Welcome to TestSimulate

Pass Your Next Certification Exam Fast!

Everything you need to prepare, learn & pass your certification exam easily.

365 days free updates. First attempt guaranteed success.

  • Home
  • Blogs
  • New 2021 Guaranteed Success with TestSimulate 312-49v9 Dumps EC-COUNCIL PDF Questions [Q54-Q78]

New 2021 Guaranteed Success with TestSimulate 312-49v9 Dumps EC-COUNCIL PDF Questions [Q54-Q78]

Share

New 2021 Guaranteed Success with TestSimulate 312-49v9 Dumps EC-COUNCIL PDF Questions

Exceptional Practice To ECCouncil Computer Hacking Forensic Investigator (V9) Pass the First Time


EC-COUNCIL 312-49v9 Exam Syllabus Topics:

TopicDetails
Topic 1
  • Computer Forensics Investigation Process
Topic 2
  • Network Forensics
Topic 3
  • Defeating Anti-Forensics Techniques
Topic 4
  • Understanding Hard Disks and File Systems
Topic 5
  • Investigat
Topic 6
  • Data Acquisition and Duplication
Topic 7
  • Computer Forensics in Today’s World

 

NEW QUESTION 54
Jason, a renowned forensic investigator, is investigating a network attack that resulted in the compromise of several systems in a reputed multinational's network. He started
Wireshark to capture the network traffic. Upon investigation, he found that the DNS packets travelling across the network belonged to a non-company configured IP. Which of the following attack Jason can infer from his findings?

  • A. DNS Redirection
  • B. Cookie Poisoning Attack
  • C. DNS Poisoning
  • D. Session poisoning

Answer: C

 

NEW QUESTION 55
An executive had leaked the company trade secrets through an external drive. What process should the investigation team take if they could retrieve his system?

  • A. Packet Analysis
  • B. Malware Analysis
  • C. Postmortem Analysis
  • D. Real-Time Analysis

Answer: C

 

NEW QUESTION 56
Kyle is performing the final testing of an application he developed for the accounting department. His last round of testing is to ensure that the program is as secure as possible.
Kyle runs the following command. What is he testing at this point? #include #include int main(int argc, char *argv[]) { char buffer[10]; if (argc < 2) { fprintf (stderr, "USAGE: %s string\n", argv[0]); return 1; } strcpy(buffer, argv[1]); return 0; }

  • A. SQL injection
  • B. Buffer overflow
  • C. Kernal injection
  • D. Format string bug

Answer: B

 

NEW QUESTION 57
In a FAT32 system, a 123 KB file will use how many sectors?

  • A. 0
  • B. 1
  • C. 2
  • D. 3
  • E. 4

Answer: D

Explanation:
If you assume that we are using 512 bytes sectors, then 123x1024/512 = 246 sectors would be needed.

 

NEW QUESTION 58
Select the tool appropriate for examining the dynamically linked libraries of an application or malware.

  • A. SysAnalyzer
  • B. PEiD
  • C. ResourcesExtract
  • D. DependencyWalker

Answer: D

 

NEW QUESTION 59
How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: B

 

NEW QUESTION 60
Which of the following files store the MySQL database data permanently, including the data that had been deleted, helping the forensic investigator in examining the case and finding the culprit?

  • A. mysql-bin
  • B. iblog
  • C. ibdata1
  • D. mysql-log

Answer: C

 

NEW QUESTION 61
When carrying out a forensics investigation, why should you never delete a partition on a dynamic disk?

  • A. The computer will be set in a constant reboot state
  • B. The wrong partition may be set to active
  • C. All virtual memory will be deleted
  • D. This action can corrupt the disk

Answer: D

 

NEW QUESTION 62
Digital evidence is not fragile in nature.

  • A. True
  • B. False

Answer: B

 

NEW QUESTION 63
While searching through a computer under investigation, you discover numerous files that appear to have had the first letter of the file name replaced by the hex code byte 5h. What does this indicate on the computer?

  • A. The files have been marked as hidden
  • B. The files are corrupt and cannot be recovered
  • C. The files have been marked for deletion
  • D. The files have been marked as read-only

Answer: C

 

NEW QUESTION 64
What will the following Linux command accomplish? dd if=/dev/mem
of=/home/sam/mem.bin bs=1024

  • A. Copy the contents of the system folder em?to a fileCopy the contents of the system folder ?em?to a file
  • B. Copy the running memory to a file
  • C. Copy the memory dump file to an image file
  • D. Copy the master boot record to a file

Answer: B

 

NEW QUESTION 65
Law enforcement officers are conducting a legal search for which a valid warrant was obtained. While conducting the search, officers observe an item of evidence for an unrelated crime that was not included in the warrant. The item was clearly visible to the officers and immediately identified as evidence. What is the term used to describe how this evidence is admissible?

