• Home
  • Blogs
  • [Nov 11, 2021] 312-49 Ultimate Study Guide - Exams-boost [Q76-Q91]

[Nov 11, 2021] 312-49 Ultimate Study Guide - Exams-boost [Q76-Q91]

Share

[Nov 11, 2021] 312-49 Ultimate Study Guide -  Exams-boost

Ultimate Guide to Prepare 312-49 Certification Exam for Certified Ethical Hacker in 2021


EC-COUNCIL 312-49 Exam Syllabus Topics:

TopicDetails
Topic 1
  • Computer Forensics in Today’s World
Topic 2
  • Network Forensics
Topic 3
  • Understanding Hard Disks and File Systems
Topic 4
  • Investigat
Topic 5
  • Data Acquisition and Duplication
Topic 6
  • Operating System Forensics
Topic 7
  • Computer Forensics Investigation Process
Topic 8
  • Defeating Anti-Forensics Techniques


312-49 Topic Areas

The EC-Council 312-49 exam is based on the technical objectives listed below:

  • Regulations, Policies, and Ethics;
  • Digital Forensics;
  • Digital Evidence.
  • Forensic Science;
  • Procedures and Methodology;
  • Tools/Systems/Programs;

 

NEW QUESTION 76
What does the 56.58.152.114(445) denote in a Cisco router log?
Jun 19 23:25:46.125 EST: %SEC-4-IPACCESSLOGP: list internet-inbound denied udp 67.124.115.35(8084) ->
56.58.152.114(445), 1 packet

  • A. None of the above
  • B. Source IP address
  • C. Destination IP address
  • D. Login IP address

Answer: C

 

NEW QUESTION 77
Which of the following tool enables a user to reset his/her lost admin password in a Windows system?

  • A. Active@ Password Changer
  • B. Passware Kit Forensic
  • C. Advanced Office Password Recovery
  • D. Smartkey Password Recovery Bundle Standard

Answer: A

 

NEW QUESTION 78
What feature of Windows is the following command trying to utilize?

  • A. White space
  • B. AFS
  • C. Slack file
  • D. ADS

Answer: D

 

NEW QUESTION 79
Which of the following stages in a Linux boot process involve initialization of the system's hardware?

  • A. Bootloader Stage
  • B. BootROM Stage
  • C. BIOS Stage
  • D. Kernel Stage

Answer: C

 

NEW QUESTION 80
Bob has been trying to penetrate a remote production system for the past two weeks. This time however, he is able to get into the system. He was able to use the System for a period of three weeks. However, law enforcement agencies were recoding his every activity and this was later presented as evidence.
The organization had used a Virtual Environment to trap Bob. What is a Virtual Environment?

  • A. A system Using Trojaned commands
  • B. A Honeypot that traps hackers
  • C. An environment set up before a user logs in
  • D. An environment set up after the user logs in

Answer: B

Explanation:
Explanation/Reference:

 

NEW QUESTION 81
Which program is the oot loader?when Windows XP starts up?Which program is the ?oot loader?when Windows XP starts up?

  • A. KERNEL.EXE
  • B. NTLDR
  • C. LILO
  • D. LOADER

Answer: B

 

NEW QUESTION 82
Under confession, an accused criminal admitted to encrypting child pornography pictures and then hiding them within other pictures. What technique did the accused criminal employ?

  • A. Steganography
  • B. Picture encoding
  • C. Typography
  • D. Steganalysis

Answer: A

 

NEW QUESTION 83
What are the security risks of running a "repair" installation for Windows XP?

  • A. There are no security risks when running the "repair" installation for Windows XP
  • B. Pressing Shift+F10gives the user administrative rights
  • C. Pressing Shift+F1gives the user administrative rights
  • D. Pressing Ctrl+F10 gives the user administrative rights

Answer: B

 

NEW QUESTION 84
Depending upon the jurisdictional areas, different laws apply to different incidents. Which of the following law is related to fraud and related activity in connection with computers?

  • A. 18 USC §1029
  • B. 18 USC §1371
  • C. 18 USC §1361
  • D. 18 USC §1030

Answer: D

 

NEW QUESTION 85
An employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the employee computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to astored on the employee? computer that was protected with the NTFS
Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekend. You detain the employee before he leaves the building and recover the floppy disk and secure his computer. Will you be able to break the encryption so that you can verify that the employee was in possession of the proprietary information?

  • A. When the encrypted file was copied to the floppy disk, the EFS private key was also copied to the floppy disk, so you can recover the information
  • B. The EFS Revoked Key Agent can be used on the computer to recover the information
  • C. When the encrypted file was copied to the floppy disk, it was automatically unencrypted, so you can recover the information
  • D. EFS uses a 128-bit key that cannot be cracked, so you will not be able to recover the information

Answer: C

 

NEW QUESTION 86
Meyer Electronics Systems just recently had a number of laptops stolen out of their office. On these laptops contained sensitive corporate information regarding patents and company strategies. A month after the laptops were stolen, a competing company was found to have just developed products that almost exactly duplicated products that Meyer produces. What could have prevented this information from being stolen from the laptops?

  • A. SDW Encryption
  • B. EFS Encryption
  • C. DFS Encryption
  • D. IPS Encryption

Answer: B

Explanation:
Explanation

 

NEW QUESTION 87
When a router receives an update for its routing table, what is the metric value change to that path?

  • A. Increased by 1
  • B. Increased by 2
  • C. Decreased by 1
  • D. Decreased by 2

Answer: A

 

NEW QUESTION 88
Which of the following refers to the data that might still exist in a cluster even though the original file has been overwritten by another file?

  • A. Slack Space
  • B. Metadata
  • C. MFT
  • D. Sector

Answer: A

 

NEW QUESTION 89
Your company's network just finished going through a SAS 70 audit. This audit reported that overall, your network is secure, but there are some areas that needs improvement. The major area was SNMP security.
The audit company recommended turning off SNMP, but that is not an option since you have so many remote nodes to keep track of. What step could you take to help secure SNMP on your network?

  • A. Change the default community string names
  • B. Block all internal MAC address from using SNMP
  • C. Block access to UDP port 171
  • D. Block access to TCP port 171

Answer: A

 

NEW QUESTION 90
During an investigation, an employee was found to have deleted harassing emails that were sent to someone else. The company was using Microsoft Exchange and had message tracking enabled. Where could the investigator search to find the message tracking log file on the Exchange server?

  • A. C:\Program Files\Microsoft Exchange\srvr\servername.log
  • B. C:\Program Files\Exchsrvr\servername.log
  • C. C:\Exchsrvr\Message Tracking\servername.log
  • D. D:\Exchsrvr\Message Tracking\servername.log

Answer: B

Explanation:
Explanation

 

NEW QUESTION 91
......

Certified Ethical Hacker Fundamentals-312-49 Exam-Practice-Dumps: https://www.exams-boost.com/312-49-valid-materials.html

Related Blogs

more
EC-COUNCIL 312-49 Certification Practice Exam

Copyright © 2026 EXAMS-BOOST.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.