Latest Nov 01, 2021 312-49 Brain Dump A Study Guide with Tips & Tricks for passing Exam [Q11-Q34]

Share

Latest Nov 01, 2021 312-49 Brain Dump: A Study Guide with Tips & Tricks for passing Exam

312-49 Question Bank: Free PDF Download Recently Updated Questions


The EC-Council 312-49 or Computer Hacking Forensic Investigator exam is designed to validate candidates who want to detect hacking and extract evidence for crime reporting & auditing to evade future attacks. This test qualifies candidates for the ECC certification of a similar name, the Computer Hacking Forensic Investigator (CHFI). It suits a wide range of individuals including the following groups:

  • System administrators;
  • IT managers;
  • Banking and insurance professionals.
  • Government agencies;
  • Legal professionals;
  • eBusiness security professionals;
  • Police;
  • Defense or military personnel;

This certification exam measures the individuals’ knowledge of identifying the intruders’ footprints. It also equips the interested candidates with the skills required to collect the relevant proof to indict defaulters in a court of law. Those students who achieve the passing score in EC-Council 312-49 qualify to earn the Computer Hacking Forensic Investigator certificate. The certification you obtain validates your skills in specific security specialization in the domain of computer forensics. The potential applicants for this track will develop the expertise required to function in a range of career paths associated with cybersecurity and other legal professions.

NEW QUESTION 11
Why would you need to find out the gateway of a device when investigating a wireless attack?

  • A. The gateway will be the IP used to manage the access point
  • B. The gateway will be the IP of the proxy server used by the attacker to launch the attack
  • C. The gateway will be the IP of the attacker computerThe gateway will be the IP of the attacker? computer
  • D. The gateway will be the IP used to manage the RADIUS server

Answer: A

 

NEW QUESTION 12
Chris has been called upon to investigate a hacking incident reported by one of his clients. The company suspects the involvement of an insider accomplice in the attack. Upon reaching the incident scene, Chris secures the physical area, records the scene using visual media. He shuts the system down by pulling the power plug so that he does not disturb the system in any way. He labels all cables and connectors prior to disconnecting any. What do you think would be the next sequence of events?

  • A. Connect the target media; prepare the system for acquisition; Secure the evidence; Copy the media
  • B. Connect the target media; Prepare the system for acquisition; Secure the evidence; Copy the media
  • C. Prepare the system for acquisition; Connect the target media; copy the media; Secure the evidence
  • D. Secure the evidence; prepare the system for acquisition; Connect the target media; copy the media

Answer: C

Explanation:
Explanation/Reference:

 

NEW QUESTION 13
While presenting his case to the court, Simon calls many witnesses to the stand to testify. Simon decides to call Hillary Taft, a lay witness, to the stand. Since Hillary is a lay witness, what field would she be considered an expert in?

  • A. Technical material related to forensics
  • B. Judging the character of defendants/victims
  • C. Legal issues
  • D. No particular field

Answer: D

 

NEW QUESTION 14
What stage of the incident handling process involves reporting events?

  • A. Containment
  • B. Follow-up
  • C. Identification
  • D. Recovery

Answer: C

 

NEW QUESTION 15
What is the following command trying to accomplish?

  • A. Verify that NETBIOS is running for the 192.168.0.0 network
  • B. Verify that UDP port 445 is open for the 192.168.0.0 network
  • C. Verify that TCP port 445 is open for the 192.168.0.0 network
  • D. Verify that UDP port 445 is closed for the 192.168.0.0 network

Answer: B

 

NEW QUESTION 16
Which of the following is a part of a Solid-State Drive (SSD)?

  • A. Cylinder
  • B. Head
  • C. NAND-based flash memory
  • D. Spindle

Answer: C

 

NEW QUESTION 17
A state department site was recently attacked and all the servers had their disks erased. The incident response team sealed the area and commenced investigation. During evidence collection they came across a zip disks that did not have the standard labeling on it. The incident team ran the disk on an isolated system and found that the system disk was accidentally erased. They decided to call in the FBI for further investigation. Meanwhile, they short listed possible suspects including three summer interns. Where did the incident team go wrong?

  • A. They called in the FBI without correlating with the fingerprint data
  • B. They tampered with evidence by using it
  • C. They examined the actual evidence on an unrelated system
  • D. They attempted to implicate personnel without proof

Answer: B

 

NEW QUESTION 18
You are the security analyst working for a private company out of France. Your current assignment is to obtain credit card information from a Swiss bank owned by that company. After initial reconnaissance, you discover that the bank security defenses are very strong and would take too long to penetrate. You decide to get the information by monitoring the traffic between the bank and one of its subsidiaries in London. After monitoring some of the traffic, you see a lot of FTP packets traveling back and forth. You want to sniff the traffic and extract usernames and passwords. What tool could you use to get this information?

  • A. RaidSniff
  • B. Snort
  • C. Ettercap
  • D. Airsnort

Answer: C

 

NEW QUESTION 19
Madison is on trial for allegedly breaking into her university internal network. The police raided her dorm room and seized all of her computer equipment. Madison lawyer is trying to convince the judge that the seizure was unfounded and baseless. Under which US Amendment is Madison lawyer trying to prove the police violated?

  • A. The 5th Amendment
  • B. The 4th Amendment
  • C. The 10th Amendment
  • D. The 1st Amendment

Answer: B

Explanation:
Explanation

 

NEW QUESTION 20
If a PDA is seized in an investigation while the device is turned on, what would be the proper procedure?

