ECCouncil 312-49v8 Computer Hacking Investigator Exam Set 4

Which of the following steganography types hides the secret message in a specifically designed pattern on the document that is unclear to the average reader?

Options are :

  • Technical steganography
  • Text semagrams steganography
  • Open code steganography (Correct)
  • Visual semagrams steganography

Answer : Open code steganography

ECCouncil 412-79v8 Certified Security Analyst (ECSA) Exam Set 3

What is a SCSI (Small Computer System Interface)?

Options are :

  • A "plug-and-play" interface, which allows a device to be added without an adapter card and without rebooting the computer
  • A point-to-point serial bi-directional interface for transmitting data between computer devices at data rates of up to 4 Gbps
  • A standard electronic interface used between a computer motherboard's data paths or bus and the computer's disk storage devices
  • A set of ANSI standard electronic interfaces that allow personal computers to communicate with peripheral hardware such as disk drives, tape drives. CD-ROM drives, printers, and scanners (Correct)

Answer : A set of ANSI standard electronic interfaces that allow personal computers to communicate with peripheral hardware such as disk drives, tape drives. CD-ROM drives, printers, and scanners

Consistency in the investigative report is more important than the exact format in the report to eliminate uncertainty and confusion.

Options are :

  • TRUE (Correct)

Answer : TRUE

Which table is used to convert huge word lists (i .e. dictionary files and brute-force lists) into password hashes?

Options are :

  • Database tables
  • Master file tables
  • Hash tables
  • Rainbow tables (Correct)

Answer : Rainbow tables

ECCouncil 412-79 Certified Security Analyst (ECSA) Exam Set 6

Which of the following would you consider an aspect of organizational security, especially focusing on IT security?

Options are :

  • Information copyright security
  • Security from frauds
  • Application security (Correct)
  • Biometric information security

Answer : Application security

When dealing with the powered-off computers at the crime scene, if the computer is switched off, turn it on

Options are :

  • FALSE (Correct)
  • TRUE

Answer : FALSE

You can interact with the Registry through intermediate programs. Graphical user interface (GUI) Registry editors such as Regedit.exe or Regedt32 exe are commonly used as intermediate programs in Windows 7. Which of the following is a root folder of the registry editor?

Options are :

  • HKEY_USERS (Correct)


ECCouncil EC0-479 Certified Security Analyst (ECSA) Exam Set 6

An expert witness is a witness, who by virtue of education, profession, or experience, is believed to have special knowledge of his/her subject beyond that of the average person, sufficient that others legally depend upon his/her opinion.

Options are :

  • False
  • True (Correct)

Answer : True

Windows Security Event Log contains records of login/logout activity or other securityrelated events specified by the system's audit policy. What does event ID 531 in Windows Security Event Log indicates?

Options are :

  • An attempt was made to log on with the user account outside of the allowed time
  • A user successfully logged on to a com
  • A logon attempt was made using a disabled account (Correct)
  • The logon attempt was made with an unknown user name or a known user name with a bad password

Answer : A logon attempt was made using a disabled account

Web applications provide an Interface between end users and web servers through a set of web pages that are generated at the server-end or contain script code to be executed dynamically within the client Web browser.

Options are :

  • TRUE (Correct)

Answer : TRUE

EC0-349 ECCouncil Computer Hacking Forensic Investigator Set 13

P0P3 (Post Office Protocol 3) is a standard protocol for receiving email that deletes mail on the server as soon as the user downloads it. When a message arrives, the POP3 server appends it to the bottom of the recipient's account file, which can be retrieved by the email client at any preferred time. Email client connects to the POP3 server at _______________by default to fetch emails.

Options are :

  • Port 110 (Correct)
  • Port 123
  • Port 109
  • Port 115

Answer : Port 110

First response to an incident may involve three different groups of people, and each will have differing skills and need to carry out differing tasks based on the incident. Who is responsible for collecting, preserving, and packaging electronic evidence?

Options are :

  • Local managers or other non-forensic staff
  • Forensic laboratory staff (Correct)
  • Lawyers
  • System administrators

Answer : Forensic laboratory staff

Jason, a renowned forensic investigator, is investigating a network attack that resulted in the compromise of several systems in a reputed multinational's network. He started Wireshark to capture the network traffic. Upon investigation, he found that the DNS packets travelling across the network belonged to a non-company configured IP. Which of the following attack Jason can infer from his findings

Options are :

  • Cookie Poisoning Attack
  • DNS Redirection
  • DNS Poisoning (Correct)
  • Session poisoning

Answer : DNS Poisoning

ECCouncil ECSS Certified Security Specialist Practice Exam Set 5

Wireless network discovery tools use two different methodologies to detect, monitor and log a WLAN device (i.e. active scanning and passive scanning). Active scanning methodology involves ____________and waiting for responses from available wireless network

Options are :

  • Broadcasting a probe request frame (Correct)
  • Inspecting WLAN and surrounding networks
  • Sniffing the packets from the airwave
  • Scanning the network

Answer : Broadcasting a probe request frame

Computer security logs contain information about the events occurring within an organization's systems and networks. Application and Web server log files are useful in detecting web attacks. The source, nature, and time of the attack can be determined by _________of the compromised system.

