• Home
  • Articles
  • Free EC-COUNCIL 312-49v9 Test Practice Test Questions Exam Dumps [Q77-Q101]

Free EC-COUNCIL 312-49v9 Test Practice Test Questions Exam Dumps [Q77-Q101]

Share

Free EC-COUNCIL 312-49v9 Test Practice Test Questions Exam Dumps

Prepare Top EC-COUNCIL 312-49v9 Exam Audio Study Guide Practice Questions Edition


EC-COUNCIL 312-49v9 Exam Syllabus Topics:

TopicDetails
Topic 1
  • Understanding Hard Disks and File Systems
Topic 2
  • Computer Forensics Investigation Process
Topic 3
  • Network Forensics
Topic 4
  • Defeating Anti-Forensics Techniques
Topic 5
  • Investigat
Topic 6
  • Computer Forensics in Today’s World
Topic 7
  • Operating System Forensics
Topic 8
  • Data Acquisition and Duplication

 

NEW QUESTION 77
Casey has acquired data from a hard disk in an open source acquisition format that allows her to generate compressed or uncompressed image files. What format did she use?

  • A. Portable Document Format
  • B. Advanced Forensics Format (AFF)
  • C. Proprietary Format
  • D. Raw Format

Answer: B

 

NEW QUESTION 78
What type of analysis helps to identify the time and sequence of events in an investigation?

  • A. Functional
  • B. Time-based
  • C. Temporal
  • D. Relational

Answer: C

 

NEW QUESTION 79
Which among the following search warrants allows the first responder to get the victim's computer information such as service records, billing records, and subscriber information from the service provider?

  • A. Service Provider Search Warrant
  • B. Electronic Storage Device Search Warrant
  • C. Citizen Informant Search Warrant
  • D. John Doe Search Warrant

Answer: B

 

NEW QUESTION 80
You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?

  • A. 1:1709, 150
  • B. 0:1000, 150
  • C. 0:1709-1858
  • D. 0:1709, 150

Answer: D

Explanation:
DriveSpy can except two different formats:
Drive #:Start Sector, # Sectors
Drive#:Start Sector-Absolute End Sector.
Drive # is zero based
Both Answer B and D would appear correct, and both formats are valid.

 

NEW QUESTION 81
Digital evidence is not fragile in nature.

  • A. False
  • B. True

Answer: A

 

NEW QUESTION 82
Which of the following attacks allows attacker to acquire access to the communication channels between the victim and server to extract the information?

  • A. Man-in-the-middle (MITM) attack
  • B. Replay attack
  • C. Rainbow attack
  • D. Distributed network attack

Answer: A

 

NEW QUESTION 83
E-mail logs contain which of the following information to help you in your investigation?
(Select up to 4)

  • A. date and time the message was sent
  • B. user account that was used to send the account
  • C. contents of the e-mail message
  • D. unique message identifier
  • E. attachments sent with the e-mail message

Answer: A,B,C,D

 

NEW QUESTION 84
When reviewing web logs, you see an entry for resource not found in the HTTP status code filed. What is the actual error code that you would see in the log for resource not found?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: B

 

NEW QUESTION 85
In which implementation of RAID will the image of a Hardware RAID volume be different from the image taken separately from the disks?

  • A. The images will always be identical because data is mirrored for redundancy
  • B. It will always be different
  • C. RAID 1
  • D. RAID 0

Answer: B

 

NEW QUESTION 86
What do you call the process of studying the changes that have taken place across a system or a machine after a series of actions or incidents?

  • A. Windows Services Monitoring
  • B. System Baselining
  • C. Start-up Programs Monitoring
  • D. Host integrity Monitoring

Answer: D

 

NEW QUESTION 87
Syslog is a client/server protocol standard for forwarding log messages across an IP network. Syslog uses ___________to transfer log messages in a clear text format.

  • A. FTP
  • B. POP
  • C. SMTP
  • D. TCP

Answer: D

 

NEW QUESTION 88
You have been given the task to investigate web attacks on a Windows-based server.
Which of the following commands will you use to look at which sessions the machine has opened with other systems?

  • A. Net config
  • B. Net sessions
  • C. Net share
  • D. Net use

Answer: D

 

NEW QUESTION 89
A picture file is recovered from a computer under investigation. During the investigation process, the file is enlarged 500% to get a better view of its contents. The picture quality is not degraded at all from this process. What kind of picture is this file?its contents. The picture? quality is not degraded at all from this process. What kind of picture is this file?

  • A. Metafile image
  • B. Raster image
  • C. Catalog image
  • D. Vector image

Answer: D

 

NEW QUESTION 90
What file is processed at the end of a Windows XP boot to initialize the logon dialog box?

