Simulation EC-Council 312-49v9 Actual Test Online

It is impossible to pass EC-Council 312-49v9 exam without any help in the short term. Come to Examcollection soon and find the most advanced, correct and guaranteed EC-Council 312-49v9 practice questions. You will get a surprising result by our Renewal ECCouncil Computer Hacking Forensic Investigator (V9) practice guides.

Check 312-49v9 free dumps before getting the full version:


How many possible sequence number combinations are there in TCP/IP protocol?

  • A. 320 billion
  • B. 1 billion
  • C. 4 billion
  • D. 32 million

Answer: C


Michael works for Kimball Construction Company as senior security analyst. As part of yearly security audit, Michael scans his network for vulnerabilities. Using Nmap, Michael conducts XMAS scan and most of the ports scanned do not give a response. In what state are these ports?

  • A. Filtered
  • B. Closed
  • C. Open
  • D. Stealth

Answer: C


You are working on a thesis for your doctorate degree in Computer Science. Your thesis is based on HTML, DHTML, and other web-based languages and how they have evolved over the years. You navigate to archive. org and view the HTML code of You then navigate to the current website and copy over the source code. While searching through the code, you come across something abnormal: What have you found?

  • A. Web bug
  • B. CGI code
  • C. Trojan.downloader
  • D. Blind bug

Answer: A


After attending a CEH security seminar, you make a list of changes you would like to perform on your network to increase its security. One of the first things you change is to switch the RestrictAnonymous setting from 0 to 1 on your servers. This, as you were told, would prevent anonymous users from establishing a null session on the server. Using Userinfo tool mentioned at the seminar, you succeed in establishing a null session with one of the servers. Why is that?

  • A. RestrictAnonymous must be set to "2" for complete security
  • B. There is no way to always prevent an anonymous null session from establishing
  • C. RestrictAnonymous must be set to "10" for complete security
  • D. RestrictAnonymous must be set to "3" for complete security

Answer: A


Wireless network discovery tools use two different methodologies to detect, monitor and log a WLAN device (i.e. active scanning and passive scanning). Active scanning methodology involves ____ and waiting for responses from available wireless networks.

  • A. Broadcasting a probe request frame
  • B. Sniffing the packets from the airwave
  • C. Scanning the network
  • D. Inspecting WLAN and surrounding networks

Answer: A


What happens when a file is deleted by a Microsoft operating system using the FAT file system?

  • A. The file is erased and cannot be recovered
  • B. The file is erased but can be recovered partially
  • C. A copy of the file is stored and the original file is erased
  • D. Only the reference to the file is removed from the FAT and can be recovered

Answer: D


Computer security logs contain information about the events occurring within an organization's systems and networks. Application and Web server log files are useful in detecting web attacks. The source, nature, and time of the attack can be determined by ____ of the compromised system.

  • A. Analyzing log files
  • B. Analyzing SAM file
  • C. Analyzing rainbow tables
  • D. Analyzing hard disk boot records

Answer: A


Why is it a good idea to perform a penetration test from the inside?

  • A. It is never a good idea to perform a penetration test from the inside
  • B. It is easier to hack from the inside
  • C. Because 70% of attacks are from inside the organization
  • D. To attack a network from a hacker's perspective

Answer: C


You should make at least how many bit-stream copies of a suspect drive?

  • A. 1
  • B. 2
  • C. 3
  • D. 4

Answer: B


What type of attack sends SYN requests to a target system with spoofed IP addresses?

  • A. SYN flood
  • B. Ping of death
  • C. Cross site scripting
  • D. Land

Answer: A


Under no circumstances should anyone, with the exception of qualified computer forensics personnel, make any attempts to restore or recover information from a computer system or device that holds electronic information.

  • A. True
  • B. False

Answer: A


What is a chain of custody?

  • A. A legal document that demonstrates the progression of evidence as it travels from the original evidence location to the forensic laboratory
  • B. It is a search warrant that is required for seizing evidence at a crime scene
  • C. It Is a document that lists chain of windows process events
  • D. Chain of custody refers to obtaining preemptive court order to restrict further damage of evidence in electronic seizures

Answer: A


You are called by an author who is writing a book and he wants to know how long the copyright for his book will last after he has the book published?

  • A. 70 years
  • B. The life of the author
  • C. The life of the author plus 70 years
  • D. Copyrights last forever

Answer: C


How many sectors will a 125 KB file use in a FAT32 file system?

  • A. 32
  • B. 16
  • C. 250
  • D. 25

Answer: C

If you assume that we are using 512 bytes sectors, then 125x1024/512 = 250 sectors would be needed.
Actually, this is the same for a FAT16 file system as well.


