Welcome to TestSimulate

Pass Your Next Certification Exam Fast!

Everything you need to prepare, learn & pass your certification exam easily.

365 days free updates. First attempt guaranteed success.

  • Home
  • Blogs
  • Nov-2024 FREE EC-COUNCIL 312-49v10 PRACTICE QUESTIONS AND ANSWERS UPDATES [Q56-Q76]

Nov-2024 FREE EC-COUNCIL 312-49v10 PRACTICE QUESTIONS AND ANSWERS UPDATES [Q56-Q76]

Share

Nov-2024 FREE EC-COUNCIL 312-49v10 PRACTICE QUESTIONS AND ANSWERS UPDATES

DEMO FREE BEFORE YOU BUY 312-49v10 DUMPS

NEW QUESTION # 56
NTFS sets a flag for the file once you encrypt it and creates an EFS attribute where it stores Data Decryption Field (DDF) and Data Recovery Field (DDR). Which of the following is not a part of DDF?

  • A. Encrypted FEK
  • B. EFS Certificate Hash
  • C. Checksum
  • D. Container Name

Answer: C


NEW QUESTION # 57
What header field in the TCP/IP protocol stack involves the hacker exploit known as the Ping of Death?

  • A. TCP header field
  • B. ICMP header field
  • C. UDP header field
  • D. IP header field

Answer: A


NEW QUESTION # 58
You are a Penetration Tester and are assigned to scan a server. You need to use a scanning technique wherein the TCP Header is split into many packets so that it becomes difficult to detect what the packets are meant for. Which of the below scanning technique will you use?

  • A. Inverse TCP flag scanning
  • B. TCP Scanning
  • C. IP Fragment Scanning
  • D. ACK flag scanning

Answer: C


NEW QUESTION # 59
Which of the following examinations refers to the process of providing the opposing side in a trial the opportunity to question a witness?

  • A. Direct Examination
  • B. Cross Examination
  • C. Witness Examination
  • D. Indirect Examination

Answer: B


NEW QUESTION # 60
What is the slave device connected to the secondary IDE controller on a Linux OS referred to?

  • A. hdd
  • B. hda
  • C. hdb
  • D. hdc

Answer: A


NEW QUESTION # 61
In Microsoft file structures, sectors are grouped together to form:

  • A. Clusters
  • B. Partitions
  • C. Bitstreams
  • D. Drives

Answer: A


NEW QUESTION # 62
Which password cracking technique uses every possible combination of character sets?

  • A. Rule-based attack
  • B. Brute force attack
  • C. Dictionary attack
  • D. Rainbow table attack

Answer: B


NEW QUESTION # 63
Using Internet logging software to investigate a case of malicious use of computers, the investigator comes across some entries that appear odd.

From the log, the investigator can see where the person in question went on the Internet. From the log, it appears that the user was manually typing in different user ID numbers. What technique this user was trying?

  • A. Cross site scripting
  • B. Parameter tampering
  • C. Cookie Poisoning
  • D. SQL injection

Answer: B


NEW QUESTION # 64
You just passed your ECSA exam and are about to start your first consulting job running security audits for a financial institution in Los Angeles. The IT manager of the company you will be working for tries to see if you remember your ECSA class. He asks about the methodology you will be using to test the company's network. How would you answer?

  • A. Microsoft Methodology
  • B. IBM Methodology
  • C. Google Methodology
  • D. LPT Methodology

Answer: D


NEW QUESTION # 65
Which password cracking technique uses details such as length of password, character sets used to construct the password, etc.?

  • A. Rule-based attack
  • B. Dictionary attack
  • C. Man in the middle attack
  • D. Brute force attack

Answer: B


NEW QUESTION # 66
An investigator has found certain details after analysis of a mobile device. What can reveal the manufacturer information?

  • A. International mobile subscriber identity (IMSI)
  • B. Electronic Serial Number (ESN)
  • C. Equipment Identity Register (EIR)
  • D. Integrated circuit card identifier (ICCID)

Answer: B


NEW QUESTION # 67
Which of the following tools is not a data acquisition hardware tool?

