EC1-349 ECCouncil Computer Hacking Forensic Investigator Set 3

MAC filtering is a security access control methodology, where a ___________ is assigned to eachnetwork card to determine access to the network


Options are :

  • 48-bit address (Correct)
  • 24-bit address
  • 16-bit address
  • 32-bit address

Answer : 48-bit address

ECCouncil 712-50 Certified CISO (CCISO) Practice Exam Set 6

Task list command displays a list of applications and services with their Process ID (PID) for alltasks running on either a local or a remote computer.Which of the following task list commands provides information about the listed processes,including the image name, PID, name, and number of the session for the process?


Options are :

  • tasklist/u
  • tasklist/s
  • tasklist/p
  • tasklist/v (Correct)

Answer : tasklist/v

The Electronic Serial Number (ESN) is a unique __________ recorded on a secure chip in amobile phone by the manufacturer.


Options are :

  • 16-bit identifier
  • 64-bit identifier
  • 32-bit identifier (Correct)
  • 24-bit identifier

Answer : 32-bit identifier

When collecting evidence from the RAM, where do you look for data?


Options are :

  • Swap file (Correct)
  • Data file
  • Log file
  • SAM file

Answer : Swap file

ECCouncil 412-79 Certified Security Analyst (ECSA) Exam Set 5

Which of the following statements is incorrect when preserving digital evidence?


Options are :

  • Turn on the computer and extract Windows event viewer log files (Correct)
  • Remove the power cable depending on the power state of the computer i.e., in on. off, or in sleep mode
  • Document the actions and changes that you observe in the monitor, computer, printer, or in other peripherals
  • Verily if the monitor is in on, off, or in sleep mode

Answer : Turn on the computer and extract Windows event viewer log files

If a file (readme.txt) on a hard disk has a size of 2600 bytes, how many sectors are normallyallocated to this file?


Options are :

  • 5 Sectors
  • 4 Sectors
  • 6 Sectors (Correct)
  • 7 Sectors

Answer : 6 Sectors

Data files from original evidence should be used for forensics analysis


Options are :

  • True
  • False (Correct)

Answer : False

ECCouncil ECSS Certified Security Specialist Practice Exam Set 11

Which of the following steganography types hides the secret message in a specifically designedpattern on the document that is unclear to the average reader?


Options are :

  • Technical steganography
  • Text semagrams steganography
  • Visual semagrams steganography
  • Open code steganography (Correct)

Answer : Open code steganography

Which of the following approaches checks and compares all the fields systematically andintentionally for positive and negative correlation with each other to determine the correlationacross one or multiple fields?


Options are :

  • Graph-based approach
  • Rule-based approach
  • Neural network-based approach
  • Automated field correlation approach (Correct)

Answer : Automated field correlation approach

During first responder procedure you should follow all laws while collecting the evidence, andcontact a computer forensic examiner as soon as possible


Options are :

  • False
  • True (Correct)

Answer : True

ECCouncil EC1-349 Computer Hack Forensic Investigator Exam Set 3

Windows Security Event Log contains records of login/logout activity or other security-relatedevents specified by the system's audit policy. What does event ID 531 in Windows Security EventLog indicates?


Options are :

  • An attempt was made to log on with the user account outside of the allowed time
  • The logon attempt was made with an unknown user name or a known user name with a bad password
  • A logon attempt was made using a disabled account (Correct)
  • user successfully logged on to a computer

Answer : A logon attempt was made using a disabled account

An expert witness is a witness, who by virtue of education, profession, or experience, is believedto have special knowledge of his/her subject beyond that of the average person, sufficient thatothers legally depend upon his/her opinion.


Options are :

  • True (Correct)
  • False

Answer : True

Jason, a renowned forensic investigator, is investigating a network attack that resulted in thecompromise of several systems in a reputed multinational's network. He started Wireshark tocapture the network traffic. Upon investigation, he found that the DNS packets travelling acrossthe network belonged to a non-company configured IP. Which of the following attack Jason caninfer from his findings?


Options are :

  • Session poisoning
  • DNS Redirection
  • Cookie Poisoning Attack
  • DNS Poisoning (Correct)

Answer : DNS Poisoning

ECCouncil EC0-479 Certified Security Analyst (ECSA) Exam Set 5

Attackers can manipulate variables that reference files with "dot-dot-slash (./)" sequences andtheir variations such as http://www.juggyDoy.corn/GET/process.php./././././././././etc/passwd.Identify the attack referred.


Options are :

  • XSS attack
  • Directory traversal (Correct)
  • File injection
  • SQL Injection

Answer : Directory traversal

A rogue/unauthorized access point is one that Is not authorized for operation by a particular firm ornetwork


Options are :

  • True (Correct)
  • False

Answer : True

What is a SCSI (Small Computer System Interface)?