One technique for hiding information is to change the file extension from the correct one to one that might not be noticed by an investigator. For example, changing a
.jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?

  • A. the File Allocation Table
  • B. the file header
  • C. the file footer
  • D. the sector map

Answer: B


What is considered a grant of a property right given to an individual who discovers or invents a new machine, process, useful composition of matter or manufacture?

  • A. Copyright
  • B. Design patent
  • C. Trademark
  • D. Utility patent

Answer: D


You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?

  • A. 0:1000, 150
  • B. 0:1709, 150
  • C. 1:1709, 150
  • D. 0:1709-1858

Answer: B

DriveSpy can except two different formats: Drive #:Start Sector, # Sectors Drive#:Start Sector-Absolute End Sector. Drive # is zero based
Both Answer B and D would appear correct, and both formats are valid.


Windows identifies which application to open a file with by examining which of the following?

  • A. The File extension
  • B. The file attributes
  • C. The file Signature at the end of the file
  • D. The file signature at the beginning of the file

Answer: A


What TCP/UDP port does the toolkit program netstat use?

  • A. Port 7
  • B. Port 15
  • C. Port 23
  • D. Port 69

Answer: B


When monitoring for both intrusion and security events between multiple computers, it is essential that the computers' clocks are synchronized. Synchronized time allows an administrator to reconstruct what took place during an attack against multiple computers. Without synchronized time, it is very difficult to determine exactly when specific events took place, and how events interlace. What is the name of the service used to synchronize time
among multiple computers?

  • A. Time-Sync Protocol
  • B. SyncTime Service
  • C. Network Time Protocol
  • D. Universal Time Set

Answer: C


An investigator is searching through the firewall logs of a company and notices ICMP packets that are larger than 65,536 bytes. What type of activity is the investigator seeing?

  • A. Smurf
  • B. Ping of death
  • C. Fraggle
  • D. Nmap scan

Answer: B


A(n) ____ is one that’s performed by a computer program rather than the attacker manually performing the steps in the attack sequence.

  • A. blackout attack
  • B. automated attack
  • C. distributed attack
  • D. central processing attack

Answer: B


Jason is the security administrator of ACMA metal Corporation. One day he notices the company's Oracle database server has been compromised and the customer information along with financial data has been stolen. The financial loss will be in millions of dollars if the database gets into the hands of the competitors. Jason wants to report this crime to the law enforcement agencies immediately. Which organization coordinates computer crimes investigations throughout the United States?

  • A. Internet Fraud Complaint Center
  • B. Local or national office of the U.
  • C. Secret Service
  • D. National Infrastructure Protection Center
  • E. CERT Coordination Center

Answer: B


Cyber-crime is defined as any Illegal act involving a gun, ammunition, or its applications.

  • A. True
  • B. False

Answer: B


Heather, a computer forensics investigator, is assisting a group of investigators working on a large computer fraud case involving over 20 people. These 20 people, working in different offices, allegedly siphoned off money from many different client accounts. Heather responsibility is to findThese 20 people, working in different offices, allegedly siphoned off money from many different client accounts. Heather? responsibility is to find out how the accused people communicated between each other. She has searched their email and their computers and has not found any useful evidence. Heather then finds some possibly useful evidence under the desk of one of the accused. In an envelope she finds a piece of plastic with numerous holes cut out of it. Heather then finds the same exact piece of plastic with holes at many of the other accused peoples?desks. Heather believes that the 20 people involved in the case were using a cipher to send secret messages in between each other. What type of cipher was used by the accused in this case?

  • A. Grill cipher
  • B. Null cipher
  • C. Text semagram
  • D. Visual semagram

Answer: A


You are working as a computer forensics investigator for a corporation on a computer abuse case. You discover evidence that shows the subject of your investigation is also embezzling money from the company. The company CEO and the corporate legal counsel advise you to contact local law enforcement and provide them with the evidence that you have found. The law enforcement officer that responds requests that you put a network sniffer on your network and monitor all traffic to the subject computer. You inform the officer that you will not be able to comply with thatnetwork sniffer on your network and monitor all
traffic to the subject? computer. You inform the officer that you will not be able to comply with that request because doing so would:

  • A. Violate your contract
  • B. Cause network congestion
  • C. Make you an agent of law enforcement
  • D. Write information to the subject hard driveWrite information to the subject? hard drive

Answer: C


Thanks for reading the newest 312-49v9 exam dumps! We recommend you to try the PREMIUM 312-49v9 dumps in VCE and PDF here: (209 Q&As Dumps)