1. Home
  2. ECCouncil
  3. No Cert Assigned
  4. 312-49
  5. Computer Hacking Forensic Investigator Questions and Answers

Pass the ECCouncil No Cert Assigned 312-49 Questions and answers with CertsForce

 ECCouncil Exams      Go to Exam Detail      Get Premium Access
Viewing page 10 out of 11 pages
Viewing questions 136-150 out of questions
Questions # 136:

Which of the following is a federal law enacted in the US to control the ways that financial institutions deal with the private information of individuals?

Options:
A.

SOX

B.

HIPAA 1996

C.

GLBA

D.

PCI DSS

Questions # 137:

One technique for hiding information is to change the file extension from the correct one to one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?

Options:
A.

the File Allocation Table

B.

the file header

C.

the file footer

D.

the sector map

Questions # 138:

What is the name of the Standard Linux Command that is also available as windows application that can be used to create bit-stream images?

Options:
A.

mcopy

B.

image

C.

MD5

D.

dd

Questions # 139:

For what purpose do the investigators use tools like iPhoneBrowser, iFunBox, OpenSSHSSH, and iMazing?

Options:
A.

Bypassing iPhone passcode

B.

Debugging iPhone

C.

Rooting iPhone

D.

Copying contents of iPhone

Questions # 140:

Which of the following protocols allows non-ASCII files, such as video, graphics, and audio, to be sent through the email messages?

Options:
A.

MIME

B.

BINHEX

C.

UT-16

D.

UUCODE

Questions # 141:

Which of the following data structures stores attributes of a process, as well as pointers to other attributes and data structures?

Options:
A.

Lsproc

B.

DumpChk

C.

RegEdit

D.

EProcess

Questions # 142:

Which of the following commands shows you the username and IP address used to access the system via a remote login session and the type of client from which they are accessing the system?

Options:
A.

Net config

B.

Net sessions

C.

Net share

D.

Net stat

Questions # 143:

You have been given the task to investigate web attacks on a Windows-based server. Which of the following commands will you use to look at the sessions the machine has opened with other systems?

Options:
A.

Net sessions

B.

Net config

C.

Net share

D.

Net use

Questions # 144:

In what way do the procedures for dealing with evidence in a criminal case differ from the procedures for dealing with evidence in a civil case?

Options:
A.

evidence must be handled in the same way regardless of the type of case

B.

evidence procedures are not important unless you work for a law enforcement agency

C.

evidence in a criminal case must be secured more tightly than in a civil case

D.

evidence in a civil case must be secured more tightly than in a criminal case

Questions # 145:

Which of the following is NOT a physical evidence?

Options:
A.

Removable media

B.

Cables

C.

Image file on a hard disk

D.

Publications

Questions # 146:

What is the default IIS log location?

Options:
A.

SystemDrive\inetpub\LogFiles

B.

%SystemDrive%\inetpub\logs\LogFiles

C.

%SystemDrive\logs\LogFiles

D.

SystemDrive\logs\LogFiles

Questions # 147:

When a file is deleted by Windows Explorer or through the MS-DOS delete command, the operating system inserts _______________ in the first letter position of the filename in the FAT database.

Options:
A.

A Capital X

B.

A Blank Space

C.

The Underscore Symbol

D.

The lowercase Greek Letter Sigma (s)

Questions # 148:

An investigator has acquired packed software and needed to analyze it for the presence of malice. Which of the following tools can help in finding the packaging software used?

Options:
A.

SysAnalyzer

B.

PEiD

C.

Comodo Programs Manager

D.

Dependency Walker

Questions # 149:

What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever the course of its lifetime?

Options:
A.

forensic duplication of hard drive

B.

analysis of volatile data

C.

comparison of MD5 checksums

D.

review of SIDs in the Registry

Questions # 150:

What type of analysis helps to identify the time and sequence of events in an investigation?

Options:
A.

Time-based

B.

Functional

C.

Relational

D.

Temporal

Viewing page 10 out of 11 pages
Viewing questions 136-150 out of questions