A Review Of Actual 312-49v9 Practice Question

Examcollection offers free demo for 312-49v9 exam. "ECCouncil Computer Hacking Forensic Investigator (V9)", also known as 312-49v9 exam, is a EC-Council Certification. This set of posts, Passing the EC-Council 312-49v9 exam, will help you answer those questions. The 312-49v9 Questions & Answers covers all the knowledge points of the real exam. 100% real EC-Council 312-49v9 exams and revised by experts!

EC-Council 312-49v9 Free Dumps Questions Online, Read and Test Now.


In handling computer-related incidents, which IT role should be responsible for recovery, containment, and prevention to constituents?

  • A. Security Administrator
  • B. Network Administrator
  • C. Director of Information Technology
  • D. Director of Administration

Answer: B


George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP programs without obtaining approval from the IT department. Few managers are using SFTP program on their computers. Before talking to his boss, George wants to have some proof of their activity. George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network. What filter should George use in Ethereal?

  • A. src port 23 and dst port 23
  • B. src port 22 and dst port 22
  • C. udp port 22 and host
  • D. net port 22

Answer: B


What type of attack occurs when an attacker can force a router to stop forwarding packets by flooding the router with many open connections simultaneously so that all the hosts behind the router are effectively disabled?

  • A. ARP redirect
  • B. Physical attack
  • C. Digital attack
  • D. Denial of service

Answer: D


When needing to search for a website that is no longer present on the Internet today but was online few years back, what site can be used to view the website collection of pages?view the website? collection of pages?

  • A. Proxify.net
  • B. Dnsstuff.com
  • C. Samspade.org
  • D. Archive.org

Answer: D


What technique is used by JPEGs for compression?

  • A. ZIP
  • B. TCD
  • C. DCT
  • D. TIFF-8

Answer: C


The efforts to obtain information before a trial by demanding documents, depositions, questions and answers written under oath, written requests for admissions of fact, and examination of the scene is a description of what legal term?

  • A. Detection
  • B. Hearsay
  • C. Spoliation
  • D. Discovery

Answer: D


George was recently fired from his job as an IT analyst at Pitts and Company in Dallas Texas. His main duties as an analyst were to support the company Active Directory structure and to create network polices. George now wants to break into the company network by cracking some ofcompany? Active Directory structure and to create network polices. George now wants to break into the company? network by cracking some of the service accounts he knows about. Which password cracking technique should George use in this situation?

  • A. Brute force attack
  • B. Syllable attack
  • C. Rule-based attack
  • D. Dictionary attack

Answer: C


Which of the following is not an example of a cyber-crime?

  • A. Fraud achieved by the manipulation of the computer records
  • B. Firing an employee for misconduct
  • C. Deliberate circumvention of the computer security systems
  • D. Intellectual property theft, including software piracy

Answer: B


Attacker uses vulnerabilities in the authentication or session management functions such as exposed accounts, session IDs, logout, password management, timeouts, remember me. secret question, account update etc. to impersonate users, if a user simply closes the browser without logging out from sites accessed through a public computer, attacker can use the same browser later and exploit the user's privileges. Which of the following vulnerability/exploitation is referred above?

  • A. Session ID in URLs
  • B. Timeout Exploitation
  • C. I/O exploitation
  • D. Password Exploitation

Answer: B


Study the log given below and answer the following question:
Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from
Apr 24 14:46:46 [4663]: IDS27/FIN Scan: -> Apr 24 18:01:05 [4663]:
IDS/DNS-version-query: ->
Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: ->
Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from
Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: ->
Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: ->
Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: ->
Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: ->
Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: -> Apr 26 06:43:05 [6283]:
IDS181/nops-x86: ->
Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by (uid=0)
Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506) Apr 26 06:45:34 [6283]: IDS175/socks-probe: ->
Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: ->
Precautionary measures to prevent this attack would include writing firewall rules. Of these firewall rules, which among the following would be appropriate?

  • A. Disallow UDP 53 in from outside to DNS server
  • B. Allow UDP 53 in from DNS server to outside
  • C. Disallow TCP 53 in from secondaries or ISP server to DNS server
  • D. Block all UDP traffic

Answer: A


When NTFS Is formatted, the format program assigns the _____ sectors to the boot sectors and to the bootstrap code

  • A. First 12
  • B. First 16
  • C. First 22
  • D. First 24

Answer: B


What is static executable file analysis?

  • A. It is a process that consists of collecting information about and from an executable file without actually launching the file under any circumstances
  • B. It is a process that consists of collecting information about and from an executable file by launching the file under any circumstances
  • C. It is a process that consists of collecting information about and from an executable file without actually launching an executable file in a controlled and monitored environment
  • D. It is a process that consists of collecting information about and from an executable file by launching an executable filein a controlled and monitored environment

Answer: A


You have been called in to help with an investigation of an alleged network intrusion. After questioning the members of the company ITYou have been called in to help with an investigation of an alleged network intrusion. After questioning the members of the company? IT department, you search through the server log files to find any trace of the intrusion. After that you decide to telnet into one of the company routers to see if there is any evidence to be found. While connected to the router, you see some unusual activity and believe that the attackers are currently connected to that router. You start up an ethereal session to begin capturing traffic on the router that could be used in the investigation. At what layer of the OSI model are you monitoring while watching traffic to and from the router?

