100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
ECCouncil 312-49v10 Exam Practice Questions and Answers $12.49   Add to cart
Quickly navigate to
Preview
  2.  
  3. Prep Tests
  4.  
  5. Prep Tests

Exam (elaborations)

ECCouncil 312-49v10 Exam Practice Questions and Answers
 0 view  0 purchase
  • Course
  • Prep Tests
  • Institution
  • Prep Tests

ECCouncil 312-49v10 Exam Practice Questions and Answers When an investigator contacts by telephone the domain administrator or controller listed by a Who is lookup to request all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and obliga...

[Show more]

Preview 3 out of 25  pages

Document information

  • November 4, 2024
  • 25
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

  • eccouncil 312 49v10 exam practice questions and an

Written for

  • Prep Tests
  • Prep Tests

Seller

avatar-seller
KaylinHoffman

Content preview

Copyright © KAYLIN 2024/2025 ACADEMIC YEAR. ALL RIGHTS RESERVED FIRST PUBLISH NOVEMBER, 2024




ECCouncil 312-49v10 Exam Practice

Questions and Answers


When an investigator contacts by telephone the domain administrator or controller listed by a Who is

lookup to request all e-mails sent and received for a user account be preserved, what U.S.C. statute

authorizes this phone call and obligates the ISP to preserve e-mail records?




A. Title 18, Section 1030


B. Title 18, Section 2703(d)


C. Title 18, Section Chapter 90


D. Title 18, Section 2703(f) - ANSWER✔✔-D. Title 18, Section 2703(f)


How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?




A. 128


B. 64


C. 32


D. 16 - ANSWER✔✔-C. 32




Copyright ©Stuvia International BV 2010-2024 Page 1/25

,Copyright © KAYLIN 2024/2025 ACADEMIC YEAR. ALL RIGHTS RESERVED FIRST PUBLISH NOVEMBER, 2024


You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on

the primary hard drive. Which of the following formats correctly specifies these sectors?


A. 0:1000, 150


B. 0:1709, 150


C. 1:1709, 150


D. 0:1709-1858 - ANSWER✔✔-B. 0:1709, 150


A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker. Given below is an

excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by

studying the log. Please note that you are required to infer only what is explicit in the excerpt.(Note: The

student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection

concepts and the ability to read packet signatures from a sniff dump.)03/15-20:21:24.107053

211.185.125.124:3500 -> 172.16.1.108:111TCP TTL:43 TOS:0x0 ID:29726 IpLen:20 DgmLen:52

DF***A**** Seq: 0x9B6338C5 Ack: 0x5820ADD0 Win: 0x7D78 TcpLen: 32TCP Options (3) => NOP NOP

TS: 23678634 2878772

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=03/15-

20:21:24.452051 211.185.125.124:789 -> 172.16.1.103:111UDP TTL:43 TOS:0x0 ID:29733 IpLen:20

DgmLen:84Len: 64 -01 0A 8A 0A 00 00 00 00 00 00 00 02 00 01 - ANSWER✔✔-A. The attacker has

conducted a network sweep on port 111


You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB

storage area networks that store customer data. What method would be most efficient for you to

acquire digital evidence from this network?




Copyright ©Stuvia International BV 2010-2024 Page 2/25

, Copyright © KAYLIN 2024/2025 ACADEMIC YEAR. ALL RIGHTS RESERVED FIRST PUBLISH NOVEMBER, 2024


A. create a compressed copy of the file with DoubleSpace


B. create a sparse data copy of a folder or file


C. make a bit-stream disk-to-image file


D. make a bit-stream disk-to-disk file - ANSWER✔✔-C. make a bit-stream disk-to-image file


What file structure database would you expect to find on floppy disks?




A. NTFS


B. FAT32


C. FAT16


D. FAT12 - ANSWER✔✔-D. FAT12


With the standard Linux second extended file system (Ext2fs), a file is deleted when the inode internal

link count reaches ________.




A. 0


B. 10


C. 100


D. 1 - ANSWER✔✔-A. 0


Which part of the Windows Registry contains the user's password file?




Copyright ©Stuvia International BV 2010-2024 Page 3/25

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller KaylinHoffman. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $12.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

80461 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$12.49
  • (0)
  Add to cart