Options are :

  • Analyzing SAM file
  • Analyzing log file (Correct)
  • Analyzing rainbow tables
  • Analyzing hard disk boot records

Answer : Analyzing log file

Which of the following approaches checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or multiple fields?

Options are :

  • Rule-based approach
  • Automated field correlation approach (Correct)
  • Neural network-based approach
  • Graph-based approach

Answer : Automated field correlation approach

ECCouncil EC0-349 Computer Hack Forensic Investigator Exam Set 8

Which Is a Linux journaling file system?

Options are :

  • FAT
  • Ext3 (Correct)
  • BFS
  • HFS

Answer : Ext3

An intrusion detection system (IDS) gathers and analyzes information from within a computer or a network to identify any possible violations of security policy, including unauthorized access, as well as misuse. Which of the following intrusion detection systems audit events that occur on a specific host?

Options are :

  • Host-based intrusion detection (Correct)
  • Log file monitoring
  • File integrity checking
  • Network-based intrusion detection

Answer : Host-based intrusion detection

Which of the following statements is incorrect when preserving digital evidence?

Options are :

  • Remove the power cable depending on the power state of the computer i.e., in on. off, or in sleep mode
  • Document the actions and changes that you observe in the monitor, computer, printer, or in other peripherals
  • Verily if the monitor is in on, off, or in sleep mode
  • Turn on the computer and extract Windows event viewer log files (Correct)

Answer : Turn on the computer and extract Windows event viewer log files

EC0-479 EC-Council Certified Security Analyst Practice Exam Set 3

Log management includes all the processes and techniques used to collect, aggregate, and analyze computer-generated log messages. It consists of the hardware, software, network and media used to generate, transmit, store, analyze, and dispose of log data.

Options are :

  • True (Correct)
  • False

Answer : True

A rogue/unauthorized access point is one that Is not authorized for operation by a particular firm or network

Options are :

  • TRUE (Correct)
  • False

Answer : TRUE

When collecting evidence from the RAM, where do you look for data?

Options are :

  • Log file
  • Swap file (Correct)
  • Data file
  • SAM file

Answer : Swap file

ECCouncil 312-50 Certified Ethical Hacker Practical Exam Set 4

Data files from original evidence should be used for forensics analysis

Options are :

  • True
  • False (Correct)

Answer : False

Task list command displays a list of applications and services with their Process ID (PID) for all tasks running on either a local or a remote computer. Which of the following task list commands provides information about the listed processes, including the image name, PID, name, and number of the session for the process?

Options are :

  • tasklist/u
  • tasklist/p
  • tasklist/v (Correct)
  • tasklist/s

Answer : tasklist/v

MAC filtering is a security access control methodology, where a ___________ is assigned to each network card to determine access to the network

Options are :

  • 48-bit address (Correct)
  • 16-bit address
  • 32-bit address
  • 24-bit address

Answer : 48-bit address

EC0-349 Computer Hacking Forensic Investigator Exam Set 10

The status of the network interface cards (NICs) connected to a system gives information about whether the system is connected to a wireless access point and what IP address is being used. Which command displays the network configuration of the NICs on the system?

Options are :

  • ipconfig /all (Correct)
  • netstat
  • tasklist
  • net session

Answer : ipconfig /all

Attackers can manipulate variables that reference files with "dot-dot-slash (./)" sequences and their variations such as http://www.juggyDoy.corn/GET/process.php./././././././././ etc/passwd. Identify the attack referred.

Options are :

  • File injection
  • Directory traversal (Correct)
  • SQL Injection
  • XSS attack

Answer : Directory traversal

You have been given the task to investigate web attacks on a Windows-based server. Which of the following commands will you use to look at which sessions the machine has opened with other systems?

Options are :

  • Net use (Correct)
  • Net config
  • Net share
  • Net sessions

Answer : Net use

ECCouncil ECSS Certified Security Specialist Practice Exam Set 4

The Electronic Serial Number (ESN) is a unique __________ recorded on a secure chip in a mobile phone by the manufacturer.

Options are :

  • 64-bit identifier
  • 24-bit identifier
  • 32-bit identifier (Correct)
  • 16-bit identifier

Answer : 32-bit identifier

Data acquisition system is a combination of tools or processes used to gather, analyze and record Information about some phenomenon. Different data acquisition system are used depends on the location, speed, cost. etc. Serial communication data acquisition system is used when the actual location of the data is at some distance from the computer. Which of the following communication standard is used in serial communication data acquisition system?

Options are :

  • RS232 (Correct)
  • RS231
  • RS423
  • RS422

Answer : RS232

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions