EC-COUNCIL EC-COUNCIL Certifications 312-49V8 Questions & Answers

• Question 111:

  Computer forensics report provides detailed information on complete computer forensics investigation process. It should explain how the incident occurred, provide technical details of the incident and should be clear to understand. Which of the following attributes of a forensics report can render it inadmissible in a court of law?

  A. It includes metadata about the incident

  B. It includes relevant extracts referred to In the report that support analysis or conclusions

  C. It is based on logical assumptions about the incident timeline

  D. It maintains a single document style throughout the text

  Correct Answer: C

• Question 112:

  Email spoofing refers to:

  A. The forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source

  B. The criminal act of sending an illegitimate email, falsely claiming to be from a legitimate site in an attempt to acquire the user's personal or account information

  C. Sending huge volumes of email to an address in an attempt to overflow the mailbox or overwhelm the server where the email address Is hosted to cause a denial-of-service attack

  D. A sudden spike of "Reply All" messages on an email distribution list, caused by one misdirected message

  Correct Answer: A

• Question 113:

  Data is striped at a byte level across multiple drives and parity information is distributed among all member drives.

  

  What RAID level is represented here?

  A. RAID Level0

  B. RAID Level 1

  C. RAID Level 3

  D. RAID Level 5

  Correct Answer: D

• Question 114:

  What is a chain of custody?

  A. A legal document that demonstrates the progression of evidence as it travels from the original evidence location to the forensic laboratory

  B. It is a search warrant that is required for seizing evidence at a crime scene

  C. It Is a document that lists chain of windows process events

  D. Chain of custody refers to obtaining preemptive court order to restrict further damage of evidence in electronic seizures

  Correct Answer: A

• Question 115:

  When collecting electronic evidence at the crime scene, the collection should proceed from the most volatile to the least volatile

  A. True

  B. False

  Correct Answer: A

• Question 116:

  Recovery of the deleted partition is the process by which the investigator evaluates and extracts the deleted partitions.

  A. True

  B. False

  Correct Answer: A

• Question 117:

  During first responder procedure you should follow all laws while collecting the evidence, and contact a computer forensic examiner as soon as possible

  A. True

  B. False

  Correct Answer: A

• Question 118:

  Which one of the following is not a consideration in a forensic readiness planning checklist?

  A. Define the business states that need digital evidence

  B. Identify the potential evidence available

  C. Decide the procedure for securely collecting the evidence that meets the requirement fn a forensically sound manner

  D. Take permission from all employees of the organization

  Correct Answer: D

• Question 119:

  If a file (readme.txt) on a hard disk has a size of 2600 bytes, how many sectors are normally allocated to this file?

  A. 4 Sectors

  B. 5 Sectors

  C. 6 Sectors

  D. 7 Sectors

  Correct Answer: C

• Question 120:

  Deposition enables opposing counsel to preview an expert witness's testimony at trial. Which of the following deposition is not a standard practice?

  A. Both attorneys are present

  B. Only one attorneys is present

  C. No jury or judge

  D. Opposing counsel asks questions

  Correct Answer: B