  • A. Remove any memory cards immediately
  • B. Turn off the device immediately
  • C. Remove the battery immediately
  • D. Keep the device powered on

Answer: D

 

NEW QUESTION 21
Cylie is investigating a network breach at a state organization in Florida. She discovers that the intruders were able to gain access into the company firewalls by overloading them with IP packets. Cylie then discovers through her investigation that the intruders hacked into the company phone system and used the hard drives on their PBX system to store shared music files. What would this attack on the company PBX system be called?

  • A. Squatting
  • B. Phreaking
  • C. Pretexting
  • D. Crunching

Answer: B

 

NEW QUESTION 22
You setup SNMP in multiple offices of your company. Your SNMP software manager is not receiving data from other offices like it is for your main office. You suspect that firewall changes are to blame. What ports should you open for SNMP to work through Firewalls? (Choose two.)

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: A,C

 

NEW QUESTION 23
The offset in a hexadecimal code is:

  • A. The 0x at the end of the code
  • B. The last byte after the colon
  • C. The 0x at the beginning of the code
  • D. The first byte after the colon

Answer: C

 

NEW QUESTION 24
What will the following command produce on a website login page? SELECT email, passwd, login_id, full_name FROM members WHERE email = '[email protected]'; DROP TABLE members; --'

  • A. This command will not produce anything since the syntax is incorrect
  • B. Deletes the entire members table
  • C. Inserts the Error! Reference source not found.email address into the members table
  • D. Retrieves the password for the first user in the members table

Answer: B

 

NEW QUESTION 25
You are running through a series of tests on your network to check for any security vulnerabilities.
After normal working hours, you initiate a DoS attack against your external firewall. The firewall Quickly freezes up and becomes unusable. You then initiate an FTP connection from an external IP into your internal network. The connection is successful even though you have FTP blocked at the external firewall.
What has happened?

  • A. The firewall ACL has been purged
  • B. The firewall failed-bypass
  • C. The firewall failed-open
  • D. The firewall failed-closed

Answer: C

 

NEW QUESTION 26
What binary coding is used most often for e-mail purposes?

  • A. SMTP
  • B. MIME
  • C. Uuencode
  • D. IMAP

Answer: B

 

NEW QUESTION 27
What is the CIDR from the following screenshot?

  • A. /24A./24A./24
  • B. /8D./8D./8
  • C. /16 C./16 C./16
  • D. /32 B./32 B./32

Answer: B

 

NEW QUESTION 28
What file structure database would you expect to find on floppy disks?

  • A. NTFS
  • B. FAT16
  • C. FAT32
  • D. FAT12

Answer: D

 

NEW QUESTION 29
Bob has been trying to penetrate a remote production system for the past two weeks. This time however, he is able to get into the system. He was able to use the System for a period of three weeks. However, law enforcement agencies were recoding his every activity and this was later presented as evidence.
The organization had used a Virtual Environment to trap Bob. What is a Virtual Environment?

  • A. A Honeypot that traps hackers
  • B. A system Using Trojaned commands
  • C. An environment set up before a user logs in
  • D. An environment set up after the user logs in

Answer: A

Explanation:
Explanation/Reference:

 

NEW QUESTION 30
Analyze the hex representation of mysql-bin.000013 file in the screenshot below. Which of the following will be an inference from this analysis?

  • A. An attacker with name anonymous_hacker has replaced a user bad_guy in the WordPress database
  • B. A user with username bad_guy has logged into the WordPress web application
  • C. A WordPress user has been created with the username anonymous_hacker
  • D. A WordPress user has been created with the username bad_guy

Answer: D

 

NEW QUESTION 31
What will the following command accomplish in Linux? fdisk /dev/hda

  • A. Format the hard drive
  • B. Fill the disk with zeros
  • C. Partition the hard drive
  • D. Delete all files under the /dev/hda folder

Answer: C

 

NEW QUESTION 32
Which password cracking technique uses details such as length of password, character sets used to construct the password, etc.?

  • A. Rule-based attack
  • B. Brute force attack
  • C. Man in the middle attack
  • D. Dictionary attack

Answer: D

 

NEW QUESTION 33
An investigator is searching through the firewall logs of a company and notices ICMP packets that are larger than 65,536 bytes. What type of activity is the investigator seeing?

  • A. Ping of death
  • B. Fraggle
  • C. Nmap scan
  • D. Smurf

Answer: A

 

NEW QUESTION 34
......


Our 312-49 dumps will include those topics:

  • Computer Investigation Process
  • Computer Forensics in Today’s World
  • Steganography
  • Computer Security Incident Response Team
  • Becoming an Expert Witness
  • Forensics in action
  • Infringement
  • Understanding File systems and Hard disks
  • Recovering Deleted Files
  • Application password crackers
  • Windows Forensics
  • Image Files Forensics
  • Investigating Web Attacks
  • Computer Forensic Tools
  • Router Forensics
  • Linux and Macintosh Boot processes
  • Law And Computer Forensics
  • Investigating Logs
  • Data Acquisition and Duplication
  • Investigating network traffic
  • Mobile and PDA Forensics
  • Investigative Reports
  • Computer Forensic Laboratory Requirements
  • Investigating Trademark and Copyright
  • Linux Forensics
  • Tracking E-mails and Investigating E-mail crimes

For more info visit:

Computer Hacking Forensic Investigator

This Web Simulator is for Candidates that want to pass the official CHFI (Computer Hacking Forensics Investigator). The Web Simulator is the practice test for professionals studying for the forensics exams and for professionals needing the skills to identify an intruder’s footprints and properly gather the necessary evidence to prosecute. A candidate for this exam should demonstrate sufficient ability in computer investigation and analysis techniques in the interests of determining potential legal evidence.

The Web Simulator will also help candidates to understand better how to perform an advanced investigation and analysis over Cyber Crimes.

New 312-49 Exam Dumps with High Passing Rate: https://www.itexamreview.com/312-49-exam-dumps.html