Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors

EC-Council Computer Hacking Forensic Investigator 312-49 Dumps in PDF

Free EC-Council 312-49 Real Questions (page: 7)

312-49 PDF — 704 Questions

In a forensic examination of hard drives for digital evidence, what type of user is most likely to have the most file slack to analyze?

  1. one who has NTFS 4 or 5 partitions
  2. one who uses dynamic swap file capability
  3. one who uses hard disk writes on IRQ 13 and 21
  4. one who has lots of allocation units per block or cluster

Answer(s): D



In what way do the procedures for dealing with evidence in a criminal case differ from the procedures for dealing with evidence in a civil case?

  1. evidence must be handled in the same way regardless of the type of case
  2. evidence procedures are not important unless you work for a law enforcement agency
  3. evidence in a criminal case must be secured more tightly than in a civil case
  4. evidence in a civil case must be secured more tightly than in a criminal case

Answer(s): C



You are assigned to work in the computer forensics lab of a state police agency. While working on a high profile criminal case, you have followed every applicable procedure, however your boss is still concerned that the defense attorney might question whether evidence has been changed while at the lab. What can you do to prove that the evidence is the same as it was when it first entered the lab?

  1. make an MD5 hash of the evidence and compare it with the original MD5 hash that was taken when the evidence first entered the lab
  2. make an MD5 hash of the evidence and compare it to the standard database developed by NIST
  3. there is no reason to worry about this possible claim because state labs are certified
  4. sign a statement attesting that the evidence is the same as it was when it entered the lab

Answer(s): A



Study the log given below and answer the following question:

Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169
Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482
Apr 24 18:01:05 [4663]: IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53
Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 -> 172.16.1.107:21
Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53
Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53
Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53
Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111
Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80
Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53
Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53
Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by (uid=0)
Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506)
Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080
Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558

Precautionary measures to prevent this attack would include writing firewall rules. Of these firewall rules, which among the following would be appropriate?

  1. Disallow UDP53 in from outside to DNS server
  2. Allow UDP53 in from DNS server to outside
  3. Disallow TCP53 in from secondaries or ISP server to DNS server
  4. Block all UDP traffic

Answer(s): A



When monitoring for both intrusion and security events between multiple computers, it is essential that the computers' clocks are synchronized. Synchronized time allows an administrator to reconstruct what took place during an attack against multiple computers. Without synchronized time, it is very difficult to determine exactly when specific events took place, and how events interlace. What is the name of the service used to synchronize time among multiple computers?

  1. Universal Time Set
  2. Network Time Protocol
  3. SyncTime Service
  4. Time-Sync Protocol

Answer(s): B



PDF
Viewing page 7 of 108

Share your comments for EC-Council 312-49 exam with other users:

O
open2exam
10/29/2023 1:14:00 PM

i need exam questions nca 6.5 any help please ?

Anonymous
G
Gerald
9/11/2023 12:22:00 PM

just took the comptia cybersecurity analyst (cysa+) - wished id seeing this before my exam

UNITED STATES
R
ryo
9/10/2023 2:27:00 PM

very helpful

MEXICO
J
Jamshed
6/20/2023 4:32:00 AM

i need this exam

PAKISTAN
R
Roberto Capra
6/14/2023 12:04:00 PM

nice questions... are these questions the same of the exam?

Anonymous
S
Synt
5/23/2023 9:33:00 PM

need to view

UNITED STATES
V
Vey
5/27/2023 12:06:00 AM

highly appreciate for your sharing.

CAMBODIA
T
Tshepang
8/18/2023 4:41:00 AM

kindly share this dump. thank you

Anonymous
J
Jay
9/26/2023 8:00:00 AM

link plz for download

UNITED STATES
L
Leo
10/30/2023 1:11:00 PM

data quality oecd

Anonymous
B
Blessious Phiri
8/13/2023 9:35:00 AM

rman is one good recovery technology

Anonymous
D
DiligentSam
9/30/2023 10:26:00 AM

need it thx

Anonymous
V
Vani
8/10/2023 8:11:00 PM

good questions

NEW ZEALAND
F
Fares
9/11/2023 5:00:00 AM

good one nice revision

Anonymous
L
Lingaraj
10/26/2023 1:27:00 AM

i love this thank you i need

Anonymous
M
Muhammad Rawish Siddiqui
12/5/2023 12:38:00 PM

question # 142: data governance is not one of the deliverables in the document and content management context diagram.

SAUDI ARABIA
A
al
6/7/2023 10:25:00 AM

most answers not correct here

Anonymous
B
Bano
1/19/2024 2:29:00 AM

what % of questions do we get in the real exam?

UNITED STATES
O
Oliviajames
10/25/2023 5:31:00 AM

i just want to tell you. i took my microsoft az-104 exam and passed it. your program was awesome. i especially liked your detailed questions and answers and practice tests that made me well-prepared for the exam. thanks to this website!!!

UNITED STATES
D
Divya
8/27/2023 12:31:00 PM

all the best

UNITED STATES
K
KY
1/1/2024 11:01:00 PM

very usefull document

Anonymous
A
Arun
9/20/2023 4:52:00 PM

nice and helpful questions

INDIA
J
Joseph J
7/11/2023 2:53:00 PM

i found the questions helpful

UNITED STATES
M
Meg
10/12/2023 8:02:00 AM

q 105 . ans is d

INDIA
N
Navaneeth S
7/14/2023 7:57:00 AM

i have interest to get a sybase iq dba certification

UNITED STATES
A
Aish
10/11/2023 5:27:00 AM

want to pass exm.

INDIA
A
Anonymous
6/12/2023 7:23:00 AM

are the answers correct?

INDIA
K
Kris
7/7/2023 9:43:00 AM

good morning, could you please upload this exam again, i need it to test my knowledge in sd-wan with version 7.0.

Anonymous
M
Meghraj mali
10/7/2023 1:47:00 PM

very nice question

CANADA
N
Noel
11/1/2022 9:14:00 PM

i have learning disability and this exam dumps allowed me to focus on the actual questions and not worry about notes and the those other study materials.

SOUTH AFRICA
J
Jas
10/25/2023 6:01:00 PM

165 should be apt

UNITED STATES
N
Neetu
6/22/2023 8:41:00 AM

please upload the dumps, real need of them

Anonymous
M
Mark
10/24/2023 1:34:00 AM

any recent feeedback?

UNITED STATES
G
Gopinadh
8/9/2023 4:05:00 AM

question number 2 is indicating you are giving proper questions. observe and change properly.

Anonymous
AI Tutor 👋 I’m here to help!