[2021.1] EC-COUNCIL 312-49 practice test

Welcome to your [2021.1] EC-COUNCIL 312-49 practice test

QUESTION 1Billy, a computer forensics expert, has recovered a large number of DBX files during the forensic investigation of a
laptop. Which of the following email clients can he use to analyze the DBX files?
QUESTION 2When an investigator contacts by telephone the domain administrator or controller listed by a Who is lookup to request
all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and
obligates the ISP to preserve e-mail records?
QUESTION 3Which of the following Windows-based tool displays who is logged onto a computer, either locally or remotely?
QUESTION 4A picture file is recovered from a computer under investigation. During the investigation process, the file is enlarged
500% to get a better view of its contents. The picture quality is not degraded at all from this process. What kind of
picture is this file. What kind of picture is this file?
QUESTION 5Which of the following statements is incorrect when preserving digital evidence?
QUESTION 6What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever
the course of its lifetime?
QUESTION 7Julia is a senior security analyst for Berber Consulting group. She is currently working on a contract for a small
accounting firm in Florid a. They have given her permission to perform social engineering attacks on the company to
see if their in-house training did any good. Julia calls the main number for the accounting firm and talks to the
receptionist. Julia says that she is an IT technician from the company\\’s main office in Iowa. She states that she needs
the receptionist\\’s network username and password to troubleshoot a problem they are having. Julia says that Bill
Hammond, the CEO of the company, requested this information. After hearing the name of the CEO, the receptionist
gave Julia all the information she asked for. What principal of social engineering did Julia use?
QUESTION 8Sectors in hard disks typically contain how many bytes?
QUESTION 9Which of the following reports are delivered under oath to a board of directors/managers/panel of the jury?
QUESTION 10Volatile Memory is one of the leading problems for forensics. Worms such as code Red are memory resident and do
write themselves to the hard drive, if you turn the system off they disappear. In a lab environment, which of the following
options would you suggest as the most appropriate to overcome the problem of capturing volatile memory?
QUESTION 11The MD5 program is used to:
QUESTION 12If you plan to startup a suspect\\’s computer, you must modify the ___________ to ensure that you do not contaminate
or alter data on the suspect\\’s hard drive by booting to the hard drive.
QUESTION 13When examining the log files from a Windows IIS Web Server, how often is a new log file created?