Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

312-49v10Free trial

By eccouncil

Verified

25Q per page

Question 76

After attending a CEH security seminar, you make a list of changes you would like to perform on your network to increase its security. One of the first things you change is to switch the RestrictAnonymous setting from 0 to 1 on your servers. This, as you were told, would prevent anonymous users from establishing a null session on the server. Using Userinfo tool mentioned at the seminar, you succeed in establishing a null session with one of the servers. Why is that?

A: RestrictAnonymous must be set to "10" for complete security
B: RestrictAnonymous must be set to "3" for complete security
C: RestrictAnonymous must be set to "2" for complete security
D: There is no way to always prevent an anonymous null session from establishing

—

Question 77

In a virtual test environment, Michael is testing the strength and security of BGP using multiple routers to mimic the backbone of the Internet. This project will help him write his doctoral thesis on "bringing down the Internet". Without sniffing the traffic between the routers, Michael sends millions of RESET packets to the routers in an attempt to shut one or all of them down. After a few hours, one of the routers finally shuts itself down. What will the other routers communicate between themselves?

A: The change in the routing fabric to bypass the affected router
B: More RESET packets to the affected router to get it to power back up
C: RESTART packets to the affected router to get it to power back up
D: STOP packets to all other routers warning of where the attack originated

—

Question 78

How many possible sequence number combinations are there in TCP/IP protocol?

A: 1 billion
B: 320 billion
C: 4 billion
D: 32 million

—

Question 79

Tyler is setting up a wireless network for his business that he runs out of his home. He has followed all the directions from the ISP as well as the wireless router manual. He does not have any encryption set and the SSID is being broadcast. On his laptop, he can pick up the wireless signal for short periods of time, but then the connection drops and the signal goes away.
Eventually the wireless signal shows back up, but drops intermittently. What could be Tyler issue with his home wireless network?

A: Computers on his wired network
B: Satellite television
C: 2.4Ghz Cordless phones
D: CB radio

—

Question 80

What layer of the OSI model do TCP and UDP utilize?

A: Data Link
B: Network
C: Transport
D: Session

—

Question 81

When examining the log files from a Windows IIS Web Server, how often is a new log file created?

A: the same log is used at all times
B: a new log file is created everyday
C: a new log file is created each week
D: a new log is created each time the Web Server is started

—

Question 82

What type of equipment would a forensics investigator store in a StrongHold bag?

A: PDAPDA?
B: Backup tapes
C: Hard drives
D: Wireless cards

—

Question 83

If you are concerned about a high level of compression but not concerned about any possible data loss, what type of compression would you use?

A: Lossful compression
B: Lossy compression
C: Lossless compression
D: Time-loss compression

—

Question 84

Which of the following does Microsoft Exchange E-mail Server use for collaboration of various e-mail applications?

A: Simple Mail Transfer Protocol (SMTP)
B: Messaging Application Programming Interface (MAPI)
C: Internet Message Access Protocol (IMAP)
D: Post Office Protocol version 3 (POP3)

—

Question 85

An investigator is searching through the firewall logs of a company and notices ICMP packets that are larger than 65,536 bytes. What type of activity is the investigator seeing?

A: Smurf
B: Ping of death
C: Fraggle
D: Nmap scan

—

Question 86

When carrying out a forensics investigation, why should you never delete a partition on a dynamic disk?

A: All virtual memory will be deleted
B: The wrong partition may be set to active
C: This action can corrupt the disk
D: The computer will be set in a constant reboot state

—

Question 87

What is one method of bypassing a system BIOS password?

A: Removing the processor
B: Removing the CMOS battery
C: Remove all the system memory
D: Login to Windows and disable the BIOS password

—

Question 88

What technique used by Encase makes it virtually impossible to tamper with evidence once it has been acquired?

A: Every byte of the file(s) is given an MD5 hash to match against a master file
B: Every byte of the file(s) is verified using 32-bit CRC
C: Every byte of the file(s) is copied to three different hard drives
D: Every byte of the file(s) is encrypted using three different methods

—

Question 89

Which part of the Windows Registry contains the user's password file?

