Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

312-49v10Free trial

By eccouncil

Verified

25Q per page

Question 101

What is the slave device connected to the secondary IDE controller on a Linux OS referred to?

A: hda
B: hdd
C: hdb
D: hdc

—

Question 102

What will the following command accomplish?
dd if=/dev/xxx of=mbr.backup bs=512 count=1

A: Back up the master boot record
B: Restore the master boot record
C: Mount the master boot record on the first partition of the hard drive
D: Restore the first 512 bytes of the first partition of the hard drive

—

Question 103

Preparing an image drive to copy files to is the first step in Linux forensics. For this purpose, what would the following command accomplish? dcfldd if=/dev/zero of=/dev/hda bs=4096 conv=noerror, sync

A: Fill the disk with zeros
B: Low-level format
C: Fill the disk with 4096 zeros
D: Copy files from the master disk to the slave disk on the secondary IDE controller

—

Question 104

A picture file is recovered from a computer under investigation. During the investigation process, the file is enlarged 500% to get a better view of its contents. The picture quality is not degraded at all from this process. What kind of picture is this file?

A: Raster image
B: Vector image
C: Metafile image
D: Catalog image

—

Question 105

What advantage does the tool Evidor have over the built-in Windows search?

A: It can find deleted files even after they have been physically removed
B: It can find bad sectors on the hard drive
C: It can search slack space
D: It can find files hidden within ADS

—

Question 106

An on-site incident response team is called to investigate an alleged case of computer tampering within their company. Before proceeding with the investigation, the CEO informs them that the incident will be classified as low level. How long will the team have to respond to the incident?

A: One working day
B: Two working days
C: Immediately
D: Four hours

—

Question 107

What type of attack sends SYN requests to a target system with spoofed IP addresses?

A: SYN flood
B: Ping of death
C: Cross site scripting
D: Land

—

Question 108

Lance wants to place a honeypot on his network. Which of the following would be your recommendations?

A: Use a system that has a dynamic addressing on the network
B: Use a system that is not directly interacting with the router
C: Use it on a system in an external DMZ in front of the firewall
D: It doesn't matter as all replies are faked

—

Question 109

Harold is a computer forensics investigator working for a consulting firm out of Atlanta Georgia. Harold is called upon to help with a corporate espionage case in
Miami Florida. Harold assists in the investigation by pulling all the data from the computers allegedly used in the illegal activities. He finds that two suspects in the company where stealing sensitive corporate information and selling it to competing companies. From the email and instant messenger logs recovered, Harold has discovered that the two employees notified the buyers by writing symbols on the back of specific stop signs. This way, the buyers knew when and where to meet with the alleged suspects to buy the stolen material. What type of steganography did these two suspects use?

A: Text semagram
B: Visual semagram
C: Grill cipher
D: Visual cipher

—

Question 110

How many times can data be written to a DVD+R disk?

A: Twice
B: Once
C: Zero
D: Infinite

—

Question 111

What must be obtained before an investigation is carried out at a location?

A: Search warrant
B: Subpoena
C: Habeas corpus
D: Modus operandi

—

Question 112

Paul is a computer forensics investigator working for Tyler & Company Consultants. Paul has been called upon to help investigate a computer hacking ring broken up by the local police. Paul begins to inventory the PCs found in the hackers hideout. Paul then comes across a PDA left by them that is attached to a number of different peripheral devices. What is the first step that Paul must take with the PDA to ensure the integrity of the investigation?

A: Place PDA, including all devices, in an antistatic bag
B: Unplug all connected devices
C: Power off all devices if currently on
D: Photograph and document the peripheral devices

—

Question 113

During an investigation, an employee was found to have deleted harassing emails that were sent to someone else. The company was using Microsoft Exchange and had message tracking enabled. Where could the investigator search to find the message tracking log file on the Exchange server?

A: C:\Program Files\Exchsrvr\servername.log
B: D:\Exchsrvr\Message Tracking\servername.log
C: C:\Exchsrvr\Message Tracking\servername.log
D: C:\Program Files\Microsoft Exchange\srvr\servername.log

—

Question 114

Paraben Lockdown device uses which operating system to write hard drive data?

A: Mac OS
B: Red Hat
C: Unix
D: Windows

—

Question 115

What technique is used by JPEGs for compression?

A: ZIP
B: TCD
C: DCT
D: TIFF-8

—

Question 116

John is working as a computer forensics investigator for a consulting firm in Canada. He is called to seize a computer at a local web caf purportedly used as a botnet server. John thoroughly scans the computer and finds nothing that would lead him to think the computer was a botnet server. John decides to scan the virtual memory of the computer to possibly find something he had missed. What information will the virtual memory scan produce?

A: It contains the times and dates of when the system was last patched
B: It is not necessary to scan the virtual memory of a computer
C: It contains the times and dates of all the system files
D: Hidden running processes

—

Question 117

What method of copying should always be performed first before carrying out an investigation?

A: Parity-bit copy
B: Bit-stream copy
C: MS-DOS disc copy
D: System level copy

—

Question 118

What does the acronym POST mean as it relates to a PC?

A: Primary Operations Short Test
B: PowerOn Self Test
C: Pre Operational Situation Test
D: Primary Operating System Test

—

Question 119

Where is the default location for Apache access logs on a Linux computer?

A: usr/local/apache/logs/access_log
B: bin/local/home/apache/logs/access_log
C: usr/logs/access_log
D: logs/usr/apache/access_log

—

Question 120

Which of the following is found within the unique instance ID key and helps investigators to map the entry from USBSTOR key to the MountedDevices key?

A: ParentIDPrefix
B: LastWrite
C: UserAssist key
D: MRUListEx key

—

Question 121

How often must a company keep log files for them to be admissible in a court of law?

A: All log files are admissible in court no matter their frequency
B: Weekly
C: Monthly
D: Continuously

—

Question 122

What file is processed at the end of a Windows XP boot to initialize the logon dialog box?

A: NTOSKRNL.EXE
B: NTLDR
C: LSASS.EXE
D: NTDETECT.COM

—

That’s the end of your free questions

You’ve reached the preview limit for 312-49v10

Consider upgrading to gain full access!

Page 5 of 25 • Questions 101-125 of 610

←

3 4 5 6 7

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!