312-49v10, EC-COUNCIL 0 Comments

Prepare Top EC-COUNCIL 312-49v10 Exam Study Guide Practice Questions Edition [Q401-Q425]

Rate this post

Prepare Top EC-COUNCIL 312-49v10 Exam Study Guide Practice Questions Edition

Go to 312-49v10 Questions – Try 312-49v10 dumps pdf

EC-COUNCIL 312-49v10 Exam Syllabus Topics:

Topic Details
Topic 1
  • Database Forensics
  • Network Forensics
  • Windows Forensics
Topic 2
  • Defeating Anti-Forensics Techniques
  • Malware Forensics
Topic 3
  • Computer Forensics in Today’s World
  • Investigating Web Attacks
Topic 4
  • Computer Forensics Investigation Process
  • Dark Web Forensics
  • Mobile Forensics
Topic 5
  • Understanding Hard Disks and File Systems
  • Investigating Email Crimes

 

QUESTION 401
Office documents (Word, Excel, PowerPoint) contain a code that allows tracking the MAC, or unique identifier, of the machine that created the document. What is that code called?

 
 
 
 

QUESTION 402
Fill In the missing Master Boot Record component.
1. Master boot code
2. Partition table
3._______________

 
 
 
 

QUESTION 403
What is kept in the following directory? HKLMSECURITYPolicySecrets

 
 
 
 

QUESTION 404
How many possible sequence number combinations are there in TCP/IP protocol?

 
 
 
 

QUESTION 405
What happens lo the header of the file once It Is deleted from the Windows OS file systems?

 
 
 
 

QUESTION 406
What is the size value of a nibble?

 
 
 
 

QUESTION 407
Which of the following examinations refers to the process of providing the opposing side in a trial the opportunity to question a witness?

 
 
 
 

QUESTION 408
In which cloud crime do attackers try to compromise the security of the cloud environment in order to steal data or inject a malware?

 
 
 
 

QUESTION 409
Paul is a computer forensics investigator working for Tyler & Company Consultants. Paul has been called upon to help investigate a computer hacking ring broken up by the local police. Paul begins to inventory the PCs found in the hackers hideout. Paul then comes across a PDA left by them that is attached to a number of different peripheral devices. What is the first step that Paul must take with the PDA to ensure the integrity of the investigation?

 
 
 
 

QUESTION 410
A master boot record (MBR) is the first sector (“sector zero”) of a data storage device. What is the size of MBR?

 
 
 
 

QUESTION 411
A law enforcement officer may only search for and seize criminal evidence with _______________________, which are facts or circumstances that would lead a reasonable person to believe a crime has been committed or is about to be committed, evidence of the specific crime exists and the evidence of the specific crime exists at the place to be searched.

 
 
 
 

QUESTION 412
Randy has extracted data from an old version of a Windows-based system and discovered info file Dc5.txt in the system recycle bin. What does the file name denote?

 
 
 
 

QUESTION 413
An International Mobile Equipment Identifier (IMEI) is a 15-digit number that indicates the manufacturer, model type, and country of approval for GSM devices. The first eight digits of an IMEI number that provide information about the model and origin of the mobile device is also known as:

 
 
 
 

QUESTION 414
Which of the following is NOT a graphics file?

 
 
 
 

QUESTION 415
In Linux OS, different log files hold different information, which help the investigators to analyze various issues during a security incident. What information can the investigators obtain from the log file var/log/dmesg?

 
 
 
 

QUESTION 416
The MD5 program is used to:

 
 
 
 

QUESTION 417
Steve, a forensic investigator, was asked to investigate an email incident in his organization. The organization has Microsoft Exchange Server deployed for email communications. Which among the following files will Steve check to analyze message headers, message text, and standard attachments?

 
 
 
 

QUESTION 418
Robert needs to copy an OS disk snapshot of a compromised VM to a storage account in different region for further investigation. Which of the following should he use in this scenario?

 
 
 
 

QUESTION 419
Which “Standards and Criteria” under SWDGE states that “the agency must use hardware and software that are appropriate and effective for the seizure or examination procedure”?

 
 
 
 

QUESTION 420
One way to identify the presence of hidden partitions on a suspect’s hard drive is to:

 
 
 
 

QUESTION 421
When marking evidence that has been collected with the aa/ddmmyy/nnnn/zz format, what does the nnn denote?

 
 
 
 

QUESTION 422
Which of the following is a database in which information about every file and directory on an NT File System (NTFS) volume is stored?

 
 
 
 

QUESTION 423
If a PDA is seized in an investigation while the device is turned on, what would be the proper procedure?

 
 
 
 

QUESTION 424
To which phase of the computer forensics investigation process does “planning and budgeting of a forensics lab” belong?

 
 
 
 

QUESTION 425
Which of the following is a federal law enacted in the US to control the ways that financial institutions deal with the private information of individuals?

 
 
 
 

Free CHFI v10 312-49v10 Exam Question: https://www.examslabs.com/EC-COUNCIL/CHFI-v10/best-312-49v10-exam-dumps.html