• Home
  • Blogs
  • 312-49v10 Free Exam Questions & Answers PDF Updated on Feb-2022 [Q349-Q371]

312-49v10 Free Exam Questions & Answers PDF Updated on Feb-2022 [Q349-Q371]

Share

312-49v10 Free Exam Questions and Answers PDF Updated on Feb-2022

Latest 312-49v10 Exam Dumps Recently Updated 598 Questions

NEW QUESTION 349
Bob has been trying to penetrate a remote production system for the past two weeks. This time however, he is able to get into the system. He was able to use the System for a period of three weeks. However, law enforcement agencies were recoding his every activity and this was later presented as evidence.
The organization had used a Virtual Environment to trap Bob. What is a Virtual Environment?

  • A. A Honeypot that traps hackers
  • B. An environment set up after the user logs in
  • C. An environment set up before a user logs in
  • D. A system Using Trojaned commands

Answer: A

 

NEW QUESTION 350
Which of the following Event Correlation Approach is an advanced correlation method that assumes and predicts what an attacker can do next after the attack by studying the statistics and probability and uses only two variables?

  • A. Rule-Based Approach
  • B. Route Correlation
  • C. Bayesian Correlation
  • D. Vulnerability-Based Approach

Answer: C

 

NEW QUESTION 351
James, a hacker, identifies a vulnerability in a website. To exploit the vulnerability, he visits the login page and notes down the session ID that is created. He appends this session ID to the login URL and shares the link with a victim. Once the victim logs into the website using the shared URL, James reloads the webpage (containing the URL with the session ID appended) and now, he can browse the active session of the victim. Which attack did James successfully execute?

  • A. Cookie Tampering
  • B. Cross Site Request Forgery
  • C. Parameter Tampering
  • D. Session Fixation Attack

Answer: D

 

NEW QUESTION 352
James is testing the ability of his routers to withstand DoS attacks. James sends ICMP ECHO requests to the broadcast address of his network. What type of DoS attack is James testing against his network?

  • A. Smurf
  • B. Trinoo
  • C. Fraggle
  • D. SYN flood

Answer: A

 

NEW QUESTION 353
From the following spam mail header, identify the host IP that sent this spam?
From [email protected] [email protected] Tue Nov 27 17:27:11 2001 Received: from viruswall.ie.cuhk.edu.hk (viruswall [137.189.96.52]) by eng.ie.cuhk.edu.hk (8.11.6/8.11.6) with ESMTP id fAR9RAP23061 for ; Tue, 27 Nov 2001 17:27:10 +0800 (HKT) Received: from mydomain.com (pcd249020.netvigator.com [203.218.39.20]) by viruswall.ie.cuhk.edu.hk (8.12.1/8.12.1) with SMTP id fAR9QXwZ018431 for ; Tue, 27 Nov 2001 17:26:36 +0800 (HKT) Message-Id: >[email protected] From: "china hotel web" To: "Shlam" Subject: SHANGHAI (HILTON HOTEL) PACKAGE Date: Tue, 27 Nov 2001 17:25:58 +0800 MIME-Version: 1.0 X-Priority: 3 X-MSMail- Priority: Normal Reply-To: "china hotel web"

  • A. 8.12.1.0
  • B. 137.189.96.52
  • C. 203.218.39.50
  • D. 203.218.39.20

Answer: D

 

NEW QUESTION 354
Preparing an image drive to copy files to is the first step in Linux forensics. For this purpose, what would the following command accomplish?
dcfldd if=/dev/zero of=/dev/hda bs=4096 conv=noerror, sync

  • A. Fill the disk with 4096 zeros
  • B. Low-level format
  • C. Fill the disk with zeros
  • D. Copy files from the master disk to the slave disk on the secondary IDE controller

Answer: C

 

NEW QUESTION 355
What feature of Windows is the following command trying to utilize?

  • A. AFS
  • B. ADS
  • C. White space
  • D. Slack file

Answer: B

 

NEW QUESTION 356
When examining a file with a Hex Editor, what space does the file header occupy?

  • A. one byte at the beginning of the file
  • B. the last several bytes of the file
  • C. none, file headers are contained in the FAT
  • D. the first several bytes of the file

Answer: A

 

NEW QUESTION 357
In Microsoft file structures, sectors are grouped together to form:

  • A. Partitions
  • B. Bitstreams
  • C. Clusters
  • D. Drives

Answer: C

 

NEW QUESTION 358
Which command can provide the investigators with details of all the loaded modules on a Linux-based system?

