検証済みの312-49v9試験問題集PDF[2022年最新] 成功の秘訣はここにある
ベストを体験せよ!312-49v9試験問題トレーニングを提供していますJPNTest
EC-COUNCIL 312-49v9 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
質問 12
Lynne receives the following email:
Dear [email protected]! We are sorry to inform you that your ID has been temporarily frozen due to incorrect or missing information saved at 2016/11/10 20:40:24 You have 24 hours to fix this problem or risk to be closed permanently!
To proceed Please Connect >> My Apple ID
Thank You The link to My Apple ID shows http://byggarbetsplatsen.se/backup/signon/ What type of attack is this?
- A. Phishing
- B. Email Spamming
- C. Email Spoofing
- D. Mail Bombing
正解: A
質問 13
Gill is a computer forensics investigator who has been called upon to examine a seized computer. This computer, according to the police, was used by a hacker who gained access to numerous banking institutions to steal customer information. After preliminary investigations, Gill finds in the computer's log files that the hacker was able to gain access to these banks through the use of Trojan horses. The hacker then used these Trojan horses to obtain remote access to the companies' domain controllers. From this point, Gill found that the hacker pulled off the SAM files from the domain controllers to then attempt and crack network passwords. What is the most likely password cracking technique used by this hacker to break the user passwords from the SAM files?
- A. Hybrid attack
- B. Syllable attack
- C. Dictionary attack
- D. Brute force attack
正解: C
質問 14
Which of the following refers to the process of the witness being questioned by the attorney who called the latter to the stand?
- A. Witness Authentication
- B. Expert Witness
- C. Direct Examination
- D. Cross Questioning
正解: C
質問 15
You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?
- A. 0:1000, 150
- B. 0:1709, 150
- C. 1:1709, 150
- D. 0:1709-1858
正解: B
解説:
DriveSpy can except two different formats:
Drive #:Start Sector, # Sectors
Drive#:Start Sector-Absolute End Sector.
Drive # is zero based
Both Answer B and D would appear correct, and both formats are valid.
質問 16
Jessica works as systems administrator for a large electronics firm. She wants to scan her network quickly to detect live hosts by using ICMP ECHO Requests. What type of scan is Jessica going to perform?
- A. Smurf scan
- B. Ping trace
- C. ICMP ping sweep
- D. Tracert
正解: C
質問 17
Who is responsible for the following tasks?
- A. System administrators
- B. Non-forensics staff
- C. Lawyers
- D. Local managers or other non-forensic staff
正解: B
質問 18
Harold wants to set up a firewall on his network but is not sure which one would be the most appropriate. He knows he needs to allow FTP traffic to one of the servers on his network, but he wants to only allow FTP-PUT. Which firewall would be most appropriate for Harold? needs?
- A. Application-level proxy firewall
- B. Data link layer firewall
- C. Packet filtering firewall
- D. Circuit-level proxy firewall
正解: A
質問 19
Sniffers that place NICs in promiscuous mode work at what layer of the OSI model?
- A. Network
- B. Data Link
- C. Transport
- D. Physical
正解: D
質問 20
When marking evidence that has been collected with the "aaa/ddmmyy/nnnn/zz" format, what does the "nnnn" denote?
- A. The sequence number for the parts of the same exhibit
- B. The initials of the forensics analyst
- C. The sequential number of the exhibits seized by the analyst
- D. The year he evidence was taken
正解: C
質問 21
You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation.
Your job is to complete the required evidence custody forms to properly document each piece of evidence as it is collected by other members of your team. Your manager instructs you to complete one multi-evidence form for the entire case and a single-evidence form for each hard drive. How will these forms be stored to help preserve the chain of custody of the case?
- A. The multi-evidence form should be placed in an approved secure container with the hard drives and the single-evidence forms should be placed in the report file.
- B. The multi-evidence form should be placed in the report file and the single-evidence forms should be kept with each hard drive in an approved secure container.
- C. All forms should be placed in an approved secure container because they are now primary evidence in the case.
- D. All forms should be placed in the report file because they are now primary evidence in the case.
正解: B
質問 22
An Internet standard protocol (built on top of TCP/IP) that assures accurate synchronization to the millisecond of computer clock times in a network of computers. Which of the following statement is true for NTP Stratum Levels?
- A. Stratum-1 time server is linked over a network path to a reliable source of UTC time such as GPS, WWV, or CDMA transmissions
- B. Stratum-0 servers are used on the network; they are not directly connected to computers which then operate as stratum-1 servers
- C. A stratum-3 server gets its time over a network link, via NTP, from a stratum-2 server, and so on
- D. A stratum-2 server is directly linked (not over a network path) to a reliable source of UTC time such as GPS, WWV, or CDMA transmissions
正解: C
質問 23
What is the default IIS log location?
- A. %SystemDrive%\inetpub\logs\LogFiles
- B. SystemDrive\logs\LogFiles
- C. SystemDrive\inetpub\LogFiles
- D. %SystemDrive\logs\LogFiles
正解: A
質問 24
The rule of thumb when shutting down a system is to pull the power plug. However, it has certain drawbacks.
Which of the following would that be?
- A. All running processes will be lost
- B. The /tmp directory will be flushed
- C. Any data not yet flushed to the system will be lost
- D. Power interruption will corrupt the pagefile
正解: C
質問 25
What does the superblock in Linux define?
- A. available space
- B. file synames
- C. disk geometr
- D. location of the first inode
正解: D
質問 26
What operating system would respond to the following command?
- A. Windows XP
- B. FreeBSD
- C. Mac OS X
- D. Windows 95
正解: B
質問 27
Which among the following search warrants allows the first responder to get the victim's computer information such as service records, billing records, and subscriber information from the service provider?
- A. Electronic Storage Device Search Warrant
- B. Service Provider Search Warrant
- C. IT Bench Search Warrant
- D. Citizen Informant Search Warrant
正解: B
質問 28
%3cscript%3ealert("XXXXXXXX")%3c/script%3e is a script obtained from a Cross-Site Scripting attack. What type of encoding has the attacker employed?
- A. Hex encoding
- B. Unicode
- C. Base64
- D. Double encoding
正解: A
質問 29
NTFS sets a flag for the file once you encrypt it and creates an EFS attribute where it stores Data Decryption Field (DDF) and Data Recovery Field (DDR). Which of the following is not a part of DDF?
- A. EFS Certificate Hash
- B. Checksum
- C. Container Name
- D. Encrypted FEK
正解: B
質問 30
What is the location of the binary files required for the functioning of the OS in a Linux system?
- A. /run
- B. /root
- C. /sbin
- D. /bin
正解: D
質問 31
Which legal document allows law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime?
- A. search warrant
- B. bench warrant
- C. wire tap
- D. subpoena
正解: A
質問 32
......
最新の100%合格保証付きの素晴らしい312-49v9試験問題PDF:https://www.jpntest.com/shiken/312-49v9-mondaishu