최신 312-49 무료덤프 - EC-COUNCIL Computer Hacking Forensic Investigator

문제1

When using an iPod and the host computer is running Windows, what file system will be used?

A. iPod+

B. FAT32

C. FAT16

D. HFS

정답: B

문제2

On an Active Directory network using NTLM authentication, where on the domain controllers are the passwords stored?

A. Password.conf

B. SAM

C. Shadow file

D. AMS

정답: B

문제3

John is working on his company policies and guidelines. The section he is currently working on covers company documents; how they shouldJohn is working on his company? policies and guidelines. The section he is currently working on covers company documents; how they should be handled, stored, and eventually destroyed. John is concerned about the process whereby outdated documents are destroyed. What type of shredder should
John write in the guidelines to be used when destroying documents?

A. Cris-cross shredder

B. Cross-hatch shredder

C. Cross-cut shredder

D. Strip-cut shredder

정답: C

문제4

You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation. Your job is to complete the required evidence custody forms to properly document each piece of evidence as other members of your team collect it. Your manager instructs you to complete one multi-evidence form for the entire case and a single-evidence form for each hard drive. How will these forms be stored to help preserve the chain of custody of the case?

A. All forms should be placed in an approved secure container because they are now primary evidence in the case

B. The multi-evidence form should be placed in the report file and the single-evidence forms should be kept with each hard drive in an approved secure container

C. The multi-evidence form should be placed in an approved secure container with the hard drives and the single-evidence forms should be placed in the report file

D. All forms should be placed in the report file because they are now primary evidence in the case

정답: B

문제5

When using Windows acquisitions tools to acquire digital evidence, it is important to use a well-tested hardware write-blocking device to _________

A. Automate collection from image files

B. Avoiding copying data from the boot partition

C. Prevent contamination to the evidence drive

D. Acquire data from the host-protected area on a disk

정답: C

문제6

In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?

A. Policy of separation

B. Rules of evidence

C. Chain of custody

D. Law of probability

정답: C

문제7

John is working as a computer forensics investigator for a consulting firm in Canada. He is called to seize a computer at a local web caf?John is working as a computer forensics investigator for a consulting firm in Canada. He is called to seize a computer at a local web caf purportedly used as a botnet server. John thoroughly scans the computer and finds nothing that would lead him to think the computer was a botnet server. John decides to scan the virtual memory of the computer to possibly find something he had missed. What information will the virtual memory scan produce?

A. It contains the times and dates of all the system files

B. It is not necessary to scan the virtual memory of a computer

C. Hidden running processes

D. It contains the times and dates of when the system was last patched

정답: C

문제8

Which legal document allows law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime?

A. Subpoena

B. Search warrant

C. Wire tap

D. Bench warrant

정답: B

문제9

In the following directory listing,

which file should be used to restore archived email messages for someone using Microsoft
Outlook?

A. Outlook pst

B. Outlook bak

C. Outlook NK2

D. Outlook ost

정답: A

문제10

What is the smallest physical storage unit on a hard drive?

A. Track

B. Platter

C. Cluster

D. Sector

정답: D

최신 312-49 무료덤프 - EC-COUNCIL Computer Hacking Forensic Investigator

우리와 연락하기

유용한 링크

최신 업데이트