EC-COUNCIL EC-COUNCIL Certifications 312-49V8 Questions & Answers

• Question 121:

  A rogue/unauthorized access point is one that Is not authorized for operation by a particular firm or network

  A. True

  B. False

  Correct Answer: A

• Question 122:

  Computer security logs contain information about the events occurring within an organization's systems and networks. Application and Web server log files are useful in detecting web attacks. The source, nature, and time of the attack can be determined by _________of the compromised system.

  A. Analyzing log files

  B. Analyzing SAM file

  C. Analyzing rainbow tables

  D. Analyzing hard disk boot records

  Correct Answer: A

• Question 123:

  When collecting evidence from the RAM, where do you look for data?

  A. Swap file

  B. SAM file

  C. Data file

  D. Log file

  Correct Answer: A

• Question 124:

  Windows Security Event Log contains records of login/logout activity or other security-related events specified by the system's audit policy. What does event ID 531 in Windows Security Event Log indicates?

  A. A user successfully logged on to a computer

  B. The logon attempt was made with an unknown user name or a known user name with a bad password

  C. An attempt was made to log on with the user account outside of the allowed time

  D. A logon attempt was made using a disabled account

  Correct Answer: D

• Question 125:

  P0P3 (Post Office Protocol 3) is a standard protocol for receiving email that deletes mail on the server as soon as the user downloads it. When a message arrives, the POP3 server appends it to the bottom of the recipient's account file, which can be retrieved by the email client at any preferred time. Email client connects to the POP3 server at _______________by default to fetch emails.

  A. Port 109

  B. Port 110

  C. Port 115

  D. Port 123

  Correct Answer: B

• Question 126:

  An expert witness is a witness, who by virtue of education, profession, or experience, is believed to have special knowledge of his/her subject beyond that of the average person, sufficient that others legally depend upon his/her opinion.

  A. True

  B. False

  Correct Answer: A

• Question 127:

  Task list command displays a list of applications and services with their Process ID (PID) for all tasks running on either a local or a remote computer.

  Which of the following task list commands provides information about the listed processes, including the image name, PID, name, and number of the session for the process?

  A. tasklist/s

  B. tasklist/u

  C. tasklist/p

  D. tasklist/V

  Correct Answer: D

• Question 128:

  First response to an incident may involve three different groups of people, and each will have differing skills and need to carry out differing tasks based on the incident. Who is responsible for collecting, preserving, and packaging electronic evidence?

  A. System administrators

  B. Local managers or other non-forensic staff

  C. Forensic laboratory staff

  D. Lawyers

  Correct Answer: C

• Question 129:

  The Electronic Serial Number (ESN) is a unique __________ recorded on a secure chip in a mobile phone by the manufacturer.

  A. 16-bit identifier

  B. 24-bit identifier

  C. 32-bit identifier

  D. 64-bit identifier

  Correct Answer: C

• Question 130:

  Subscriber Identity Module (SIM) is a removable component that contains essential information about the subscriber. Its main function entails authenticating the user of the cell phone to the network to gain access to subscribed services. SIM contains a 20-digit long Integrated Circuit Card identification (ICCID) number, identify the issuer identifier Number from the ICCID below.

  

  A. 89

  B. 44

  C. 245252

  D. 001451548

  Correct Answer: C