NEW 2021 Certification Sample Questions 312-49 Dumps & Practice Exam [Q17-Q39]

NEW 2021 Certification Sample Questions 312-49 Dumps & Practice Exam

312-49 Deluxe Study Guide with Online Test Engine

NEW QUESTION 17
In the following email header, where did the email first originate from?

• A. Somedomain.com
• B. Simon1.state.ok.gov.us
• C. David1.state.ok.gov.us
• D. Smtp1.somedomain.com

Answer: B

 

NEW QUESTION 18
You setup SNMP in multiple offices of your company. Your SNMP software manager is not receiving data from other offices like it is for your main office. You suspect that firewall changes are to blame. What ports should you open for SNMP to work through Firewalls? (Choose two.)

• A. 0
• B. 1
• C. 2
• D. 3

Answer: A,C

 

NEW QUESTION 19
Madison is on trial for allegedly breaking into her university internal network. The police raided her dorm room and seized all of her computer equipment. Madison lawyer is trying to convince the judge that the seizure was unfounded and baseless. Under which US Amendment is Madison lawyer trying to prove the police violated?

• A. The 5th Amendment
• B. The 4th Amendment
• C. The 10th Amendment
• D. The 1st Amendment

Answer: B

 

NEW QUESTION 20
After passing her CEH exam, Carol wants to ensure that her network is completely secure. She implements a DMZ, stateful firewall, NAT, IPSEC, and a packet filtering firewall. Since all security measures were taken, none of the hosts on her network can reach the Internet. Why is that?

• A. Stateful firewalls do not work with packet filtering firewalls
• B. IPSEC does not work with packet filtering firewalls
• C. NAT does not work with stateful firewalls
• D. NAT does not work with IPSEC

Answer: D

 

NEW QUESTION 21
You are running through a series of tests on your network to check for any security vulnerabilities.
After normal working hours, you initiate a DoS attack against your external firewall. The firewall Quickly freezes up and becomes unusable. You then initiate an FTP connection from an external IP into your internal network.
The connection is successful even though you have FTP blocked at the external firewall. What has happened?

• A. The firewall ACL has been purged
• B. The firewall failed-bypass
• C. The firewall failed-open
• D. The firewall failed-closed

Answer: C

 

NEW QUESTION 22
Smith, as a part his forensic investigation assignment, seized a mobile device. He was asked to recover the Subscriber Identity Module (SIM card) data in the mobile device. Smith found that the SIM was protected by a Personal Identification Number (PIN) code, but he was also aware that people generally leave the PIN numbers to the defaults or use easily guessable numbers such as 1234. He made three unsuccessful attempts, which blocked the SIM card. What can Jason do in this scenario to reset the PIN and access SIM data?

• A. He should contact the network operator for a Temporary Unlock Code (TUK)
• B. He should contact the network operator for Personal Unlock Number (PUK)
• C. He can attempt PIN guesses after 24 hours
• D. Use system and hardware tools to gain access

Answer: B

Explanation:
Explanation/Reference:

 

NEW QUESTION 23
What will the following command accomplish?

• A. Test the ability of a router to handle fragmented packets
• B. Test the ability of a router to handle under-sized packets
• C. Test ability of a router to handle over-sized packets
• D. Test the ability of a WLAN to handle fragmented packets

Answer: C

 

NEW QUESTION 24
Jason is the security administrator of ACMA metal Corporation. One day he notices the company's Oracle database server has been compromised and the customer information along with financial data has been stolen. The financial loss will be in millions of dollars if the database gets into the hands of the competitors.
Jason wants to report this crime to the law enforcement agencies immediately.
Which organization coordinates computer crimes investigations throughout the United States?

• A. Internet Fraud Complaint Center
• B. National Infrastructure Protection Center
• C. CERT Coordination Center
• D. Local or national office of the U.S. Secret Service

Answer: D

 

NEW QUESTION 25
What will the following Linux command accomplish?
dd if=/dev/mem of=/home/sam/mem.bin bs=1024

• A. Copy the master boot record to a file
• B. Copy the running memory to a file
• C. Copy the contents of the system folder to a file
• D. Copy the memory dump file to an image file

Answer: B

 

NEW QUESTION 26
The Apache server saves diagnostic information and error messages that it encounters while processing requests. The default path of this file is usr/local/apache/logs/error.log in Linux. Identify the Apache error log from the following logs.

