1. Home
  2. ECCouncil
  3. No Cert Assigned
  4. 312-49
  5. Computer Hacking Forensic Investigator Questions and Answers

Pass the ECCouncil No Cert Assigned 312-49 Questions and answers with CertsForce

 ECCouncil Exams      Go to Exam Detail      Get Premium Access
Viewing page 8 out of 11 pages
Viewing questions 106-120 out of questions
Questions # 106:

Terri works for a security consulting firm that is currently performing a penetration test on First National Bank in Tokyo. Terri's duties include bypassing firewalls and switches to gain access to the network. Terri sends an IP packet to one of the company's switches with ACK bit and the source address of her machine set. What is Terri trying to accomplish by sending this IP packet?

Options:
A.

Trick the switch into thinking it already has a session with Terri's computer

B.

Poison the switch's MAC address table by flooding it with ACK bits

C.

Crash the switch with a DoS attack since switches cannot send ACK bits

D.

Enable tunneling feature on the switch

Questions # 107:

What operating system would respond to the following command?

Options:
A.

Windows 95

B.

FreeBSD

C.

Windows XP

D.

Mac OS X

Questions # 108:

Why is it still possible to recover files that have been emptied from the Recycle Bin on a Windows computer?

Options:
A.

The data is still present until the original location of the file is used

B.

The data is moved to the Restore directory and is kept there indefinitely

C.

The data will reside in the L2 cache on a Windows computer until it is manually deleted

D.

It is not possible to recover data that has been emptied from the Recycle Bin

Questions # 109:

While searching through a computer under investigation, you discover numerous files that appear to have had the first letter of the file name replaced by the hex code byte 5h. What does this indicate on the computer?

Options:
A.

The files have been marked as hidden

B.

The files have been marked for deletion

C.

The files are corrupt and cannot be recovered

D.

The files have been marked as read-only

Questions # 110:

What does 254 represent in ICCID 89254021520014515744?

Options:
A.

Industry Identifier Prefix

B.

Country Code

C.

Individual Account Identification Number

D.

Issuer Identifier Number

Questions # 111:

You are assigned a task to examine the log files pertaining to MyISAM storage engine. While examining, you are asked to perform a recovery operation on a MyISAM log file. Which among the following MySQL Utilities allow you to do so?

Options:
A.

mysqldump

B.

myisamaccess

C.

myisamlog

D.

myisamchk

Questions # 112:

Identify the file system that uses $BitMap file to keep track of all used and unused clusters on a volume.

Options:
A.

NTFS

B.

FAT

C.

EXT

D.

FAT32

Questions # 113:

You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?

Options:
A.

0:1000, 150

B.

0:1709, 150

C.

1:1709, 150

D.

0:1709-1858

Questions # 114:

Data is striped at a byte level across multiple drives, and parity information is distributed among all member drives.

Question # 114

What RAID level is represented here?

Options:
A.

RAID Level 0

B.

RAID Level 5

C.

RAID Level 3

D.

RAID Level 1

Questions # 115:

Which of the following tools is not a data acquisition hardware tool?

Options:
A.

UltraKit

B.

Atola Insight Forensic

C.

F-Response Imager

D.

Triage-Responder

Questions # 116:

Area density refers to:

Options:
A.

the amount of data per disk

B.

the amount of data per partition

C.

the amount of data per square inch

D.

the amount of data per platter

Questions # 117:

Jason discovered a file named $RIYG6VR.doc in the C:\$Recycle.Bin\\ while analyzing a hard disk image for the deleted data. What inferences can he make from the file name?

Options:
A.

It is a doc file deleted in seventh sequential order

B.

RIYG6VR.doc is the name of the doc file deleted from the system

C.

It is file deleted from R drive

D.

It is a deleted doc file

Questions # 118:

What should you do when approached by a reporter about a case that you are working on or have worked on?

Options:
A.

Refer the reporter to the attorney that retained you

B.

Say, "no comment"

C.

Answer all the reporter’s questions as completely as possible

D.

Answer only the questions that help your case

Questions # 119:

Which of the following refers to the process of the witness being questioned by the attorney who called the latter to the stand?

Options:
A.

Witness Authentication

B.

Direct Examination

C.

Expert Witness

D.

Cross Questioning

Questions # 120:

While presenting his case to the court, Simon calls many witnesses to the stand to testify. Simon decides to call Hillary Taft, a lay witness, to the stand. Since Hillary is a lay witness, what field would she be considered an expert in?

Options:
A.

Technical material related to forensics

B.

No particular field

C.

Judging the character of defendants/victims

D.

Legal issues

Viewing page 8 out of 11 pages
Viewing questions 106-120 out of questions