[Oct 01, 2021] 312-49 Ultimate Study Guide - PracticeMaterial [Q16-Q35]

[Oct 01, 2021] 312-49 Ultimate Study Guide -  PracticeMaterial

Ultimate Guide to Prepare 312-49 Certification Exam for Certified Ethical Hacker in 2021

NEW QUESTION 16
When you carve an image, recovering the image depends on which of the following skills?

• A. Recognizing the pattern of a corrupt file
• B. Recovering the image from the tape backup
• C. Recognizing the pattern of the header content
• D. Recovering the image from a tape backup

Answer: C

 

NEW QUESTION 17
An employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the employee computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to astored on the employee? computer that was protected with the NTFS
Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekend. You detain the employee before he leaves the building and recover the floppy disk and secure his computer. Will you be able to break the encryption so that you can verify that the employee was in possession of the proprietary information?

• A. EFS uses a 128-bit key that cannot be cracked, so you will not be able to recover the information
• B. When the encrypted file was copied to the floppy disk, the EFS private key was also copied to the floppy disk, so you can recover the information
• C. The EFS Revoked Key Agent can be used on the computer to recover the information
• D. When the encrypted file was copied to the floppy disk, it was automatically unencrypted, so you can recover the information

Answer: D

 

NEW QUESTION 18
Using Internet logging software to investigate a case of malicious use of computers, the investigator comes across some entries that appear odd.

From the log, the investigator can see where the person in question went on the Internet. From the log, it appears that the user was manually typing in different user ID numbers. What technique this user was trying?

• A. Cross site scripting
• B. Cookie Poisoning
• C. Parameter tampering
• D. SQL injection

Answer: C

 

NEW QUESTION 19
Why would you need to find out the gateway of a device when investigating a wireless attack?

• A. The gateway will be the IP of the proxy server used by the attacker to launch the attack
• B. The gateway will be the IP used to manage the access point
• C. The gateway will be the IP used to manage the RADIUS server
• D. The gateway will be the IP of the attacker computer

Answer: B

 

NEW QUESTION 20
What type of equipment would a forensics investigator store in a StrongHold bag?

• A. PDAPDA?
• B. Wireless cards
• C. Hard drives
• D. Backup tapes

Answer: B

 

NEW QUESTION 21
Jacob is a computer forensics investigator with over 10 years experience in investigations and has written over 50 articles on computer forensics. He has been called upon as a qualified witness to testify the accuracy and integrity of the technical log files gathered in an investigation into computer fraud. What is the term used for Jacob testimony in this case?computer fraud. What is the term used for Jacob? testimony in this case?

• A. Certification
• B. Reiteration
• C. Authentication
• D. Justification

Answer: C

 

NEW QUESTION 22
Your company uses Cisco routers exclusively throughout the network. After securing the routers to the best of your knowledge, an outside security firm is brought in to assess the network security.
Although they found very few issues, they were able to enumerate the model, OS version, and capabilities for all your Cisco routers with very little effort. Which feature will you disable to eliminate the ability to enumerate this information on your Cisco routers?

• A. Simple Network Management Protocol
• B. Cisco Discovery Protocol
• C. Border Gateway Protocol
• D. Broadcast System Protocol

Answer: B

 

NEW QUESTION 23
John is working on his company policies and guidelines. The section he is currently working on covers company documents; how they shouldJohn is working on his company? policies and guidelines. The section he is currently working on covers company documents; how they should be handled, stored, and eventually destroyed. John is concerned about the process whereby outdated documents are destroyed. What type of shredder should
John write in the guidelines to be used when destroying documents?

• A. Strip-cut shredder
• B. Cross-hatch shredder
• C. Cross-cut shredder
• D. Cris-cross shredder

Answer: C

 

NEW QUESTION 24
You are called in to assist the police in an investigation involving a suspected drug dealer. The suspects house was searched by the police after a warrant was obtained and they located a floppy disk in the suspects bedroom. The disk contains several files, but they appear to be password protected. What are two common methods used by password cracking software that you can use to obtain the password?

