January 7, 2021 by admin [2021.1] EC-COUNCIL 312-49 practice test Welcome to your [2021.1] EC-COUNCIL 312-49 practice test QUESTION 1Billy, a computer forensics expert, has recovered a large number of DBX files during the forensic investigation of alaptop. Which of the following email clients can he use to analyze the DBX files?A. Microsoft OutlookB. EudoraC. Mozilla ThunderbirdD. Microsoft Outlook Express QUESTION 2When an investigator contacts by telephone the domain administrator or controller listed by a Who is lookup to requestall e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call andobligates the ISP to preserve e-mail records?A. Title 18, Section 1030B. Title 18, Section 2703(d)C. Title 18, Section Chapter 90D. Title 18, Section 2703(f) QUESTION 3Which of the following Windows-based tool displays who is logged onto a computer, either locally or remotely?A. TokenmonB. PSLoggedonC. TCPViewD. Process Monitor QUESTION 4A picture file is recovered from a computer under investigation. During the investigation process, the file is enlarged500% to get a better view of its contents. The picture quality is not degraded at all from this process. What kind ofpicture is this file. What kind of picture is this file?A. Raster imageB. Vector imageC. Metafile imageD. Catalog image QUESTION 5Which of the following statements is incorrect when preserving digital evidence?A. Verify if the monitor is in on, off, or in sleep modeB. Turn on the computer and extract Windows event viewer log filesC. Remove the plug from the power router or modemD. Document the actions and changes that you observe in the monitor, computer, printer, or in other peripherals QUESTION 6What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 severthe course of its lifetime?A. forensic duplication of hard driveB. analysis of volatile dataC. comparison of MD5 checksumsD. review of SIDs in the Registry QUESTION 7Julia is a senior security analyst for Berber Consulting group. She is currently working on a contract for a smallaccounting firm in Florid a. They have given her permission to perform social engineering attacks on the company tosee if their in-house training did any good. Julia calls the main number for the accounting firm and talks to thereceptionist. Julia says that she is an IT technician from the company\\’s main office in Iowa. She states that she needsthe receptionist\\’s network username and password to troubleshoot a problem they are having. Julia says that BillHammond, the CEO of the company, requested this information. After hearing the name of the CEO, the receptionistgave Julia all the information she asked for. What principal of social engineering did Julia use?A. Social ValidationB. ScarcityC. Friendship/LikingD. Reciprocation QUESTION 8Sectors in hard disks typically contain how many bytes?A. 256B. 512C. 1024D. 2048 QUESTION 9Which of the following reports are delivered under oath to a board of directors/managers/panel of the jury?A. Written Formal ReportB. Verbal Formal ReportC. Verbal Informal ReportD. Written Informal Report QUESTION 10Volatile Memory is one of the leading problems for forensics. Worms such as code Red are memory resident and dowrite themselves to the hard drive, if you turn the system off they disappear. In a lab environment, which of the followingoptions would you suggest as the most appropriate to overcome the problem of capturing volatile memory?A. Use VMware to be able to capture the data in memory and examine itB. Give the Operating System a minimal amount of memory, forcing it to use a swap fileC. Create a Separate partition of several hundred megabytes and place the swap file thereD. Use intrusion forensic techniques to study memory resident infections QUESTION 11The MD5 program is used to:A. wipe magnetic media before recycling itB. make directories on an evidence diskC. view graphics files on an evidence driveD. verify that a disk is not altered when you examine it QUESTION 12If you plan to startup a suspect\\’s computer, you must modify the ___________ to ensure that you do not contaminateor alter data on the suspect\\’s hard drive by booting to the hard drive.A. deltree commandB. CMOSC. Boot.sysD. Scandisk utility QUESTION 13When examining the log files from a Windows IIS Web Server, how often is a new log file created?A. the same log is used at all timesB. a new log file is created everydayC. a new log file is created each weekD. a new log is created each time the Web Server is started Time is Up!