ITCertKing is the website that provides all candidates with IT certification exam dumps and can help all candidates pass their exam with ease. ITCertKing IT expert edits all-time exam materials together on the basis of flexibly using the experiences of forefathers, thereby writing the best EC-COUNCIL 312-49 certification training dumps. The exam dumps include all questions that can appear in the real exam. So it can guarantee you must pass your exam at the first time.
ITCertKing's training materials can test your knowledge in preparing for the exam, and can evaluate your performance within a fixed time. The instructions given to you for your weak link, so that you can prepare for the exam better. The ITCertKing's EC-COUNCIL 312-49 exam training materials introduce you many themes that have different logic. So that you can learn the various technologies and subjects. We guarantee that our training materials has tested through the practice. ITCertKing have done enough to prepare for your exam. Our material is comprehensive, and the price is reasonable.
If you are still hesitate to choose our ITCertKing, you can try to free download part of EC-COUNCIL 312-49 exam certification exam questions and answers provided in our ITCertKing. So that you can know the high reliability of our ITCertKing. Our ITCertKing will be your best selection and guarantee to pass EC-COUNCIL 312-49 exam certification. Your choose of our ITCertKing is equal to choose success.
ITCertKing site has a long history of providing EC-COUNCIL 312-49 exam certification training materials. It has been a long time in certified IT industry with well-known position and visibility. Our EC-COUNCIL 312-49 exam training materials contains questions and answers. Our experienced team of IT experts through their own knowledge and experience continue to explore the exam information. It contains the real exam questions, if you want to participate in the EC-COUNCIL 312-49 examination certification, select ITCertKing is unquestionable choice.
Exam Code: 312-49
Exam Name: EC-COUNCIL (Computer Hacking Forensic Investigator )
One year free update, No help, Full refund!
Total Q&A: 150 Questions and Answers
Last Update: 2014-01-02
312-49 Free Demo Download: http://www.itcertking.com/312-49_exam.html
NO.1 You are contracted to work as a computer forensics investigator for a regional bank that has four
30 TB storage area networks that store customer data. What method would be most efficient for
you to acquire digital evidence from this network?
A. create a compressed copy of the file with DoubleSpace
B. create a sparse data copy of a folder or file
C. make a bit-stream disk-to-image fileC
D. make a bit-stream disk-to-disk file
Answer: C
EC-COUNCIL practice test 312-49 questions 312-49 312-49 pdf 312-49 questions
NO.2 When an investigator contacts by telephone the domain administrator or controller listed by a
whois lookup to request all e-mails sent and received for a user account be preserved, what
U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail records?
A. Title 18, Section 1030
B. Title 18, Section 2703(d)
C. Title 18, Section Chapter 90
D. Title 18, Section 2703(f)
Answer: D
EC-COUNCIL test answers 312-49 312-49 312-49 original questions 312-49 exam prep
NO.3 It takes _____________ mismanaged case/s to ruin your professional reputation as a computer
forensics examiner?
A. by law, three
B. quite a few
C. only one
D. at least two
Answer: C
EC-COUNCIL test questions 312-49 312-49 certification 312-49 demo
NO.4 How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?
A. 128
B. 64
C. 32
D. 16
Answer: C
EC-COUNCIL test 312-49 pdf 312-49 312-49 questions 312-49
NO.5 What does the superblock in Linux define?
A. file system names
B. available space
C. location of the first inode
D. disk geometry
Answer: B, C, D
EC-COUNCIL 312-49 original questions 312-49 pdf 312-49 questions
NO.6 You are working for a large clothing manufacturer as a computer forensics investigator and are
called in to investigate an unusual case of an employee possibly stealing clothing designs from
the company and selling them under a different brand name for a different company. What you
discover during the course of the investigation is that the clothing designs are actually original
products of the employee and the company has no policy against an employee selling his own
designs on his own time. The only thing that you can find that the employee is doing wrong is that
his clothing design incorporates the same graphic symbol as that of the company with only the
wording in the graphic being different. What area of the law is the employee violating?
A. trademark law
B. copyright law
C. printright law
D. brandmark law
Answer: A
EC-COUNCIL 312-49 test questions 312-49 certification training
NO.7 With the standard Linux second extended file system (Ext2fs), a file is deleted when the inode
internal link count reaches ________.
A. 0
B. 10
C. 100
D. 1
Answer: A
EC-COUNCIL 312-49 answers real questions 312-49 certification training
NO.8 When examining the log files from a Windows IIS Web Server, how often is a new log file
created?
A. the same log is used at all times
B. a new log file is created everyday
C. a new log file is created each week
D. a new log is created each time the Web Server is started
Answer: A
EC-COUNCIL 312-49 312-49 312-49 test questions 312-49 answers real questions 312-49
NO.9 What type of attack occurs when an attacker can force a router to stop forwarding packets by
flooding the router with many open connections simultaneously so that all the hosts behind the
router are effectively disabled?
A. digital attack
B. denial of service
C. physical attack
D. ARP redirect
Answer: B
EC-COUNCIL exam prep 312-49 312-49 312-49
NO.10 A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker . Given below is
an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the
attacker by studying the log. Please note that you are required to infer only what is explicit in the
excerpt. (Note: The student is being tested on concepts learnt during passive OS fingerprinting,
basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.)
03/15-20:21:24.107053 211.185.125.124:3500 -> 172.16.1.108:111
TCP TTL:43 TOS:0x0 ID:29726 IpLen:20 DgmLen:52 DF
***A**** Seq: 0x9B6338C5 Ack: 0x5820ADD0 Win: 0x7D78 TcpLen: 32
TCP Options (3) => NOP NOP TS: 23678634 2878772
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
03/15-20:21:24.452051 211.185.125.124:789 -> 172.16.1.103:111
UDP TTL:43 TOS:0x0 ID:29733 IpLen:20 DgmLen:84
Len: 64
01 0A 8A 0A 00 00 00 00 00 00 00 02 00 01 86 A0 ................
00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 01 86 B8 00 00 00 01 ................
00 00 00 11 00 00 00 00 ........
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
03/15-20:21:24.730436 211.185.125.124:790 -> 172.16.1.103:32773
UDP TTL:43 TOS:0x0 ID:29781 IpLen:20 DgmLen:1104
Len: 1084
47 F7 9F 63 00 00 00 00 00 00 00 02 00 01 86 B8 G..c............
00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 20 ...............
3A B1 5E E5 00 00 00 09 6C 6F 63 61 6C 68 6F 73 :.
没有评论:
发表评论