  • A. Locard Exchange Principle
  • B. Ex Parte Order
  • C. Corpus delicti
  • D. Plain view doctrine

Answer: D

 

NEW QUESTION 66
Which of the following files DOES NOT use Object Linking and Embedding (OLE) technology to embed and link to other objects?

  • A. MS-office Word OneNote
  • B. Portable Document Format
  • C. MS-office Word Document
  • D. MS-office Word PowerPoint

Answer: B

 

NEW QUESTION 67
James, a hacker, identifies a vulnerability in a website. To exploit the vulnerability, he visits the login page and notes down the session ID that is created. He appends this session ID to the login URL and shares the link with a victim. Once the victim logs into the website using the shared URL, James reloads the webpage (containing the URL with the session ID appended) and now, he can browse the active session of the victim. Which attack did James successfully execute?

  • A. Cookie Tampering
  • B. Session Fixation Attack
  • C. Parameter Tampering
  • D. Cross Site Request Forgery

Answer: B

 

NEW QUESTION 68
Which of the following reports are delivered under oath to a board of
directors/managers/panel of jury?

  • A. Verbal Formal Report
  • B. Written Formal Report
  • C. Verbal Informal Report
  • D. Written informal Report

Answer: A

 

NEW QUESTION 69
Which of the following commands shows you the username and IP address used to access the system via a remote login session and the type of client from which they are accessing the system?

  • A. Net stat
  • B. Net config
  • C. Net share
  • D. Net sessions

Answer: D

 

NEW QUESTION 70
Terri works for a security consulting firm that is currently performing a penetration test on
First National Bank in Tokyo. Terri's duties include bypassing firewalls and switches to gain access to the network. Terri sends an IP packet to one of the company's switches with
ACK bit and the source address of her machine set. What is Terri trying to accomplish by sending this IP packet?

  • A. Crash the switch with aDoS attack since switches cannot send ACK bits
  • B. Poison the switch's MAC address table by flooding it with ACK bits
  • C. Trick the switch into thinking it already has a session with Terri's computer
  • D. Enable tunneling feature on the switch

Answer: C

 

NEW QUESTION 71
You are trying to locate Microsoft Outlook Web Access Default Portal using Google search on the Internet. What search string will you use to locate them?

  • A. locate:"logon page"
  • B. intitle:"exchange server"
  • C. allinurl:"exchange/logon.asp"
  • D. outlook:"search"

Answer: C

 

NEW QUESTION 72
One technique for hiding information is to change the file extension from the correct one to the one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?

  • A. The File Allocation Table
  • B. The sector map
  • C. The file footer
  • D. The file header

Answer: D

 

NEW QUESTION 73
Which of the following approaches checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or multiple fields?

  • A. Automated field correlation approach
  • B. Graph-based approach
  • C. Neural network-based approach
  • D. Rule-based approach

Answer: A

 

NEW QUESTION 74
All Blackberry email is eventually sent and received through what proprietary RIM-operated mechanism?

  • A. Blackberry Message Center
  • B. Microsoft Exchange
  • C. Blackberry WAP gateway
  • D. Blackberry WEP gateway

Answer: A

 

NEW QUESTION 75
Software firewalls work at which layer of the OSI model?

  • A. Application
  • B. Data Link
  • C. Network
  • D. Transport

Answer: B

 

NEW QUESTION 76
Which of the following techniques delete the files permanently?

  • A. Data Hiding
  • B. Trail obfuscation
  • C. Steganography
  • D. Artifact Wiping

Answer: D

 

NEW QUESTION 77
For what purpose do the investigators use tools like iPhoneBrowser, iFunBox, OpenSSHSSH, and iMazing?

  • A. Copying contents of iPhone
  • B. Debugging iPhone
  • C. Bypassing iPhone passcode
  • D. Rooting iPhone

Answer: C

 

NEW QUESTION 78
......

312-49v9 EXAM DUMPS WITH GUARANTEED SUCCESS: https://www.testsimulate.com/312-49v9-study-materials.html

Related Blogs

more
Go To 312-49v9 Questions

Copyright © 2026 TESTSIMULATE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.