• A. [Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1] client denied by server configuration: /export/home/ live/ap/htdocs/test
• B. 127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700]"GET /apache_pb.gif HTTP/1.0" 200 2326
• C. 127.0.0.1 - - [10/Apr/2007:10:39:11 +0300] ] [error] "GET /apache_pb.gif HTTP/1.0" 200 2326
• D. http://victim.com/scripts/..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..% c0%af../..
  %c0%af../winnt/system32/cmd.exe?/c+dir+C:\Winnt\system32\Logfiles\W3SVC1

Answer: A

 

NEW QUESTION 27
Which MySQL log file contains information on server start and stop?

• A. Binary log
• B. Error log file
• C. Slow query log file
• D. General query log file

Answer: B

 

NEW QUESTION 28
Which command line tool is used to determine active network connections?

• A. netstat
• B. nslookup
• C. nbstat
• D. netsh

Answer: A

 

NEW QUESTION 29
Why would you need to find out the gateway of a device when investigating a wireless attack?

• A. The gateway will be the IP used to manage the access point
• B. The gateway will be the IP of the attacker computer
• C. The gateway will be the IP of the proxy server used by the attacker to launch the attack
• D. The gateway will be the IP used to manage the RADIUS server

Answer: A

 

NEW QUESTION 30
Watson, a forensic investigator, is examining a copy of an ISO file stored in CDFS format. What type of evidence is this?

• A. Data from a CD copied using Windows
• B. Data from a CD copied using Mac-based system
• C. Data from a DVD copied using Windows system
• D. Data from a CD copied using Linux system

Answer: A

 

NEW QUESTION 31
When operating systems mark a cluster as used but not allocated, the cluster is considered as _________

• A. Bad
• B. Corrupt
• C. Unallocated
• D. Lost

Answer: D

 

NEW QUESTION 32
You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud by printing cheques that have not been authorized. You have exhaustively searched all data files on a bitmap image of the target computer, but have found no evidence. You suspect the files may not have been saved. What should you examine next in this case?

• A. The metadata
• B. The registry
• C. The swapfile
• D. The recycle bin

Answer: C

 

NEW QUESTION 33
An employee is attempting to wipe out data stored on a couple of compact discs (CDs) and digital video discs (DVDs) by using a large magnet. You inform him that this method will not be effective in wiping out the data because CDs and DVDs are _________ media used to store large amounts of data and are not affected by the magnet.

• A. Optical
• B. Anti-Magnetic
• C. Logical
• D. Magnetic

Answer: A

 

NEW QUESTION 34
An Expert witness give an opinion if:

• A. To stimulate discussion between the consulting expert and the expert witness
• B. To define the issues of the case for determination by the finder of fact
• C. The Opinion, inferences or conclusions depend on special knowledge, skill or training not within the ordinary experience of lay jurors
• D. To deter the witness form expanding the scope of his or her investigation beyond the requirements of the case

Answer: C

 

NEW QUESTION 35
Steven has been given the task of designing a computer forensics lab for the company he works for. He has found documentation on all aspects of how to design a lab except the number of exits needed. How many exits should Steven include in his design for the computer forensics lab?

• A. Two
• B. One
• C. Three
• D. Four

Answer: B

 

NEW QUESTION 36
Data is striped at a byte level across multiple drives, and parity information is distributed among all member drives.

What RAID level is represented here?

• A. RAID Level 0
• B. RAID Level 1
• C. RAID Level 5
• D. RAID Level 3

Answer: C

 

NEW QUESTION 37
When a file is deleted by Windows Explorer or through the MS-DOS delete command, the operating system inserts _______________ in the first letter position of the filename in the FAT database.

• A. A Blank Space
• B. The Underscore Symbol
• C. A Capital X
• D. The lowercase Greek Letter Sigma (s)

Answer: D

 

NEW QUESTION 38
On an Active Directory network using NTLM authentication, where on the domain controllers are the passwords stored?

• A. Password.conf
• B. SAM
• C. Shadow file
• D. AMS

Answer: B

 

NEW QUESTION 39
......

Concluding Thoughts

To conclude, the modern IT world is linked to just about any job role you can imagine. Apart from playing a key role in mitigating security threats through the Certified Ethical Hacker (CEH) training, the EC-Council is also keen to produce qualified individuals who can help with extracting evidence as far as the forensic investigation goes. And that’s the basis of the Computer Hacking Forensic Investigator (CHFI) certificate and 312-49 test. Getting this certification should be a no-brainer if you are eager to work with the police, military personnel, government agencies, or legal professionals to counter the effects of the dreaded cybercrimes.

 

312-49 dumps review - Professional Quiz Study Materials: https://www.validvce.com/312-49-exam-collection.html

312-49 Test Prep Training Practice Exam Questions Practice Tests: https://drive.google.com/open?id=1n5BwQtjkIT-S_a4QozR_waqtG9Z0oSZd