Pass Authentic EC-COUNCIL 312-49v10 with Free Practice Tests and Exam Dumps
New 312-49v10 Exam Questions Real EC-COUNCIL Dumps
EC-COUNCIL 312-49v10 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
NEW QUESTION 225
Which code does the FAT file system use to mark the file as deleted?
- A. 5EH
- B. E5H
- C. ESH
- D. H5E
Answer: B
NEW QUESTION 226
In which of these attacks will a steganalyst use a random message to generate a stego-object by using some steganography tool, to find the steganography algorithm used to hide the information?
- A. Chosen-message attack
- B. Known-message attack
- C. Known-cover attack
- D. Known-stego attack
Answer: A
NEW QUESTION 227
Which of the following Registry components include offsets to other cells as well as the LastWrite time for the key?
- A. Value cell
- B. Key cell
- C. Security descriptor cell
- D. Value list cell
Answer: B
NEW QUESTION 228
A picture file is recovered from a computer under investigation. During the investigation process, the file is enlarged 500% to get a better view of its contents. The picture quality is not degraded at all from this process. What kind of picture is this file. What kind of picture is this file?
- A. Catalog image
- B. Raster image
- C. Metafile image
- D. Vector image
Answer: D
NEW QUESTION 229
In Windows, prefetching is done to improve system performance. There are two types of prefetching: boot prefetching and application prefetching. During boot prefetching, what does the Cache Manager do?
- A. Checks whether the data is processed
- B. Monitors the first 10 seconds after the process is started
- C. Determines the data associated with value EnablePrefetcher
- D. Checks hard page faults and soft page faults
Answer: A
NEW QUESTION 230
MAC filtering is a security access control methodology, where a ___________ is assigned to each network card to determine access to the network.
- A. 48-bit address
- B. 32-bit address
- C. 24-bit address
- D. 16-bit address
Answer: A
NEW QUESTION 231
What is the role of Alloc.c in Apache core?
- A. It handles allocation of resource pools
- B. It is useful for reading and handling of the configuration files
- C. It handles server start-ups and timeouts
- D. It takes care of all the data exchange and socket connections between the client and the server
Answer: A
NEW QUESTION 232
John is working on his company policies and guidelines. The section he is currently working on covers company documents; how they should be handled, stored, and eventually destroyed. John is concerned about the process whereby outdated documents are destroyed. What type of shredder should John write in the guidelines to be used when destroying documents?
- A. Cross-cut shredder
- B. Cross-hatch shredder
- C. Cris-cross shredder
- D. Strip-cut shredder
Answer: A
NEW QUESTION 233
When marking evidence that has been collected with the "aaa/ddmmyy/nnnn/zz" format, what does the "nnnn" denote?
- A. The sequence number for the parts of the same exhibit
- B. The initials of the forensics analyst
- C. The sequential number of the exhibits seized by the analyst
- D. The year he evidence was taken
Answer: C
NEW QUESTION 234
Printing under a Windows Computer normally requires which one of the following files types to be created?
- A. EMF
- B. MEM
- C. EME
- D. CME
Answer: A
NEW QUESTION 235
In the context of file deletion process, which of the following statement holds true?
- A. The longer a disk is in use, the less likely it is that deleted files will be overwritten
- B. Secure delete programs work by completely overwriting the file in one go
- C. When files are deleted, the data is overwritten and the cluster marked as available
- D. While booting, the machine may create temporary files that can delete evidence
Answer: D
NEW QUESTION 236
In the following directory listing,
Which file should be used to restore archived email messages for someone using Microsoft Outlook?
- A. Outlook ost
- B. Outlook pst
- C. Outlook NK2
- D. Outlook bak
Answer: B
NEW QUESTION 237
Which of the following statements is incorrect when preserving digital evidence?
- A. Turn on the computer and extract Windows event viewer log files
- B. Document the actions and changes that you observe in the monitor, computer, printer, or in other peripherals
- C. Verify if the monitor is in on, off, or in sleep mode
- D. Remove the plug from the power router or modem
Answer: A
NEW QUESTION 238
Which of the following files stores information about local Dropbox installation and account, email IDs linked with the account, current version/build for the local application, the host_id, and local path information?
- A. host.db
- B. sigstore.db
- C. filecache.db
- D. config.db
Answer: D
NEW QUESTION 239
Which command line tool is used to determine active network connections?
- A. netstat
- B. netsh
- C. nbstat
- D. nslookup
Answer: A
NEW QUESTION 240
During an investigation, an employee was found to have deleted harassing emails that were sent to someone else. The company was using Microsoft Exchange and had message tracking enabled. Where could the investigator search to find the message tracking log file on the Exchange server?
- A. C:\Exchsrvr\Message Tracking\servername.log
- B. C:\Program Files\Exchsrvr\servername.log
- C. D:\Exchsrvr\Message Tracking\servername.log
- D. C:\Program Files\Microsoft Exchange\srvr\servername.log
Answer: B
NEW QUESTION 241
......
312-49v10 Exam Info and Free Practice Test Professional Quiz Study Materials: https://www.actualvce.com/EC-COUNCIL/312-49v10-valid-vce-dumps.html
Course 2022 312-49v10 Test Prep Training Practice Exam Download: https://drive.google.com/open?id=1xXopQVBoB3bMMOuXWzgvE5P1QMPYww0d