Share ECCouncil 312-49 exam practice questions and answers from Lead4Pass latest updated 312-49 dumps free of charge.
Get the latest uploaded 312-49 dumps pdf from google driver online. To get the full ECCouncil 312-49 dumps PDF or dumps
VCE visit: https://www.leads4pass.com/312-49.html (Q&As: 531). all ECCouncil 312-49 exam questions have been updated, the answer has been corrected!
Make sure your exam questions are real and effective to help you pass your first exam!
[ECCouncil 312-49 Dumps pdf] Latest ECCouncil 312-49 Dumps PDF collected by Lead4pass Google Drive:
https://drive.google.com/file/d/1GBpzs4Q60St8b8im1L-ET7nTz4scPLbo/
[ECCouncil 312-49 Youtube] ECCouncil 312-49 exam questions and answers are shared free of charge from Youtube watching uploads from Lead4pass
Latest Update ECCouncil 312-49 Exam Practice Questions and Answers Online Test
QUESTION 1
Billy, a computer forensics expert, has recovered a large number of DBX files during the forensic investigation of a
laptop. Which of the following email clients can he use to analyze the DBX files?
A. Microsoft Outlook
B. Eudora
C. Mozilla Thunderbird
D. Microsoft Outlook Express
Correct Answer: D
QUESTION 2
When an investigator contacts by telephone the domain administrator or controller listed by a Who is lookup to request
all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and
obligates the ISP to preserve e-mail records?
A. Title 18, Section 1030
B. Title 18, Section 2703(d)
C. Title 18, Section Chapter 90
D. Title 18, Section 2703(f)
Correct Answer: D
QUESTION 3
Which of the following Windows-based tool displays who is logged onto a computer, either locally or remotely?
A. Tokenmon
B. PSLoggedon
C. TCPView
D. Process Monitor
Correct Answer: B
QUESTION 4
A picture file is recovered from a computer under investigation. During the investigation process, the file is enlarged
500% to get a better view of its contents. The picture quality is not degraded at all from this process. What kind of
picture is this file. What kind of picture is this file?
A. Raster image
B. Vector image
C. Metafile image
D. Catalog image
Correct Answer: B
QUESTION 5
Which of the following statements is incorrect when preserving digital evidence?
A. Verify if the monitor is in on, off, or in sleep mode
B. Turn on the computer and extract Windows event viewer log files
C. Remove the plug from the power router or modem
D. Document the actions and changes that you observe in the monitor, computer, printer, or in other peripherals
Correct Answer: B
QUESTION 6
What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever
the course of its lifetime?
A. forensic duplication of hard drive
B. analysis of volatile data
C. comparison of MD5 checksums
D. review of SIDs in the Registry
Correct Answer: C
QUESTION 7
Julia is a senior security analyst for Berber Consulting group. She is currently working on a contract for a small
accounting firm in Florid a. They have given her permission to perform social engineering attacks on the company to
see if their in-house training did any good. Julia calls the main number for the accounting firm and talks to the
receptionist. Julia says that she is an IT technician from the company\\’s main office in Iowa. She states that she needs
the receptionist\\’s network username and password to troubleshoot a problem they are having. Julia says that Bill
Hammond, the CEO of the company, requested this information. After hearing the name of the CEO, the receptionist
gave Julia all the information she asked for. What principal of social engineering did Julia use?
A. Social Validation
B. Scarcity
C. Friendship/Liking
D. Reciprocation
Correct Answer: D
QUESTION 8
Sectors in hard disks typically contain how many bytes?
A. 256
B. 512
C. 1024
D. 2048
Correct Answer: B
QUESTION 9
Which of the following reports are delivered under oath to a board of directors/managers/panel of the jury?
A. Written Formal Report
B. Verbal Formal Report
C. Verbal Informal Report
D. Written Informal Report
Correct Answer: B
QUESTION 10
Volatile Memory is one of the leading problems for forensics. Worms such as code Red are memory resident and do
write themselves to the hard drive, if you turn the system off they disappear. In a lab environment, which of the following
options would you suggest as the most appropriate to overcome the problem of capturing volatile memory?
A. Use VMware to be able to capture the data in memory and examine it
B. Give the Operating System a minimal amount of memory, forcing it to use a swap file
C. Create a Separate partition of several hundred megabytes and place the swap file there
D. Use intrusion forensic techniques to study memory resident infections
Correct Answer: C
QUESTION 11
The MD5 program is used to:
A. wipe magnetic media before recycling it
B. make directories on an evidence disk
C. view graphics files on an evidence drive
D. verify that a disk is not altered when you examine it
Correct Answer: D
QUESTION 12
If you plan to startup a suspect\\’s computer, you must modify the ___________ to ensure that you do not contaminate
or alter data on the suspect\\’s hard drive by booting to the hard drive.
A. deltree command
B. CMOS
C. Boot.sys
D. Scandisk utility
Correct Answer: C
QUESTION 13
When examining the log files from a Windows IIS Web Server, how often is a new log file created?
A. the same log is used at all times
B. a new log file is created everyday
C. a new log file is created each week
D. a new log is created each time the Web Server is started
Correct Answer: A
For the full ECCouncil 312-49 exam dumps from Lead4pass 312-49 Dumps pdf or Dumps VCE visit: https://www.leads4pass.com/312-49.html (Q&As: 531 dumps)
ps.
Get free ECCouncil 312-49 dumps PDF online: https://drive.google.com/file/d/1GBpzs4Q60St8b8im1L-ET7nTz4scPLbo/