  • A. NTLDR
  • B. NTDETECT.COM
  • C. LSASS.EXE
  • D. NTOSKRNL.EXE

Answer: C

 

NEW QUESTION 91
During forensics investigations, investigators tend to collect the system time at first and compare it with UTC.
What does the abbreviation UTC stand for?

  • A. Correlated Universal Time
  • B. Universal Computer Time
  • C. Universal Time for Computers
  • D. Coordinated Universal Time

Answer: D

 

NEW QUESTION 92
A small law firm located in the Midwest has possibly been breached by a computer hacker looking to obtain information on their clientele. The law firm does not have any on-site IT employees, but wants to search for evidence of the breach themselves to prevent any possible media attention. Why would this not be recommended?

  • A. Searching can change date/time stamps
  • B. Searching creates cache files, which would hinder the investigation
  • C. Searching for evidence themselves would not have any ill effects
  • D. Searching could possibly crash the machine or device

Answer: A

 

NEW QUESTION 93
Under which Federal Statutes does FBI investigate for computer crimes involving e- mail scams and mail fraud?

  • A. 18 U.S.C. 1831 Economic Espionage Act
  • B. 18 U.S.C. 1029 Possession of Access Devices
  • C. 18 U.S.C. 1832 Trade Secrets Act
  • D. 18 U.S.C. 1361 Injury to Government Property
  • E. 18 U.S.C. 1030 Fraud and related activity in connection with computers
  • F. 18 U.S.C. 1362 Government communication systems
  • G. 18 U.S. 1343 Fraud by wire, radio or television

Answer: E

 

NEW QUESTION 94
What is cold boot (hard boot)?

  • A. It is the process of restarting a computer that is already in sleep mode
  • B. It is the process of restarting a computer that is already turned on through the operating system
  • C. It is the process of shutting down a computer from a powered-on or on state
  • D. It is the process of starting a computer from a powered-down or off state

Answer: D

 

NEW QUESTION 95
If you discover a criminal act while investigating a corporate policy abuse, it becomes a publicsector investigation and should be referred to law enforcement?

  • A. true
  • B. false

Answer: A

 

NEW QUESTION 96
System software password cracking is defined as cracking the operating system and all other utilities that enable a computer to function

  • A. False
  • B. True

Answer: B

 

NEW QUESTION 97
When cataloging digital evidence, the primary goal is to

  • A. Preserve evidence integrity
  • B. Make bit-stream images of all hard drives
  • C. Not allow the computer to be turned off
  • D. Not remove the evidence from the scene

Answer: A

 

NEW QUESTION 98
The need for computer forensics is highlighted by an exponential increase in the number of cybercrimes and litigations where large organizations were involved. Computer forensics plays an important role in tracking the cyber criminals. The main role of computer forensics is to:

  • A. Maximize the investigative potential by maximizing the costs
  • B. Document monitoring processes of employees of the organization
  • C. Extract, process, and interpret the factual evidence so that it proves the attacker's actions in the court
  • D. Harden organization perimeter security

Answer: C

 

NEW QUESTION 99
Why would a company issue a dongle with the software they sell?

  • A. To provide wireless functionality with the software
  • B. To provide source code protection
  • C. To ensure that keyloggers cannot be used
  • D. To provide copyright protection

Answer: D

 

NEW QUESTION 100
Why is it a good idea to perform a penetration test from the inside?

  • A. Because 70% of attacks are from inside the organization
  • B. It is easier to hack from the inside
  • C. To attack a network from a hacker's perspective
  • D. It is never a good idea to perform a penetration test from the inside

Answer: A

 

NEW QUESTION 101
......

Go to 312-49v9 Questions - Try 312-49v9 dumps pdf : https://www.practicedump.com/312-49v9_actualtests.html

Dumps Practice Exam Questions Study Guide for the 312-49v9 Exam: https://drive.google.com/open?id=13ojOrNmay_5pwA4IViX91N2lknn3J7lI

Related Articles

more
EC-COUNCIL 312-49v9 Certification Practice Exam

Copyright © 2026 PracticeDump. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimers:
PracticeDump material do not contain actual Business Architecture Guild Exam Questions or materials.
SAP, Microsoft, Google, Amazon, Certiport, Qualtrics are Registered Trade Mark.
PracticeDump website is not related to, affiliated with, endorsed or authorized by Amazon. Trademarks, certification & product names are used for reference only and belong to Amazon.
PracticeDump offers only Probable Questions and Answers. PracticeDump offer learning materials and practice tests created by subject matter experts to assist and help learner prepare for those exams.
All Certification Brands used on the website are owned by the respective brand owners. PracticeDump does not own or claim any ownership on any of the brands. The site www.practicedump.com is in no way affiliated with SAP SE.