Eccouncil 312-49 Exam Questions Instant Access

Question 1

SO/IEC 17025 is an accreditation for which of the following:

ACHFI issuing agency

BEncryption

CForensics lab licensing

DChain of custody

Answer : C

Question 2

The information security manager at a national legal firm has received several alerts from the intrusion detection system that a known attack signature was detected against the organization's file server. What should the information security manager do first?

AReport the incident to senior management

BUpdate the anti-virus definitions on the file server

CDisconnect the file server from the network

DManually investigate to verify that an incident has occurred

Answer : C

Question 3

You have used a newly released forensic investigation tool, which doesn't meet the Daubert Test, during a case. The case has ended-up in court. What argument could the defense make to weaken your case?

AThe tool hasn't been tested by the International Standards Organization (ISO)

BOnly the local law enforcement should use the tool

CThe total has not been reviewed and accepted by your peers

DYou are not certified for using the tool

Answer : C

Question 4

Why should you note all cable connections for a computer you want to seize as evidence?

Ato know what outside connections existed

Bin case other devices were connected

Cto know what peripheral devices exist

Dto know what hardware existed

Answer : A

Question 5

Using Linux to carry out a forensics investigation, what would the following command accomplish?

dd if=/usr/home/partition.image of=/dev/sdb2 bs=4096 conv=notrunc,noerror

ASearch for disk errors within an image file

BBackup a disk to an image file

CCopy a partition to an image file

DRestore a disk from an image file

Answer : D

Question 6

Which of the following tool enables data acquisition and duplication?

AColasoft's Capsa

BDriveSpy

CWireshark

DXplico

Answer : B

Question 7

Tasklist command displays a list of applications and services with their Process ID (PID) for all tasks running on either a local or a remote computer. Which of the following tasklist commands provides information about the listed processes, including the image name, PID, name, and number of the session for the process?

Atasklist /p

Btasklist /v

Ctasklist /u

Dtasklist /s

Answer : B

Eccouncil Computer Hacking Forensic Investigator V10 312-49 Exam Questions