Welcome to TestSimulate

Pass Your Next Certification Exam Fast!

Everything you need to prepare, learn & pass your certification exam easily.

365 days free updates. First attempt guaranteed success.

  • Home
  • Blogs
  • [Dec-2021] Latest EC-COUNCIL 312-49v9 Certification Practice Test Questions [Q32-Q48]

[Dec-2021] Latest EC-COUNCIL 312-49v9 Certification Practice Test Questions [Q32-Q48]

Share

[Dec-2021] Latest EC-COUNCIL 312-49v9  Certification Practice Test Questions

Verified 312-49v9 Dumps Q&As - 1 Year Free & Quickly Updates

NEW QUESTION 32
First response to an incident may involve three different groups of people, and each will have differing skills and need to carry out differing tasks based on the incident. Who is responsible for collecting, preserving, and packaging electronic evidence?

  • A. System administrators
  • B. Local managers or other non-forensic staff
  • C. Lawyers
  • D. Forensic laboratory staff

Answer: D

 

NEW QUESTION 33
Which of the following email headers specifies an address for mailer-generated errors, like
"no such user" bounce messages, to go to (instead of the sender's address)?

  • A. Mime-Version header
  • B. Errors-To header
  • C. Content-Transfer-Encoding header
  • D. Content-Type header

Answer: B

 

NEW QUESTION 34
What file structure database would you expect to find on floppy disks?

  • A. NTFS
  • B. FAT16
  • C. FAT32
  • D. FAT12

Answer: D

Explanation:
NTFS is not designed for removable media, although used on some removable media that is very large, never for floppy disks.
FAT32 has a minimum space requirement which is larger than floppy disks
FAT16 would seem like a logical choice, but is not usually used on floppies
FAT12 would be on floppy disks, and probably not seen on anything else. Since floppy disk media is small in size (less than 2 MB), a FAT12 file system has lower overhead and is more efficient.

 

NEW QUESTION 35
When dealing with the powered-off computers at the crime scene, if the computer is switched off, turn it on

  • A. False
  • B. True

Answer: A

 

NEW QUESTION 36
If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?

  • A. The system files have been copied by a remote attacker
  • B. Nothing in particular as these can be operational files
  • C. The system has been compromised using a t0rnrootkit
  • D. The system administrator has created an incremental backup

Answer: B

 

NEW QUESTION 37
Jack Smith is a forensics investigator who works for Mason Computer Investigation Services. He is investigating a computer that was infected by Ramen Virus.

He runs the netstat command on the machine to see its current connections. In the following screenshot, what do the 0.0.0.0 IP addresses signify?

  • A. Those connections are in closed/waiting mode
  • B. Those connections are in listening mode
  • C. Those connections are in timed out/waiting mode
  • D. Those connections are established

Answer: B

 

NEW QUESTION 38
Your company uses Cisco routers exclusively throughout the network. After securing the routers to the best of your knowledge, an outside security firm is brought in to assess the network security. Although they found very few issues, they were able to enumerate the model, OS version, and capabilities for all your Cisco routers with very little effort. Which feature will you disable to eliminate the ability to enumerate this information on your Cisco routers?

  • A. Border Gateway Protocol
  • B. Cisco Discovery Protocol
  • C. Broadcast System Protocol
  • D. Simple Network Management Protocol

Answer: B

 

NEW QUESTION 39
You have been given the task to investigate web attacks on a Windows-based server. Which of the following commands will you use to look at the sessions the machine has opened with other systems?

  • A. Net config
  • B. Net sessions
  • C. Net share
  • D. Net use

Answer: D

 

NEW QUESTION 40
What method of copying should always be performed first before carrying out an investigation?

  • A. Parity-bit copy
  • B. MS-DOS disc copy
  • C. Bit-stream copy
  • D. System level copy

Answer: C

 

NEW QUESTION 41
What does the bytes 0x0B-0x53 represent in the boot sector of NTFS volume on Windows 2000?

  • A. Jump instruction and the OEM ID
  • B. Bootstrap code and the end of the sector marker
  • C. BIOS Parameter Block (BPB) and the extended BPB
  • D. BIOS Parameter Block (BPB) and the OEM ID

Answer: C

 

NEW QUESTION 42
Frank is working on a vulnerability assessment for a company on the West coast. The company hired Frank to assess its network security through scanning, pen tests, and vulnerability assessments. After discovering numerous known vulnerabilities detected by a temporary IDS he set up, he notices a number of items that show up as unknown but Questionable in the logs. He looks up the behavior on the Internet, but cannot find anything related. What organization should Frank submit the log to find out if it is a new vulnerability or not?

  • A. RIPE
  • B. APIPA
  • C. IANA
  • D. CVE

Answer: D

 

NEW QUESTION 43
Gary, a computer technician, is facing allegations of abusing children online by befriending them and sending them illicit adult images from his office computer. What type of investigation does this case require?

  • A. Administrative Investigation
  • B. Civil Investigation
  • C. Both Criminal and Administrative Investigation
  • D. Criminal Investigation

Answer: D

 

NEW QUESTION 44
Which of the following file formats allows the user to compress the acquired data as well as keep it randomly accessible?

  • A. Generic Forensic Zip (gfzip)
  • B. Advanced Forensics Format (AFF)
  • C. Proprietary Format
  • D. Advanced Forensic Framework 4

Answer: A

 

NEW QUESTION 45
Centralized binary logging is a process in which many websites write binary and unformatted log data to a single log file. What extension should the investigator look to find its log file?

  • A. .ibl
  • B. .txt
  • C. .log
  • D. .cbl

Answer: A

 

NEW QUESTION 46
Law enforcement officers are conducting a legal search for which a valid warrant was obtained. While conducting the search, officers observe an item of evidence for an unrelated crime that was not included in the warrant. The item was clearly visible to the officers and immediately identified as evidence. What is the term used to describe how this evidence is admissible?

  • A. Plain view doctrine
  • B. Locard Exchange Principle
  • C. Corpus delicti
  • D. Ex Parte Order

Answer: A

 

NEW QUESTION 47
The given image displays information about date and time of installation of the OS along with service packs, patches, and sub-directories. What command or tool did the investigator use to view this output?

  • A. dir /o:d
  • B. dir /o:s
  • C. dir /o:n
  • D. dir /o:e

Answer: A

 

NEW QUESTION 48
......


EC-COUNCIL 312-49v9 Exam Syllabus Topics:

TopicDetails
Topic 1
  • Computer Forensics in Today’s World
Topic 2
  • Defeating Anti-Forensics Techniques
Topic 3
  • Understanding Hard Disks and File Systems
Topic 4
  • Data Acquisition and Duplication
Topic 5
  • Investigat
Topic 6
  • Operating System Forensics
Topic 7
  • Network Forensics
Topic 8
  • Computer Forensics Investigation Process

 

Latest 2021 Realistic Verified 312-49v9 Dumps - 100% Free 312-49v9 Exam Dumps: https://www.testsimulate.com/312-49v9-study-materials.html

Related Blogs

more
Go To 312-49v9 Questions

Copyright © 2026 TESTSIMULATE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.