  • A. UltraKit
  • B. F-Response Imager
  • C. Triage-Responder
  • D. Atola Insight Forensic

Answer: B


NEW QUESTION # 68
Which principle states that "anyone or anything, entering a crime scene takes something of the scene with them, and leaves something of themselves behind when they leave"?

  • A. Evidence Theory of Investigation
  • B. Locard's Evidence Principle
  • C. Locard's Exchange Principle
  • D. Enterprise Theory of Investigation

Answer: C


NEW QUESTION # 69
What operating system would respond to the following command?

  • A. Windows XP
  • B. FreeBSD
  • C. Windows 95
  • D. Mac OS X

Answer: B


NEW QUESTION # 70
Bob has encountered a system crash and has lost vital data stored on the hard drive of his Windows computer. He has no cloud storage or backup hard drives. He wants to recover all the data, which includes his personal photos, music, documents, videos, official emails, etc. Which of the following tools shall resolve Bob's purpose?

  • A. Colasoft's Capsa
  • B. Recuva
  • C. Xplico
  • D. Cain & Abel

Answer: B


NEW QUESTION # 71
Jacob, a cybercrime investigator, joined a forensics team to participate in a criminal case involving digital evidence. After the investigator collected all the evidence and presents it to the court, the judge dropped the case and the defense attorney pressed charges against Jacob and the rest of the forensics team for unlawful search and seizure. What forensics privacy issue was not addressed prior to collecting the evidence?

  • A. None of these
  • B. Compliance with the Second Amendment of the U.S. Constitution
  • C. Compliance with the Fourth Amendment of the U.S. Constitution
  • D. Compliance with the Third Amendment of the U.S. Constitution

Answer: C


NEW QUESTION # 72
Kyle is performing the final testing of an application he developed for the accounting department.
His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following command. What is he testing at this point?
#include #include int main(int argc, char
*argv[]) { char buffer[10]; if (argc < 2) { fprintf (stderr, "USAGE: %s string\n", argv[0]); return 1; } strcpy(buffer, argv[1]); return 0; }

  • A. Format string bug
  • B. Kernal injection
  • C. Buffer overflow
  • D. SQL injection

Answer: C


NEW QUESTION # 73
Volatile Memory is one of the leading problems for forensics. Worms such as code Red are memory resident and do write themselves to the hard drive, if you turn the system off they disappear. In a lab environment, which of the following options would you suggest as the most appropriate to overcome the problem of capturing volatile memory?

  • A. Use intrusion forensic techniques to study memory resident infections
  • B. Give the Operating System a minimal amount of memory, forcing it to use a swap file
  • C. Use VMware to be able to capture the data in memory and examine it
  • D. Create a Separate partition of several hundred megabytes and place the swap file there

Answer: D


NEW QUESTION # 74
If a suspect computer is located in an area that may have toxic chemicals, you must:

  • A. assume the suspect machine is contaminated
  • B. coordinate with the HAZMAT team
  • C. determine a way to obtain the suspect computer
  • D. do not enter alone

Answer: B


NEW QUESTION # 75
A computer forensics Investigator or forensic analyst Is a specially trained professional who works with law enforcement as well as private businesses to retrieve Information from computers and other types of data storage devices. For this, the analyst should have an excellent working knowledge of all aspects of the computer. Which of the following is not a duty of the analyst during a criminal investigation?

  • A. To fill the chain of custody
  • B. To create an investigation report
  • C. To recover data from suspect devices
  • D. To enforce the security of all devices and software in the scene

Answer: D


NEW QUESTION # 76
......

Latest EC-COUNCIL 312-49v10 Dumps with Test Engine and PDF: https://www.testsimulate.com/312-49v10-study-materials.html

Related Blogs

more
Go To 312-49v10 Questions

Copyright © 2026 TESTSIMULATE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.