EC-Council 312-49v9 ECCouncil Computer Hacking Forensic Investigator (V9) Online Training
EC-Council 312-49v9 Online Training
The questions for 312-49v9 were last updated at Dec 24,2024.
- Exam Code: 312-49v9
- Exam Name: ECCouncil Computer Hacking Forensic Investigator (V9)
- Certification Provider: EC-Council
- Latest update: Dec 24,2024
What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever the course of its lifetime?
- A . forensic duplication of hard drive
- B . analysis of volatile data
- C . comparison of MD5 checksums
- D . review of SIDs in the Registry
What is a good security method to prevent unauthorized users from "tailgating"?
- A . Man trap
- B . Electronic combination locks
- C . Pick-resistant locks
- D . Electronic key systems
When examining the log files from a Windows IIS Web Server, how often is a new log file created?
- A . the same log is used at all times
- B . a new log file is created everyday
- C . a new log file is created each week
- D . a new log is created each time the Web Server is started
You are working as Computer Forensics investigator and are called by the owner of an accounting firm to investigate possible computer abuse by one of the firm’s employees. You meet with the owner of the firm and discover that the company has never published a policy stating that they reserve the right to inspect their computing assets at will .
What do you do?
- A . Inform the owner that conducting an investigation without a policy is not a problem because the company is privately owned
- B . Inform the owner that conducting an investigation without a policy is a violation of the 4th amendment
- C . Inform the owner that conducting an investigation without a policy is a violation of the employee’s expectation of privacy
- D . Inform the owner that conducting an investigation without a policy is not a problem because a policy is only necessary for government agencies
What will the following command accomplish?
- A . Test ability of a router to handle over-sized packets
- B . Test the ability of a router to handle under-sized packets
- C . Test the ability of a WLAN to handle fragmented packets
- D . Test the ability of a router to handle fragmented packets
As a CHFI professional, which of the following is the most important to your professional reputation?
- A . Your Certifications
- B . The correct, successful management of each and every case
- C . The free that you charge
- D . The friendship of local law enforcement officers
You are assisting in the investigation of a possible Web Server Hack. The company who called you stated that customers reported to them that whenever they entered the web address of the company in their browser, what they received was a porno graphic web site.
The company checked the web server and nothing appears wrong. When you type in the IP address of the web site in your browser everything appears normal .
What is the name of the attack that affects the DNS cache of the name resolution servers, resulting in those servers directing users to the wrong web site?
- A . ARP Poisoning
- B . DNS Poisoning
- C . HTTP redirect attack
- D . IP Spoofing
To preserve digital evidence, an investigator should ____________________.
- A . Make two copies of each evidence item using a single imaging tool
- B . Make a single copy of each evidence item using an approved imaging tool
- C . Make two copies of each evidence item using different imaging tools
- D . Only store the original evidence item
In Linux, what is the smallest possible shellcode?
- A . 24 bytes
- B . 8 bytes
- C . 800 bytes
- D . 80 bytes
During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore, you report this evidence.
This type of evidence is known as:
- A . Inculpatory evidence
- B . Mandatory evidence
- C . Exculpatory evidence
- D . Terrible evidence