out how the accused people communicated between each other. She has searched their email and their computers and has not found any useful evidence. Heather then finds some possibly useful evidence under the desk of one of the accused. In an envelope she finds a piece of plastic with numerous holes cut out of it. Heather then finds the same exact piece of plastic with holes at many of the other accused peoples?desks. Heather believes that the 20 people involved in the case were using a cipher to send secret messages in between each other. What type of cipher was used by the accused in this case?

• A. Grill cipher
• B. Null cipher
• C. Text semagram
• D. Visual semagram

Answer: A

NEW QUESTION 18

Preparing an image drive to copy files to is the first step in Linux forensics. For this purpose, what would the following command accomplish? dcfldd if=/dev/zero of=/dev/hda bs=4096 conv=noerror, sync

• A. Fill the disk with zeros
• B. Low-level format
• C. Fill the disk with 4096 zeros
• D. Copy files from the master disk to the slave disk on the secondary IDE controller

Answer: A

NEW QUESTION 19

Digital evidence is not fragile in nature.

• A. True
• B. False

Answer: B

NEW QUESTION 20

Which of the following commands shows you the NetBIOS name table each?

• A. nbtstat -n
• B. nbtstat -c
• C. nbtstat -r
• D. nbtstat -s

Answer: A

NEW QUESTION 21

What is the First Step required in preparing a computer for forensics investigation?

• A. Do not turn the computer off or on, run any programs, or attempt to access data on a computer
• B. Secure any relevant media
• C. Suspend automated document destruction and recycling policies that may pertain to any relevant media or users at Issue
• D. Identify the type of data you are seeking, the Information you are looking for, and the urgency level of the examination

Answer: A

NEW QUESTION 22

What is a bit-stream copy?

• A. Bit-Stream Copy is a bit-by-bit copy of the original storage medium and exact copy of the original disk
• B. A bit-stream image is the file that contains the NTFS files and folders of all the data on a disk or partition
• C. A bit-stream image is the file that contains the FAT32 files and folders of all the data on a disk or partition
• D. Creating a bit-stream image transfers only non-deleted files from the original disk to the image disk

Answer: A

NEW QUESTION 23

What type of attack occurs when an attacker can force a router to stop forwarding packets by flooding the router with many open connections simultaneously so that all the hosts behind the router are effectively disabled?

• A. ARP redirect
• B. Physical attack
• C. Digital attack
• D. Denial of service

Answer: D

NEW QUESTION 24

From the following spam mail header, identify the host IP that sent this spam? From jie02@netvigator.com jie02@netvigator.com Tue Nov 27 17:27:11 2001
Received: from viruswall.ie.cuhk.edu.hk (viruswall [137.189.96.52]) by eng.ie.cuhk.edu.hk (8.11.6/8.11.6) with ESMTP id
fAR9RAP23061 for ; Tue, 27 Nov 2001 17:27:10 +0800 (HKT)
Received: from mydomain.com (pcd249020.netvigator.com [203.218.39.20]) by viruswall.ie.cuhk.edu.hk (8.12.1/8.12.1) with SMTP id fAR9QXwZ018431 for ; Tue, 27 Nov 2001 17:26:36 +0800 (HKT)
Message-Id: >200111270926.fAR9QXwZ018431@viruswall.ie.cuhk.edu.hk From: "china hotel web"
To: "Shlam"
Subject: SHANGHAI (HILTON HOTEL) PACKAGE Date: Tue, 27 Nov 2001 17:25:58 +0800 MIME-Version: 1.0
X-Priority: 3 X-MSMail- Priority: Normal
Reply-To: "china hotel web"

• A. 137.189.96.52
• B. 8.12.1.0
• C. 203.218.39.20
• D. 203.218.39.50

Answer: C

NEW QUESTION 25

George is a senior security analyst working for a state agency in Florida. His state's congress just passed a bill mandating every state agency to undergo a security audit annually. After learning what will be required, George needs to implement an IDS as soon as possible before the first audit occurs. The state bill requires that an IDS with a "time-based induction machine" be used. What IDS feature must George implement to meet this requirement?

• A. Pattern matching
• B. Statistical-based anomaly detection
• C. Real-time anomaly detection
• D. Signature-based anomaly detection

Answer: C

NEW QUESTION 26

A packet is sent to a router that does not have the packet destination address in its route table, how will the packet get to its properA packet is sent to a router that does not have the packet? destination address in its route table, how will the packet get to its proper destination?

• A. Border Gateway Protocol
• B. Root Internet servers
• C. Gateway of last resort
• D. Reverse DNS

Answer: C

NEW QUESTION 27
......