Eccouncil 312-49 Exam Questions Instant Access

Question 1

Identify the term that refers to individuals who, by virtue of their knowledge and expertise, express an independent opinion on a matter related to a case based on the information that is provided.

AExpert Witness

BEvidence Examiner

CForensic Examiner

DDefense Witness

Answer : A

Question 2

Your company uses Cisco routers exclusively throughout the network. After securing the routers to the best of your knowledge, an outside security firm is brought in to assess the network security.

Although they found very few issues, they were able to enumerate the model, OS version, and capabilities for all your Cisco routers with very little effort. Which feature will you disable to eliminate the ability to enumerate this information on your Cisco routers?

ABorder Gateway Protocol

BCisco Discovery Protocol

CBroadcast System Protocol

DSimple Network Management Protocol

Answer : B

Question 3

The MAC attributes are timestamps that refer to a time at which the file was last modified or last accessed or originally created. Which of the following file systems store MAC attributes in Coordinated Universal Time (UTC) format?

AFile Allocation Table (FAT

BNew Technology File System (NTFS)

CHierarchical File System (HFS)

DGlobal File System (GFS)

Answer : B

Question 4

Why is it a good idea to perform a penetration test from the inside?

AIt is never a good idea to perform a penetration test from the inside

BBecause 70% of attacks are from inside the organization

CTo attack a network from a hacker's perspective

DIt is easier to hack from the inside

Answer : B

Question 5

Which of the following standard represents a legal precedent sent in 1993 by the Supreme Court of the United States regarding the admissibility of expert witnesses' testimony during federal legal proceedings?

AIOCE

BSWGDE & SWGIT

CFrye

DDaubert

Answer : D

Question 6

Daryl, a computer forensics investigator, has just arrived at the house of an alleged computer hacker. Daryl takes pictures and tags all computer and peripheral equipment found in the house. Daryl packs all the items found in his van and takes them back to his lab for further examination. At his lab, Michael his assistant helps him with the investigation. Since Michael is still in training, Daryl supervises all of his work very carefully. Michael is not quite sure about the procedures to copy all the data off the computer and peripheral devices. How many data acquisition tools should Michael use when creating copies of the evidence for the investigation?

ATwo

BOne

CThree

DFour

Answer : A

Question 7

Email archiving is a systematic approach to save and protect the data contained in emails so that it can be accessed fast at a later date. There are two main archive types, namely Local Archive and Server Storage Archive. Which of the following statements is correct while dealing with local archives?

AServer storage archives are the server information and settings stored on a local system, whereas the local archives are the local email client information stored on the mail server

BIt is difficult to deal with the webmail as there is no offline archive in most cases. So consult your counsel on the case as to the best way to approach and gain access to the required data on servers

CLocal archives should be stored together with the server storage archives in order to be admissible in a court of law

DLocal archives do not have evidentiary value as the email client may alter the message data

Answer : B

Eccouncil Computer Hacking Forensic Investigator V10 312-49 Exam Questions