312-49V8 ECCouncil Computer Hacking Forensic Investigator Set 5

Shortcuts are the files with the extension .Ink that are created and are accessed by the users.
These files provide you with information about:


Options are :

  • System logs
  • Running application
  • Files or network shares (Correct)
  • Application logs

Answer : Files or network shares

Which of the following statements is not a part of securing and evaluating electronic crime scene
checklist?


Options are :

  • Transmit additional flash messages to other responding units
  • Request additional help at the scene if needed
  • Blog about the incident on the internet (Correct)
  • Locate and help the victim

Answer : Blog about the incident on the internet

Certified Ethical Hacker (CEH) Practice

Which of the following statement is not correct when dealing with a powered-on computer at the
crime scene?


Options are :

  • If a computer is on and the monitor shows some picture or screen saver, move the mouse slowly without depressing any mouse button and take a photograph of the screen and record the information displayed
  • If a computer is switched on and the screen is viewable, record the programs running on screen and photograph the screen
  • If a monitor is powered on and the display is blank, move the mouse slowly without depressing any mouse button and take a photograph
  • If the computer is switched off. power on the computer to take screenshot of the desktop (Correct)

Answer : If the computer is switched off. power on the computer to take screenshot of the desktop

How do you define Technical Steganography?


Options are :

  • Steganography that uses physical or chemical means to hide the existence of a message (Correct)
  • Steganography that utilizes written JAVA language to hide the message in the carrier in some non-obvious ways
  • Steganography that utilizes written natural language to hide the message in the carrier in some non-obvious ways
  • Steganography that utilizes visual symbols or signs to hide secret messages

Answer : Steganography that uses physical or chemical means to hide the existence of a message

According to US federal rules, to present a testimony in a court of law, an expert witness needs to
furnish certain information to prove his eligibility. Jason, a qualified computer forensic expert who
has started practicing two years back, was denied an expert testimony in a computer crime case
by the US Court of Appeals for the Fourth Circuit in Richmond, Virginia. Considering the US
federal rules, what could be the most appropriate reason for the court to reject Jason's eligibility as
an expert witness?


Options are :

  • Jason was unable to furnish documents showing four years of previous experience in the field (Correct)
  • Jason was not aware of legal issues involved with computer crimes
  • Being a computer forensic expert, Jason is not eligible to present testimony in a computer crime case
  • Jason was unable to furnish documents to prove that he is a computer forensic expert

Answer : Jason was unable to furnish documents showing four years of previous experience in the field

ECCouncil EC0-479 Certified Security Analyst (ECSA) Exam Set 3

SMTP (Simple Mail Transfer protocol) receives outgoing mail from clients and validates source
and destination addresses, and also sends and receives emails to and from other SMTP servers


Options are :

  • False
  • True (Correct)

Answer : True

Hash injection attack allows attackers to inject a compromised hash into a local session and use
the hash to validate network resources


Options are :

  • False
  • True (Correct)

Answer : True

Operating System logs are most beneficial for Identifying or Investigating suspicious activities
involving a particular host. Which of the following Operating System logs contains information
about operational actions performed by OS components?


Options are :

  • IDS logs
  • Event logs (Correct)
  • Audit logs
  • Firewall logs

Answer : Event logs

ECCouncil 312-38 Network Security Administrator (ENSA) Exam Set 5

In what circumstances would you conduct searches without a warrant?


Options are :

  • None
  • Agents may search a place or object without a warrant if he suspect the crime was committed
  • Law enforcement agencies located in California under section SB 567 are authorized to seize computers without warrant under all circumstances
  • A search warrant is not required if the crime involves Denial-Of-Service attack over the Internet
  • When destruction of evidence is imminent, a warrantless seizure of that evidence is justified if there is probable cause to believe that the item seized constitutes evidence of criminal activity (Correct)

Answer : When destruction of evidence is imminent, a warrantless seizure of that evidence is justified if there is probable cause to believe that the item seized constitutes evidence of criminal activity

Smith, as a part his forensic investigation assignment, has seized a mobile device. He was askedto recover the Subscriber Identity Module (SIM card) data the mobile device. Smith found that theSIM was protected by a Personal identification Number (PIN) code but he was also aware that people generally leave the PIN numbers to the defaults or use easily guessable numbers such as 1234. He unsuccessfully tried three PIN numbers that blocked the SIM card. What Jason can do in this scenario to reset the PIN and access SIM data?


Options are :

  • He cannot access the SIM data in this scenario as the network operators or device manufacturers have no idea about a device PIN
  • He should again attempt PIN guesses after a time of 24 hours
  • He should contact the device manufacturer for a Temporary Unlock Code (TUK) to gain access to the SIM
  • He should ask the network operator for Personal Unlock Number (PUK) to gain access to the SIM (Correct)

Answer : He should ask the network operator for Personal Unlock Number (PUK) to gain access to the SIM

If the partition size Is 4 GB, each cluster will be 32 K. Even If a file needs only 10 K, the entire 32
K will be allocated, resulting In 22 K of___________.


Options are :

  • Cluster space
  • Deleted space
  • Sector space
  • Slack space (Correct)

Answer : Slack space

ECCouncil EC0-232 ec0-232 E-Commerce Architect Practice Exam Set 4

Which root folder (hive) of registry editor contains a vast array of configuration information for the
system, including hardware settings and software settings?