  • A. Network
  • B. Transport
  • C. Data Link
  • D. Session

Answer: A


Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM file on a computer. Where should Harold navigate on the computer to find the file?

  • A. %systemroot%\LSA
  • B. %systemroot%\system32\drivers\etc
  • C. %systemroot%\repair
  • D. %systemroot%\system32\LSA

Answer: C


What type of attack sends spoofed UDP packets (instead of ping packets) with a fake source address to the IP broadcast address of a large network?

  • A. Fraggle
  • B. Smurf scan
  • C. SYN flood
  • D. Teardrop

Answer: A


System software password cracking is defined as cracking the operating system and all other utilities that enable a computer to function

  • A. True
  • B. False

Answer: A


What binary coding is used most often for e-mail purposes?

  • A. SMTP
  • B. Uuencode
  • C. IMAP
  • D. MIME

Answer: D


Buffer Overflow occurs when an application writes more data to a block of memory, or buffer, than the buffer is allocated to hold. Buffer overflow attacks allow an attacker to modify the ___ in order to control the process execution, crash the process and modify internal variables.

  • A. Target process's address space
  • B. Target remote access
  • C. Target rainbow table
  • D. Target SAM file

Answer: A


What encryption technology is used on Blackberry devices?Password Keeper?

  • A. 3DES
  • B. AES
  • C. Blowfish
  • D. RC5

Answer: B


Meyer Electronics Systems just recently had a number of laptops stolen out of their office. On these laptops contained sensitive corporate information regarding patents and company strategies. A month after the laptops were stolen, a competing company was found to have just developed products that almost exactly duplicated products that Meyer produces. What could have prevented this information from being stolen from the laptops?

  • A. DFS Encryption
  • B. EFS Encryption
  • C. SDW Encryption
  • D. IPS Encryption

Answer: B


If a suspect computer is located in an area that may have toxic chemicals, you must:

  • A. coordinate with the HAZMAT team
  • B. determine a way to obtain the suspect computer
  • C. assume the suspect machine is contaminated
  • D. do not enter alone

Answer: A


Hash injection attack allows attackers to inject a compromised hash into a local session and use the hash to validate network resources.

  • A. True
  • B. False

Answer: A


The use of warning banners helps a company avoid litigation by overcoming an employees assumed when connecting to the company intranet, network, or virtual private network (VPN) and will allow the company investigators to monitor, search, and retrievecompany? intranet, network, or virtual private network (VPN) and will allow the company? investigators to monitor, search, and retrieve information stored within the network.

  • A. Right to work
  • B. Right of free speech
  • C. Right to Internet access
  • D. Right of privacy

Answer: D


An investigator is searching through the firewall logs of a company and notices ICMP packets that are larger than 65,536 bytes. What type of activity is the investigator seeing?

  • A. Smurf
  • B. Ping of death
  • C. Fraggle
  • D. Nmap scan

Answer: B


How do you define forensic computing?

  • A. It is the science of capturing, processing, and investigating data security incidents and making it acceptable to a court of law.
  • B. It is a methodology of guidelines that deals with the process of cyber investigation
  • C. It Is a preliminary and mandatory course necessary to pursue and understand fundamental principles of ethical hacking
  • D. It is the administrative and legal proceeding in the process of forensic investigation

Answer: A


The evolution of web services and their increasing use in business offers new attack vectors in an application framework. Web services are based on XML protocols such as web Services Definition Language (WSDL) for describing the connection points, Universal Description, Discovery, and Integration (UDDI) for the description and discovery of Web services and Simple Object Access Protocol (SOAP) for communication between Web services that are vulnerable to various web application threats. Which of the following layer in web services stack is vulnerable to fault code leaks?

  • A. Presentation Layer
  • B. Security Layer
  • C. Discovery Layer
  • D. Access Layer

Answer: C


Davidson Trucking is a small transportation company that has three local offices in Detroit Michigan. Ten female employees that work for the company have gone to an attorney reporting that male employees repeatedly harassed them and that management did nothing to stop the problem. Davidson has employee policies that outline all company guidelines, including awareness on harassment and how it will not be tolerated. When the case is brought to court, whom should the prosecuting attorney call upon for not upholding company policy?

  • A. IT personnel
  • B. Employees themselves
  • C. Supervisors
  • D. Administrative assistant in charge of writing policies

Answer: C


A packet is sent to a router that does not have the packet destination address in its route table, how will the packet get to its properA packet is sent to a router that does not have the packet? destination address in its route table, how will the packet get to its proper destination?

  • A. Border Gateway Protocol
  • B. Root Internet servers
  • C. Gateway of last resort
  • D. Reverse DNS

Answer: C


What type of attack sends SYN requests to a target system with spoofed IP addresses?

  • A. SYN flood
  • B. Ping of death
  • C. Cross site scripting
  • D. Land

Answer: A


Thanks for reading the newest 312-49v9 exam dumps! We recommend you to try the PREMIUM 2passeasy 312-49v9 dumps in VCE and PDF here: https://www.2passeasy.com/dumps/312-49v9/ (209 Q&As Dumps)