312-49v10 Braindumps PDF, EC-COUNCIL 312-49v10 Exam Cram [Q291-Q313]

NO.291 Paraben Lockdown device uses which operating system to write hard drive data?

NO.292 Chris has been called upon to investigate a hacking incident reported by one of his clients. The company suspects the involvement of an insider accomplice in the attack. Upon reaching the incident scene, Chris secures the physical area, records the scene using visual medi a. He shuts the system down by pulling the power plug so that he does not disturb the system in any way. He labels all cables and connectors prior to disconnecting any. What do you think would be the next sequence of events?

NO.293 In which registry does the system store the Microsoft security IDs?

NO.294 Paul’s company is in the process of undergoing a complete security audit including logical and physical security testing. After all logical tests were performed; it is now time for the physical round to begin. None of the employees are made aware of this round of testing. The security-auditing firm sends in a technician dressed as an electrician. He waits outside in the lobby for some employees to get to work and follows behind them when they access the restricted areas. After entering the main office, he is able to get into the server room telling the IT manager that there is a problem with the outlets in that room. What type of attack has the technician performed?

NO.295 Investigators can use the Type Allocation Code (TAC) to find the model and origin of a mobile device. Where is TAC located in mobile devices?

NO.296 Which forensic investigation methodology believes that criminals commit crimes solely to benefit their criminal enterprises?

NO.297 Daryl, a computer forensics investigator, has just arrived at the house of an alleged computer hacker. Daryl takes pictures and tags all computer and peripheral equipment found in the house. Daryl packs all the items found in his van and takes them back to his lab for further examination. At his lab, Michael his assistant helps him with the investigation. Since Michael is still in training, Daryl supervises all of his work very carefully. Michael is not quite sure about the procedures to copy all the data off the computer and peripheral devices. How many data acquisition tools should Michael use when creating copies of the evidence for the investigation?

NO.298 Which of the following protocols allows non-ASCII files, such as video, graphics, and audio, to be sent through the email messages?

NO.299 During an investigation, an employee was found to have deleted harassing emails that were sent to someone else. The company was using Microsoft Exchange and had message tracking enabled. Where could the investigator search to find the message tracking log file on the Exchange server?

NO.300 In which of these attacks will a steganalyst use a random message to generate a stego-object by using some steganography tool, to find the steganography algorithm used to hide the information?

NO.301 This organization maintains a database of hash signatures for known software.

NO.302 Watson, a forensic investigator, is examining a copy of an ISO file stored in CDFS format. What type of evidence is this?

NO.303 Printing under a Windows Computer normally requires which one of the following files types to be created?

NO.304 Which of the following is NOT an anti-forensics technique?

NO.305 All Blackberry email is eventually sent and received through what proprietary RIM-operated mechanism?

NO.306 Item 2If you come across a sheepdip machine at your client site, what would you infer?

NO.307 Who is responsible for the following tasks?

NO.308 How many possible sequence number combinations are there in TCP/IP protocol?

NO.309 When using Windows acquisitions tools to acquire digital evidence, it is important to use a well-tested hardware write-blocking device to:

NO.310 Raw data acquisition format creates _________ of a data set or suspect drive.

NO.311 The rule of thumb when shutting down a system is to pull the power plug. However, it has certain drawbacks. Which of the following would that be?

NO.312 Which of the following statements is TRUE with respect to the Registry settings in the user start-up folder HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce.

NO.313 You are conducting an investigation of fraudulent claims in an insurance company that involves complex text searches through large numbers of documents. Which of the following tools would allow you to quickly and efficiently search for a string within a file on the bitmap image of the target computer?