Options are :

  • HKEY_USERS
  • HKEY-CURRENT_CONFIG
  • HKEY_CURRENT_USER
  • HKEY_LOCAL_MACHINE (Correct)

Answer : HKEY_LOCAL_MACHINE

First responder is a person who arrives first at the crime scene and accesses the victim's
computer system after the incident. He or She is responsible for protecting, integrating, and
preserving the evidence obtained from the crime scene.
Which of the following is not a role of first responder?


Options are :

  • Package and transport the electronic evidence to forensics lab
  • Identify and analyze the crime scene
  • Prosecute the suspect in court of law (Correct)
  • Protect and secure the crime scene

Answer : Prosecute the suspect in court of law

Data compression involves encoding the data to take up less storage space and less bandwidth
for transmission. It helps in saving cost and high data manipulation in many business applications.
Which data compression technique maintains data integrity?


Options are :

  • Lossy compression
  • Lossless compression (Correct)
  • Speech encoding compression
  • Lossy video compression

Answer : Lossless compression

ECCouncil 412-79 Certified Security Analyst (ECSA) Exam Set 7

The need for computer forensics is highlighted by an exponential increase in the number of
cybercrimes and litigations where large organizations were involved. Computer forensics plays an
important role in tracking the cyber criminals. The main role of computer forensics is to:


Options are :

  • Harden organization perimeter security
  • Maximize the investigative potential by maximizing the costs
  • Document monitoring processes of employees of the organization
  • Extract, process, and interpret the factual evidence so that it proves the attacker's actions in the court (Correct)

Answer : Extract, process, and interpret the factual evidence so that it proves the attacker's actions in the court

Cyber-crime is defined as any Illegal act involving a gun, ammunition, or its applications.


Options are :

  • None of the above
  • True
  • False (Correct)

Answer : False

An attack vector is a path or means by which an attacker can gain access to computer or network
resources in order to deliver an attack payload or cause a malicious outcome.


Options are :

  • False
  • True (Correct)

Answer : True

ECCouncil 312-49 Computer Hacking Forensic Investigator Exam Set 9

Hard disk data addressing is a method of allotting addresses to each ___________of data on a
hard disk


Options are :

  • Physical block (Correct)
  • Logical block
  • Operating system block
  • Hard disk block

Answer : Physical block

Identify the attack from following sequence of actions?
Step 1: A user logs in to a trusted site and creates a new session
Step 2: The trusted site stores a session identifier for the session in a cookie in the web browser
Step 3: The user is tricked to visit a malicious site
Step 4: the malicious site sends a request from the user's browser using his session cookie


Options are :

  • Web Application Denial-of-Service (DoS) Attack
  • Hidden Field Manipulation Attack
  • Cross-Site Request Forgery (CSRF) Attack (Correct)
  • Cross-Site Scripting (XSS) Attacks

Answer : Cross-Site Request Forgery (CSRF) Attack

Which of the following commands shows you the username and IP address used to access the
system via a remote login session and the Type of client from which they are accessing the
system?


Options are :

  • Net config
  • Net share
  • Net file
  • Net sessions (Correct)

Answer : Net sessions

EC1-349 ECCouncil Computer Hacking Forensic Investigator Set 2

Dumpster Diving refers to:


Options are :

  • Searching for sensitive information in the user's trash bins and printer trash bins, and searching the user's desk for sticky notes (Correct)
  • Looking at either the user's keyboard or screen while he/she is logging in
  • Creating a set of dictionary words and names, and trying all the possible combinations to crack the password
  • Convincing people to reveal the confidential information

Answer : Searching for sensitive information in the user's trash bins and printer trash bins, and searching the user's desk for sticky notes

Which of the following Wi-Fi chalking methods refers to drawing symbols in public places to
advertise open Wi-Fi networks?


Options are :

  • WarWalking
  • WarFlying
  • WarChalking (Correct)
  • WarDhving

Answer : WarChalking

Centralized logging is defined as gathering the computer system logs for a group of systems in a
centralized location. It is used to efficiently monitor computer system logs with the frequency
required to detect security violations and unusual activity


Options are :

  • True (Correct)
  • False

Answer : True

Ever-changing advancement or mobile devices increases the complexity of mobile device
examinations. Which or the following is an appropriate action for the mobile forensic investigation?


Options are :

  • If the device's display is ON. the screen's contents should be photographed and, if necessary, recorded manually, capturing the time, service status, battery level, and other displayed icons (Correct)
  • If the phone is in a cradle or connected to a PC with a cable, then unplug the device from the computer
  • Do not wear gloves while handling cell phone evidence to maintain integrity of physical evidence
  • To avoid unwanted interaction with devices found on the scene, turn on any wireless interfaces such as Bluetooth and Wi-Fi radios

Answer : If the device's display is ON. the screen's contents should be photographed and, if necessary, recorded manually, capturing the time, service status, battery level, and other displayed icons

How do you define forensic computing?


Options are :

  • It is a methodology of guidelines that deals with the process of cyber investigation
  • It is the administrative and legal proceeding in the process of forensic investigation
  • It Is a preliminary and mandatory course necessary to pursue and understand fundamental principles of ethical hacking
  • It is the science of capturing, processing, and investigating data security incidents and making it acceptable to a court of law. (Correct)

Answer : It is the science of capturing, processing, and investigating data security i