EC-Council 312-49v9 ECCouncil Computer Hacking Forensic Investigator (V9) Online Training
EC-Council 312-49v9 Online Training
The questions for 312-49v9 were last updated at Oct 28,2024.
- Exam Code: 312-49v9
- Exam Name: ECCouncil Computer Hacking Forensic Investigator (V9)
- Certification Provider: EC-Council
- Latest update: Oct 28,2024
An Employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the Employees Computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekend. You detain the Employee before he leaves the building and recover the floppy disks and secure his computer. Will you be able to break the encryption so that you can verify that that the employee was in possession of the proprietary information?
- A . EFS uses a 128-bit key that can’t be cracked, so you will not be able to recover the information
- B . When the encrypted file was copied to the floppy disk, it was automatically unencrypted, so you can recover the information.
- C . The EFS Revoked Key Agent can be used on the Computer to recover the information
- D . When the Encrypted file was copied to the floppy disk, the EFS private key was also copied to the floppy disk, so you can recover the information.
Which federal computer crime law specifically refers to fraud and related activity in connection with access devices like routers?
- A . 18 U.S.C. 1029
- B . 18 U.S.C. 1362
- C . 18 U.S.C. 2511
- D . 18 U.S.C. 2703
Area density refers to:
- A . the amount of data per disk
- B . the amount of data per partition
- C . the amount of data per square inch
- D . the amount of data per platter
George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP programs without obtaining approval from the IT department. Few managers are using SFTP program on their computers. Before talking to his boss, George wants to have some proof of their activity. George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network.
What filter should George use in Ethereal?
- A . src port 23 and dst port 23
- B . udp port 22 and host 172.16.28.1/24
- C . net port 22
- D . src port 22 and dst port 22
You have compromised a lower-level administrator account on an Active Directory network of a small company in Dallas, Texas. You discover Domain Controllers through enumeration. You connect to one of the Domain Controllers on port 389 using ldp.exe .
What are you trying to accomplish here?
- A . Poison the DNS records with false records
- B . Enumerate MX and A records from DNS
- C . Establish a remote connection to the Domain Controller
- D . Enumerate domain user accounts and built-in groups
You should make at least how many bit-stream copies of a suspect drive?
- A . 1
- B . 2
- C . 3
- D . 4
What information do you need to recover when searching a victim’s computer for a crime committed with specific e-mail message?
- A . Internet service provider information
- B . E-mail header
- C . Username and password
- D . Firewall log
You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company clients. You have rummaged through their trash and found very little information. You do not want to set off any alarms on their network, so you plan on performing passive foot printing against their Web servers .
What tool should you use?
- A . Ping sweep
- B . Nmap
- C . Netcraft
- D . Dig
Kyle is performing the final testing of an application he developed for the accounting department.
His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following command .
What is he testing at this point?
#include #include int main(int argc, char
*argv[]) { char buffer[10]; if (argc < 2) { fprintf (stderr, "USAGE: %s stringn", argv[0]); return 1; }
strcpy(buffer, argv[1]); return 0; }
- A . Buffer overflow
- B . SQL injection
- C . Format string bug
- D . Kernal injection
While working for a prosecutor, what do you think you should do if the evidence you found appears to be exculpatory and is not being released to the defense?
- A . Keep the information of file for later review
- B . Destroy the evidence
- C . Bring the information to the attention of the prosecutor, his or her supervisor or finally to the judge
- D . Present the evidence to the defense attorney