Options are :

  • A "plug-and-play" interface, which allows a device to be added without an adapter card and without rebooting the computer
  • A point-to-point serial bi-directional interface for transmitting data between computer devices at data rates of up to 4 Gbps
  • A set of ANSI standard electronic interfaces that allow personal computers to communicate with peripheral hardware such as disk drives, tape drives. CD-ROM drives, printers, and scanners (Correct)
  • A standard electronic interface used between a computer motherboard's data paths or bus and the computer's disk storage devices

Answer : A set of ANSI standard electronic interfaces that allow personal computers to communicate with peripheral hardware such as disk drives, tape drives. CD-ROM drives, printers, and scanners

ECCouncil 312-49v8 Computer Hacking Investigator Exam Set 6

Which of the following would you consider an aspect of organizational security, especially focusingon IT security?


Options are :

  • Security from frauds
  • Information copyright security
  • Application security (Correct)
  • Biometric information security

Answer : Application security

Data acquisition system is a combination of tools or processes used to gather, analyze and recordInformation about some phenomenon. Different data acquisition system are used depends on thelocation, speed, cost. etc. Serial communication data acquisition system is used when the actuallocation of the data is at some distance from the computer. Which of the following communicationstandard is used in serial communication data acquisition system?


Options are :

  • RS232 (Correct)
  • RS231
  • RS422
  • RS423

Answer : RS232

Which table is used to convert huge word lists (i .e. dictionary files and brute-force lists) intopassword hashes?


Options are :

  • Database tables
  • Rainbow tables (Correct)
  • Hash tables
  • Master file tables

Answer : Rainbow tables

ECCouncil EC0-232 ec0-232 E-Commerce Architect Practice Exam Set 6

Computer security logs contain information about the events occurring within an organization'ssystems and networks. Application and Web server log files are useful in detecting web attacks.The source, nature, and time of the attack can be determined by _________of the compromisedsystem.


Options are :

  • Analyzing rainbow tables
  • Analyzing SAM file
  • Analyzing log files (Correct)
  • Analyzing hard disk boot records

Answer : Analyzing log files

First response to an incident may involve three different groups of people, and each will havediffering skills and need to carry out differing tasks based on the incident. Who is responsible forcollecting, preserving, and packaging electronic evidence?


Options are :

  • Local managers or other non-forensic staff
  • Lawyers
  • System administrators
  • Forensic laboratory staff (Correct)

Answer : Forensic laboratory staff

Buffer Overflow occurs when an application writes more data to a block of memory, or buffer, thanthe buffer is allocated to hold. Buffer overflow attacks allow an attacker to modify the_______________in order to control the process execution, crash the process and modify internalvariables.


Options are :

  • Target SAM file
  • Target remote access
  • Target rainbow table
  • Target process's address space (Correct)

Answer : Target process's address space

ECCouncil ECSS Certified Security Specialist Practice Exam Set 8

At the time of evidence transfer, both sender and receiver need to give the information about dateand time of transfer in the chain of custody record.


Options are :

  • True (Correct)
  • False

Answer : True

File signature analysis involves collecting information from the __________ of a file to determinethe type and function of the file


Options are :

  • First 30 bytes
  • First 40 bytes
  • First 10 bytes
  • First 20 bytes (Correct)

Answer : First 20 bytes

Syslog is a client/server protocol standard for forwarding log messages across an IP network.Syslog uses ___________to transfer log messages in a clear text format.


Options are :

  • TCP (Correct)
  • SMTP
  • POP
  • FTP

Answer : TCP

EC-Council Certified Security Analyst (ECSA) Exams 2019 Set 6

Which of the following is not a part of the technical specification of the laboratory-based imagingsystem?


Options are :

  • High performance workstation PC
  • Anti-repudiation techniques
  • Remote preview and imaging pod
  • very low image capture rate (Correct)

Answer : very low image capture rate

Which one of the following is not a consideration in a forensic readiness planning checklist?


Options are :

  • Define the business states that need digital evidence
  • Take permission from all employees of the organization (Correct)
  • Identify the potential evidence available
  • Decide the procedure for securely collecting the evidence that meets the requirement fn a forensically sound manner

Answer : Take permission from all employees of the organization

Computer security logs contain information about the events occurring within an organization'ssystems and networks. Which of the following security logs contains Logs of network and hostbasedsecurity software?


Options are :

  • Operating System (OS) logs
  • Audit logs
  • Security software logs (Correct)
  • Application logs

Answer : Security software logs

ECCouncil EC0-349 Computer Hack Forensic Investigator Exam Set 2

Which of the following is not correct when documenting an electronic crime scene?


Options are :

  • Document related electronic components that are difficult to find
  • Document the physical scene, such as the position of the mouse and the location of components near the system
  • Record the condition of the computer system, storage media, electronic devices and conventional evidence, including power status of the computer
  • Write down the color of shirt and pant the suspect was wearing (Correct)

Answer : Write down the color of shirt and pant the suspect was wearing

You should always work with original evidence


Options are :

  • False (Correct)
  • True

Answer : False

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions