When investigating a network that uses DHCP to assign IP addresses, where would you look to determine which system (MAC address) had a specific IP address at a specific time?
A. on the individual computer's ARP cache
B. in the Web Server log files
C. in the DHCP Server log files
D. there is no way to determine the specific IP address
When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?
A. a write-blocker
B. a protocol analyzer
C. a firewall
D. a disk editor
How many sectors will a 125 KB file use in a FAT32 file system?
A. 32
B. 16
C. 256
D. 25
In a FAT32 system, a 123 KB file will use how many sectors?
A. 34
B. 25
C. 11
D. 56
You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud by printing cheques that have not been authorized. You have exhaustively searched all data files on a bitmap image of the target computer, but have found no evidence. You suspect the files may not have been saved. What should you examine next in this case?
A. The registry
B. The swap file
C. The recycle bin
D. The metadata
What TCP/UDP port does the toolkit program netstat use?
A. Port 7
B. Port 15
C. Port 23
D. Port 69
Under which Federal Statutes does FBI investigate for computer crimes involving e-mail scams and mail fraud?
A. 18 U.S.C. 1029 Possession of Access Devices
B. 18 U.S.C. 1030 Fraud and related activity in connection with computers
C. 18 U.S.C. 1343 Fraud by wire, radio or television
D. 18 U.S.C. 1361 Injury to Government Property
E. 18 U.S.C. 1362 Government communication systems
F. 18 U.S.C. 1831 Economic Espionage Act
G. 18 U.S.C. 1832 Trade Secrets Act
Which federal computer crime law specifically refers to fraud and related activity in connection with access devices like routers?
A. 18 U.S.C. 1029
B. 18 U.S.C. 1362
C. 18 U.S.C. 2511
D. 18 U.S.C. 2703
Office documents (Word, Excel, PowerPoint) contain a code that allows tracking the MAC, or unique identifier, of the machine that created the document. What is that code called?
A. the Microsoft Virtual Machine Identifier
B. the Personal Application Protocol
C. the Globally Unique ID
D. the Individual ASCII String
Which response organization tracks hoaxes as well as viruses?
A. NIPC
B. FEDCIRC
C. CERT
D. CIAC
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.