312-49v10 EC-Council Exam Questions and Free Practice Test

Question 67

- (Exam Topic 2)
In Windows Security Event Log, what does an event id of 530 imply?

A. Logon Failure – Unknown user name or bad password

B. Logon Failure – User not allowed to logon at this computer

C. Logon Failure – Account logon time restriction violation

D. Logon Failure – Account currently disabled

Correct Answer:C

Question 68

- (Exam Topic 1)
When conducting computer forensic analysis, you must guard against _______ So that you remain focused on the primary job and insure that the level of work does not increase beyond what was originally expected.

A. Hard Drive Failure

B. Scope Creep

C. Unauthorized expenses

D. Overzealous marketing

Correct Answer:B

Question 69

- (Exam Topic 2)
Smith, a forensic examiner, was analyzing a hard disk image to find and acquire deleted sensitive files. He stumbled upon a $Recycle.Bin folder in the root directory of the disk. Identify the operating system in use.

A. Windows 98

B. Linux

C. Windows 8.1

D. Windows XP

Correct Answer:D

Question 70

- (Exam Topic 1)
What does the acronym POST mean as it relates to a PC?

A. Primary Operations Short Test

B. PowerOn Self Test

C. Pre Operational Situation Test

D. Primary Operating System Test

Correct Answer:B

Question 71

- (Exam Topic 1)
Corporate investigations are typically easier than public investigations because:

A. the users have standard corporate equipment and software

B. the investigator does not have to get a warrant

C. the investigator has to get a warrant

D. the users can load whatever they want on their machines

Correct Answer:B

Question 72

- (Exam Topic 3)
Brian needs to acquire data from RAID storage. Which of the following acquisition methods is recommended to retrieve only the data relevant to the investigation?

A. Static Acquisition

B. Sparse or Logical Acquisition

C. Bit-stream disk-to-disk Acquisition

D. Bit-by-bit Acquisition

Correct Answer:B

START 312-49v10 EXAM