EC-COUNCIL EC-COUNCIL Certifications 312-49V10 Questions & Answers

• Question 281:

  Corporate investigations are typically easier than public investigations because:

  A. the users have standard corporate equipment and software

  B. the investigator does not have to get a warrant

  C. the investigator has to get a warrant

  D. the users can load whatever they want on their machines

  Correct Answer: B

• Question 282:

  What will the following Linux command accomplish? dd if=/dev/mem of=/home/sam/mem.bin bs=1024

  A. Copy the master boot record to a file

  B. Copy the contents of the system folder em?to a fileCopy the contents of the system folder ?em?to a file

  C. Copy the running memory to a file

  D. Copy the memory dump file to an image file

  Correct Answer: C

• Question 283:

  You are carrying out the last round of testing for your new website before it goes live. The website has

  many dynamic pages and connects to a SQL backend that accesses your product inventory in a database.

  You come across a web security site that recommends inputting the following code into a search field on

  web pages to check for vulnerabilities:

  When you type this and click on search, you receive a pop-up window that says:

  "This is a test." What is the result of this test?

  A. Your website is vulnerable to SQL injection

  B. Your website is vulnerable to CSS

  C. Your website is vulnerable to web bugs

  D. Your website is not vulnerable

  Correct Answer: B

• Question 284:

  What is the name of the standard Linux command that can be used to create bit-stream images?

  A. mcopy

  B. image

  C. MD5

  D. dd

  Correct Answer: D

• Question 285:

  What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 server the course of its lifetime?

  A. forensic duplication of hard drive

  B. analysis of volatile data

  C. comparison of MD5 checksums

  D. review of SIDs in the Registry

  Correct Answer: D

• Question 286:

  A computer forensics investigator is inspecting the firewall logs for a large financial institution that has employees working 24 hours a day, 7 days a week.

  

  What can the investigator infer from the screenshot seen below?

  A. A smurf attack has been attempted

  B. A denial of service has been attempted C. Network intrusion has occurred

  D. Buffer overflow attempt on the firewall.

  Correct Answer: C

• Question 287:

  When is it appropriate to use computer forensics?

  A. If copyright and intellectual property theft/misuse has occurred

  B. If employees do not care for their boss?management techniques

  C. If sales drop off for no apparent reason for an extended period of time

  D. If a financial institution is burglarized by robbers

  Correct Answer: A

• Question 288:

  In Linux, what is the smallest possible shellcode?

  A. 8 bytes

  B. 24 bytes

  C. 800 bytes

  D. 80 bytes

  Correct Answer: B

• Question 289:

  What will the following command accomplish? C:\> nmap -v -sS -Po 172.16.28.251 - data_length 66000 packet_trace

  A. Test the ability of a router to handle under-sized packets

  B. Test ability of a router to handle over-sized packets

  C. Test the ability of a WLAN to handle fragmented packets

  D. Test the ability of a router to handle fragmented packets

  Correct Answer: B

• Question 290:

  How many possible sequence number combinations are there in TCP/IP protocol?

  A. 320 billion

  B. 1 billion

  C. 4 billion

  D. 32 million

  Correct Answer: C