• A. Minimum force and appendix Attack
• B. Brute Force and dictionary Attack
• C. Maximum force and thesaurus Attack
• D. Limited force and library attack

Answer: B

 

NEW QUESTION 25
The efforts to obtain information before a trail by demanding documents, depositions, questioned and answers written under oath, written requests for admissions of fact and examination of the scene is a description of what legal term?

• A. Detection
• B. Discovery
• C. Hearsay
• D. Spoliation

Answer: B

 

NEW QUESTION 26
When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?

• A. Protocol analyzer
• B. Firewall
• C. Disk editor
• D. Write-blocker

Answer: D

 

NEW QUESTION 27
Why is it a good idea to perform a penetration test from the inside?

• A. To attack a network from a hacker's perspective
• B. Because 70% of attacks are from inside the organization
• C. It is never a good idea to perform a penetration test from the inside
• D. It is easier to hack from the inside

Answer: B

 

NEW QUESTION 28
What feature of Decryption Collection allows an investigator to crack a password as quickly as possible?

• A. Distribute processing over 16 or fewer computers
• B. Support for Encrypted File System
• C. Cracks every password in 10 minutes
• D. Support for MD5 hash verification

Answer: A

 

NEW QUESTION 29
You just passed your ECSA exam and are about to start your first consulting job running security audits for a financial institution in Los Angeles. The IT manager of the company you will be working for tries to see if you remember your ECSA class. He asks about the methodology you will be using to test the company's network. How would you answer?

• A. IBM Methodology
• B. LPT Methodology
• C. Google Methodology
• D. Microsoft Methodology

Answer: B

 

NEW QUESTION 30
Jack Smith is a forensics investigator who works for Mason Computer Investigation Services. He is investigating a computer that was infected by Ramen Virus.

He runs the netstat command on the machine to see its current connections. In the following screenshot, what do the 0.0.0.0 IP addresses signify?

• A. Those connections are in closed/waiting mode
• B. Those connections are in listening mode
• C. Those connections are established
• D. Those connections are in timed out/waiting mode

Answer: B

 

NEW QUESTION 31
You are working as an independent computer forensics investigator and received a call from a systems administrator for a local school system requesting your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer Lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a "simple backup copy" of the hard drive in the PC and put it on this drive and requests that you examine the drive for evidence of the suspected images. You inform him that a "simple backup copy" will not provide deleted files or recover file fragments. What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceeding?

• A. Full backup copy
• B. Incremental backup copy
• C. Bit-stream copy
• D. Robust copy

Answer: C

Explanation:
Explanation

 

NEW QUESTION 32
Who is responsible for the following tasks?
Secure the scene and ensure that is maintained in a secure state until the Forensic Team advises Make notes about the scene that will eventually be handed over to the Forensic Team

• A. Lawyers
• B. Local managers or other non-forensic staff
• C. Non-forensics staff
• D. System administrators

Answer: C

 

NEW QUESTION 33
John and Hillary works at the same department in the company. John wants to find out Hillary's network password so he can take a look at her documents on the file server. He enables Lophtcrack program to sniffing mode. John sends Hillary an email with a link to Error! Reference source not found. What information will he be able to gather from this?

• A. The network shares that Hillary has permissions
• B. Hillary network username and password hash
• C. The SID of Hillary network account
• D. The SAM file from Hillary computer

Answer: B

 

NEW QUESTION 34
You have compromised a lower-level administrator account on an Active Directory network of a small company in Dallas, Texas. You discover Domain Controllers through enumeration. You connect to one of the Domain Controllers on port 389 using ldp.exe. What are you trying to accomplish here?

• A. Enumerate domain user accounts and built-in groups
• B. Establish a remote connection to the Domain Controller
• C. Enumerate MX and A records from DNS
• D. Poison the DNS records with false records

Answer: A

 

NEW QUESTION 35
......

Certified Ethical Hacker Fundamentals-312-49 Exam-Practice-Dumps: https://www.practicematerial.com/312-49-exam-materials.html