While searching through a computer under investigation, you discover numerous files that appear to have had the first letter of the file name replaced by the hex code byte 5h.?What does this indicate on the computer?replaced by the hex code byte ?5h.?What does this indicate on the computer?
A. The files have been marked as hidden
B. The files have been marked for deletion
C. The files are corrupt and cannot be recovered
D. The files have been marked as read-only
What type of attack sends spoofed UDP packets (instead of ping packets) with a fake source address to the IP broadcast address of a large network?
A. Fraggle
B. Smurf scan
C. SYN flood
D. Teardrop
Kyle is performing the final testing of an application he developed for the accounting department. His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following command. What is he testing at this point? #include #include int main(int argc, char *argv[]) { char buffer[10]; if (argc < 2) { fprintf (stderr, "USAGE: %s string\n", argv[0]); return 1; } strcpy(buffer, argv[1]); return 0; }
A. SQL injection
B. Format string bug
C. Buffer overflow
D. Kernal injection
You are assigned to work in the computer forensics lab of a state police agency. While working on a high profile criminal case, you have followed every applicable procedure, however your boss is still concerned that the defense attorney might question wheather evidence has been changed while at the lab. What can you do to prove that the evidence is the same as it was when it first entered the lab?
A. Sign a statement attesting that the evidence is the same as it was when it entered the lab
B. There is no reason to worry about this possible claim because state labs are certified
C. Make MD5 hashes of the evidence and compare it to the standard database developed by NIST
D. Make MD5 hashes of the evidence and compare it with the original MD5 hash that was taken when the evidence first entered the lab
Terri works for a security consulting firm that is currently performing a penetration test on First National Bank in Tokyo. Terri's duties include bypassing firewalls and switches to gain access to the network. Terri sends an IP packet to one of the company's switches with ACK bit and the source address of her machine set. What is Terri trying to accomplish by sending this IP packet?
A. Poison the switch's MAC address table by flooding it with ACK bits
B. Crash the switch with aDoS attack since switches cannot send ACK bits
C. Enable tunneling feature on the switch
D. Trick the switch into thinking it already has a session with Terri's computer
What file structure database would you expect to find on floppy disks?
A. NTFS
B. FAT32
C. FAT16
D. FAT12
When reviewing web logs, you see an entry for esource not found?in the HTTP status code field. What is the actual error code that you wouldWhen reviewing web logs, you see an entry for ?esource not found?in the HTTP status code field. What is the actual error code that you would see in the log for esource not found?see in the log for ?esource not found?
A. 202
B. 404
C. 606
D. 999
While working for a prosecutor, What do you think you should do if the evidence you found appears to be exculpatory and is not being released to the defense ?
A. Keep the information of file for later review
B. Destroy the evidence
C. Bring the information to the attention of the prosecutor, his or her supervisor or finally to the judge
D. Present the evidence to the defense attorney
When investigating a wireless attack, what information can be obtained from the DHCP logs?
A. The operating system of the attacker and victim computersThe operating system of the attacker and victim? computers
B. IP traffic between the attacker and the victim
C. MAC address of the attacker If any computers on the network are running in promiscuous mode
After passively scanning the network of Department of Defense (DoD), you switch over to active scanning to identify live hosts on their network. DoD is a large organization and should respond to any number of scans. You start an ICMP ping sweep by sending an IP packet to the broadcast address. Only five hosts responds to your ICMP pings; definitely not the number of hosts you were expecting. Why did this ping sweep only produce a few responses?
A. Only IBM AS/400 will reply to this scan
B. Only Windows systems will reply to this scan
C. Only Unix and Unix-like systems will reply to this scan
D. A switched network will not respond to packets sent to the broadcast address
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-49V10 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.