312-49v10 Exam Questions Dumps, Selling EC-COUNCIL Products [Q11-Q35]

NO.11 With the standard Linux second extended file system (Ext2fs), a file is deleted when the inode internal link count reaches ________.

NO.12 When monitoring for both intrusion and security events between multiple computers, it is essential that the computers’ clocks are synchronized. Synchronized time allows an administrator to reconstruct what took place during an attack against multiple computers. Without synchronized time, it is very difficult to determine exactly when specific events took place, and how events interlace. What is the name of the service used to synchronize time among multiple computers?

NO.13 Which component in the hard disk moves over the platter to read and write information?

NO.14 Wireless access control attacks aim to penetrate a network by evading WLAN access control measures such as AP MAC filters and Wi-Fi port access controls. Which of the following wireless access control attacks allow the attacker to set up a rogue access point outside the corporate perimeter and then lure the employees of the organization to connect to it?

NO.15 Depending upon the jurisdictional areas, different laws apply to different incidents. Which of the following law is related to fraud and related activity in connection with computers?

NO.16 Why would a company issue a dongle with the software they sell?

NO.17 An investigator wants to extract passwords from SAM and System Files. Which tool can the Investigator use to obtain a list of users, passwords, and their hashes In this case?

NO.18 What layer of the OSI model do TCP and UDP utilize?

NO.19 A breach resulted from a malware attack that evaded detection and compromised the machine memory without installing any software or accessing the hard drive. What technique did the adversaries use to deliver the attack?

NO.20 In Linux OS, different log files hold different information, which help the investigators to analyze various issues during a security incident. What information can the investigators obtain from the log file var/log/dmesg?

NO.21 What is a good security method to prevent unauthorized users from “tailgating”?

NO.22 If a PDA is seized in an investigation while the device is turned on, what would be the proper procedure?

NO.23 While searching through a computer under investigation, you discover numerous files that appear to have had the first letter of the file name replaced by the hex code byte 5h. What does this indicate on the computer?

NO.24 You are working for a large clothing manufacturer as a computer forensics investigator and are called in to investigate an unusual case of an employee possibly stealing clothing designs from the company and selling them under a different brand name for a different company. What you discover during the course of the investigation is that the clothing designs are actually original products of the employee and the company has no policy against an employee selling his own designs on his own time. The only thing that you can find that the employee is doing wrong is that his clothing design incorporates the same graphic symbol as that of the company with only the wording in the graphic being different. What area of the law is the employee violating?

NO.25 Which of the following setups should a tester choose to analyze malware behavior?

NO.26 You are a security analyst performing a penetration tests for a company in the Midwest. After some initial reconnaissance, you discover the IP addresses of some Cisco routers used by the company. You type in the following URL that includes the IP address of one of the routers:
http://172.168.4.131/level/99/exec/show/config
After typing in this URL, you are presented with the entire configuration file for that router. What have you discovered?

NO.27 What must an attorney do first before you are called to testify as an expert?

NO.28 Jason is the security administrator of ACMA metal Corporation. One day he notices the company’s Oracle database server has been compromised and the customer information along with financial data has been stolen. The financial loss will be in millions of dollars if the database gets into the hands of the competitors. Jason wants to report this crime to the law enforcement agencies immediately.
Which organization coordinates computer crimes investigations throughout the United States?

NO.29 Which of the following Registry components include offsets to other cells as well as the LastWrite time for the key?

NO.30 Which of the following is a record of the characteristics of a file system, including its size, the block size, the empty and the filled blocks and their respective counts, the size and location of the inode tables, the disk block map and usage information, and the size of the block groups?

NO.31 Jason discovered a file named $RIYG6VR.doc in the C:$Recycle.Bin<USER SID> while analyzing a hard disk image for the deleted dat a. What inferences can he make from the file name?

NO.32 Which of the following is a list of recently used programs or opened files?

NO.33 The MD5 program is used to:

NO.34 A picture file is recovered from a computer under investigation. During the investigation process, the file is enlarged 500% to get a better view of its contents. The picture quality is not degraded at all from this process. What kind of picture is this file. What kind of picture is this file?

NO.35 Assume there Is a file named myflle.txt In C: drive that contains hidden data streams. Which of the following commands would you Issue to display the contents of a data stream?