A: HKEY_LOCAL_MACHINE
B: HKEY_CURRENT_CONFIGURATION
C: HKEY_USER
D: HKEY_CURRENT_USER

—

Question 90

A small law firm located in the Midwest has possibly been breached by a computer hacker looking to obtain information on their clientele. The law firm does not have any on-site IT employees, but wants to search for evidence of the breach themselves to prevent any possible media attention. Why would this not be recommended?

A: Searching for evidence themselves would not have any ill effects
B: Searching could possibly crash the machine or device
C: Searching creates cache files, which would hinder the investigation
D: Searching can change date/time stamps

—

Question 91

In the following directory listing:

Which file should be used to restore archived email messages for someone using Microsoft Outlook?

A: Outlook bak
B: Outlook ost
C: Outlook NK2
D: Outlook pst

—

Question 92

Daryl, a computer forensics investigator, has just arrived at the house of an alleged computer hacker. Daryl takes pictures and tags all computer and peripheral equipment found in the house. Daryl packs all the items found in his van and takes them back to his lab for further examination. At his lab, Michael his assistant helps him with the investigation. Since Michael is still in training, Daryl supervises all of his work very carefully. Michael is not quite sure about the procedures to copy all the data off the computer and peripheral devices. How many data acquisition tools should Michael use when creating copies of the evidence for the investigation?

A: Two
B: One
C: Three
D: Four

—

Question 93

What feature of Decryption Collection allows an investigator to crack a password as quickly as possible?

A: Cracks every password in 10 minutes
B: Distribute processing over 16 or fewer computers
C: Support for Encrypted File System
D: Support for MD5 hash verification

—

Question 94

Heather, a computer forensics investigator, is assisting a group of investigators working on a large computer fraud case involving over 20 people. These 20 people, working in different offices, allegedly siphoned off money from many different client accounts. Heather responsibility is to find out how the accused people communicated between each other. She has searched their email and their computers and has not found any useful evidence. Heather then finds some possibly useful evidence under the desk of one of the accused.
In an envelope she finds a piece of plastic with numerous holes cut out of it. Heather then finds the same exact piece of plastic with holes at many of the other accused peoples desks. Heather believes that the 20 people involved in the case were using a cipher to send secret messages in between each other. What type of cipher was used by the accused in this case?

A: Grill cipher
B: Null cipher
C: Text semagram
D: Visual semagram

—

Question 95

What is the smallest physical storage unit on a hard drive?

A: Track
B: Cluster
C: Sector
D: Platter

—

Question 96

When needing to search for a website that is no longer present on the Internet today but was online few years back, what site can be used to view the website collection of pages?

A: Proxify.net
B: Dnsstuff.com
C: Samspade.org
D: Archive.org

—

Question 97

Where does Encase search to recover NTFS files and folders?

A: MBR
B: MFT
C: Slack space
D: HAL

—

Question 98

Given the drive dimensions as follows and assuming a sector has 512 bytes, what is the capacity of the described hard drive?
22,164 cylinders/disk
80 heads/cylinder
63 sectors/track

A: 53.26 GB
B: 57.19 GB
C: 11.17 GB
D: 10 GB

—

Question 99

A forensics investigator is searching the hard drive of a computer for files that were recently moved to the Recycle Bin. He searches for files in C:\RECYCLED using a command line tool but does not find anything. What is the reason for this?

A: He should search in C:\Windows\System32\RECYCLED folder
B: The Recycle Bin does not exist on the hard drive
C: The files are hidden and he must use switch to view them
D: Only FAT system contains RECYCLED folder and not NTFS

—

Question 100

Why should you never power on a computer that you need to acquire digital evidence from?

A: When the computer boots up, files are written to the computer rendering the data nclean
B: When the computer boots up, the system cache is cleared which could destroy evidence
C: When the computer boots up, data in the memory buffer is cleared which could destroy evidence
D: Powering on a computer has no affect when needing to acquire digital evidence from it

—

Page 4 of 25 • Questions 76-100 of 610

←

2 3 4 5 6

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!