EC-Council 312-49v9 ECCouncil Computer Hacking Forensic Investigator (V9) Online Training
EC-Council 312-49v9 Online Training
The questions for 312-49v9 were last updated at Oct 29,2024.
- Exam Code: 312-49v9
- Exam Name: ECCouncil Computer Hacking Forensic Investigator (V9)
- Certification Provider: EC-Council
- Latest update: Oct 29,2024
As a security analyst, you setup a false survey website that will require users to create a username and a strong password. You send the link to all the employees of the company .
What information will you be able to gather?
- A . The IP address of the employees’ computers
- B . Bank account numbers and the corresponding routing numbers
- C . The employees network usernames and passwords
- D . The MAC address of the employees’ computers
E-mail logs contain which of the following information to help you in your investigation? (Choose four.)
- A . user account that was used to send the account
- B . attachments sent with the e-mail message
- C . unique message identifier
- D . contents of the e-mail message
- E . date and time the message was sent
A(n) _____________________ is one that’s performed by a computer program rather than the attacker manually performing the steps in the attack sequence.
- A . blackout attack
- B . automated attack
- C . distributed attack
- D . central processing attack
You are a computer forensics investigator working with local police department and you are called to assist in an investigation of threatening emails. The complainant has printer out 27 email messages from the suspect and gives the printouts to you. You inform her that you will need to examine her computer because you need access to the _________________________ in order to track the emails back to the suspect.
- A . Routing Table
- B . Firewall log
- C . Configuration files
- D . Email Header
When using Windows acquisitions tools to acquire digital evidence, it is important to use a well-tested hardware write-blocking device to:
- A . Automate Collection from image files
- B . Avoiding copying data from the boot partition
- C . Acquire data from host-protected area on a disk
- D . Prevent Contamination to the evidence drive
You are assigned to work in the computer forensics lab of a state police agency. While working on a high profile criminal case, you have followed every applicable procedure, however your boss is still concerned that the defense attorney might question whether evidence has been changed while at the lab .
What can you do to prove that the evidence is the same as it was when it first entered the lab?
- A . make an MD5 hash of the evidence and compare it with the original MD5 hash that was taken when the evidence first entered the lab
- B . make an MD5 hash of the evidence and compare it to the standard database developed by NIST
- C . there is no reason to worry about this possible claim because state labs are certified
- D . sign a statement attesting that the evidence is the same as it was when it entered the lab
Chris has been called upon to investigate a hacking incident reported by one of his clients. The company suspects the involvement of an insider accomplice in the attack. Upon reaching the incident scene, Chris secures the physical area, records the scene using visual media. He shuts the system down by pulling the power plug so that he does not disturb the system in any way. He labels all cables and connectors prior to disconnecting any .
What do you think would be the next sequence of events?
- A . Connect the target media; prepare the system for acquisition; Secure the evidence;
Copy the media - B . Prepare the system for acquisition; Connect the target media; copy the media; Secure the evidence
- C . Connect the target media; Prepare the system for acquisition; Secure the evidence; Copy the media
- D . Secure the evidence; prepare the system for acquisition; Connect the target media; copy the media
You are assisting a Department of Defense contract company to become compliant with the stringent security policies set by the DoD. One such strict rule is that firewalls must only allow incoming connections that were first initiated by internal computers .
What type of firewall must you implement to abide by this policy?
- A . Packet filtering firewall
- B . Circuit-level proxy firewall
- C . Application-level proxy firewall
- D . Stateful firewall
You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation.
Your job is to complete the required evidence custody forms to properly document each piece of evidence as it is collected by other members of your team. Your manager instructs you to complete one multi-evidence form for the entire case and a single-evidence form for each hard drive .
How will these forms be stored to help preserve the chain of custody of the case?
- A . All forms should be placed in an approved secure container because they are now primary evidence in the case.
- B . The multi-evidence form should be placed in the report file and the single-evidence
forms should be kept with each hard drive in an approved secure container. - C . The multi-evidence form should be placed in an approved secure container with the hard drives and the single-evidence forms should be placed in the report file.
- D . All forms should be placed in the report file because they are now primary evidence in the case.
Which response organization tracks hoaxes as well as viruses?
- A . NIPC
- B . FEDCIRC
- C . CERT
- D . CIAC
Latest 312-49v9 Dumps Valid Version with 547 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
