Download New Updated (July) ECCouncil 312-49 Actual Test 31-40

Ensurepass

QUESTION 31

You can interact with the Registry through intermediate programs. Graphical user interface (GUI) Registry editors such as Regedit.exe or Regedt32 exe are commonly used as intermediate programs in Windows 7. Which of the following is a root folder of the registry editor?

 

A.

HKEY_USERS

B.

HKEY_LOCAL_ADMIN

C.

HKEY_CLASSES_ADMIN

D.

HKEY_CLASSES_SYSTEM

 

Correct Answer: A

 

 

QUESTION 32

According to US federal rules, to present a testimony in a court of law, an expert witness needs to furnish certain information to prove his eligibility. Jason, a qualified computer forensic expert who has started practicing two years back, was denied an expert testimony in a computer crime case by the US Court of Appeals for the Fourth Circuit in Richmond, Virginia. Considering the US federal rules, what could be the most appropriate reason for the court to reject Jason’s eligibility as an expert witness?

 

A.

Jason was unable to furnish documents showing four years of previous experience in the field.

B.

Being a computer forensic expert, Jason is not eligible to present testimony in a computer crime case.

C.

Jason was unable to furnish documents to prove that he is a computer forensic expert.

D.

Jason was not aware of legal issues involved with computer crimes.

 

Correct Answer: A

 

 

QUESTION 33

At the time of evide
nce transfer, both sender and receiver need to give the information about date and time of transfer in the chain of custody record.

 

A.

True

B.

False

 

Correct Answer: A

 

 

QUESTION 34

A forensic investigator is a person who handles the complete Investigation process, that is, the preservation, identification, extraction, and documentation of the evidence. The investigator has many roles and responsibilities relating to the cybercrime analysis. The role of the forensic investigator is to:

 

A.

Take permission from all employees of the organization for investigation

B.

Harden organization network security

C.

Create an image backup of the original evidence without tampering with potential evidence

D.

Keep the evidence a highly confidential and hide the evidence from law enforcement agencies

 

Correct Answer: C

 

 

QUESTION 35

Hash injection attack allows attackers to inject a compromised hash into a local session and use the hash to validate network resources.

 

A.

True

B.

False

 

Correct Answer: A

 

 

QUESTION 36

You have been given the task to investigate web attacks on a Windows-based server. Which of the following commands will you use to look at which sessions the machine has opened with other systems?

 

A.

Net sessions

B.

Net use

C.

Net config

D.

Net share

 

Correct Answer: B

 

 

QUESTION 37

Which of the following attacks allows attacker to acquire access to the communication channels between the victim and server to extract the information?

 

A.

Man-in-the-middle (MITM) attack

B.

Replay attack

C.

Rainbow attack

D.

Distributed network attack

 

Correct Answer: A

 

 

 

 

 

 

 

QUESTION 38

Which of the following log injection attacks uses white space padding to create unusual log entries?

 

A.

Word wrap abuse attack

B.

HTML injection attack

C.

Terminal injection attack

D.

Timestamp injection attack

 

Correct Answer: A

 

 

QUESTION 39

Buffer Overflow occurs when an application writes more data to a block of memory, or buffer, than the buffer is allocated to hold. Buffer overflow attacks allow an attacker to modify the _______________ in order to control the process execution, crash the process and modify internal variables.

 

A.

Target process’s address space

B.

Target remote access

C.

Target rainbow table

D.

Target SAM file

 

Correct Answer: A

 

 

QUESTION 40

Which of the following statements is not a part of securing and evaluating electronic crime scene checklist?

 

A.

Locate and help the victim

B.

Transmit additional flash messages to other responding units

C.

Request additional help at the scene if needed

D.

Blog about the incident on the internet

 

Correct Answer: D

 

 

Free VCE & PDF File for ECCouncil 312-49 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files:
CompTIA | VMware | SAP …