  • A. list modules -a
  • B. plist mod -a
  • C. lsmod
  • D. lsof -m

Answer: C

 

NEW QUESTION 359
John is using Firewalk to test the security of his Cisco PIX firewall. He is also utilizing a sniffer located on a subnet that resides deep inside his network. After analyzing the sniffer log files, he does not see any of the traffic produced by Firewalk. Why is that?

  • A. Firewalk cannot pass through Cisco firewalls
  • B. Firewalk sets all packets with a TTL of one
  • C. Firewalk sets all packets with a TTL of zero
  • D. Firewalk cannot be detected by network sniffers

Answer: B

 

NEW QUESTION 360
Amber, a black hat hacker, has embedded malware into a small enticing advertisement and posted it on a popular ad-network that displays across various websites. What is she doing?

  • A. Malvertising
  • B. Click-jacking
  • C. Compromising a legitimate site
  • D. Spearphishing

Answer: A

 

NEW QUESTION 361
You are carrying out the last round of testing for your new website before it goes live. The website has many dynamic pages and connects to a SQL backend that accesses your product inventory in a database. You come across a web security site that recommends inputting the following code into a search field on web pages to check for vulnerabilities: When you type this and click on search, you receive a pop-up window that says: "This is a test." What is the result of this test?

  • A. Your website is vulnerable to CSS
  • B. Your website is not vulnerable
  • C. Your website is vulnerable to SQL injection
  • D. Your website is vulnerable to web bugs

Answer: A

 

NEW QUESTION 362
Item 2If you come across a sheepdip machine at your client site, what would you infer?

  • A. A sheepdip coordinates several honeypots
  • B. A sheepdip computer defers a denial of service attack
  • C. A sheepdip computer is another name for a honeypot
  • D. A sheepdip computer is used only for virus-checking.

Answer: D

 

NEW QUESTION 363
Which of the following is NOT a part of pre-investigation phase?

  • A. Creating an investigation team
  • B. Gathering information about the incident
  • C. Gathering evidence data
  • D. Building forensics workstation

Answer: C

 

NEW QUESTION 364
When should an MD5 hash check be performed when processing evidence?

  • A. Before and after evidence examination
  • B. On an hourly basis during the evidence examination
  • C. After the evidence examination has been completed
  • D. Before the evidence examination has been completed

Answer: A

 

NEW QUESTION 365
Which of the following is NOT a graphics file?

  • A. Picture2.bmp
  • B. Picture4.psd
  • C. Picture3.nfo
  • D. Picture1.tga

Answer: C

 

NEW QUESTION 366
Which of the following standard represents a legal precedent regarding the admissibility of scientific examinations or experiments in legal cases?

  • A. Frye
  • B. IOCE
  • C. SWGDE & SWGIT
  • D. Daubert

Answer: A

 

NEW QUESTION 367
E-mail logs contain which of the following information to help you in your investigation? (Choose four.)

  • A. attachments sent with the e-mail message
  • B. contents of the e-mail message
  • C. date and time the message was sent
  • D. unique message identifier
  • E. user account that was used to send the account

Answer: B,C,D,E

 

NEW QUESTION 368
An investigator has found certain details after analysis of a mobile device. What can reveal the manufacturer information?

  • A. International mobile subscriber identity (IMSI)
  • B. Electronic Serial Number (ESN)
  • C. Equipment Identity Register (EIR)
  • D. Integrated circuit card identifier (ICCID)

Answer: B

 

NEW QUESTION 369
An Expert witness give an opinion if:

  • A. To stimulate discussion between the consulting expert and the expert witness
  • B. To deter the witness form expanding the scope of his or her investigation beyond the requirements of the case
  • C. The Opinion, inferences or conclusions depend on special knowledge, skill or training not within the ordinary experience of lay jurors
  • D. To define the issues of the case for determination by the finder of fact

Answer: C

 

NEW QUESTION 370
Which of the following application password cracking tool can discover all password-protected items on a computer and decrypts them?

  • A. Passware Kit Forensic
  • B. R-Studio
  • C. TestDisk for Windows
  • D. Windows Password Recovery Bootdisk

Answer: A

 

NEW QUESTION 371
......

EC-COUNCIL 312-49v10 Real 2022 Braindumps Mock Exam Dumps: https://vceplus.actualtestsquiz.com/312-49v10-test-torrent.html

Related Blogs

more
EC-COUNCIL 312-49v10 Certification Practice Exam

With our veteran experience in this career, we can claim that you can pass your exam as easy as pie by studying with our splendid exam materials for 20 to 30 hours. More and more candidates have obtained their expected certification with our help. So will you.

Latest Update

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 ACTUALTESTSQUIZ.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor. Privacy Policy