312-49v10 EC-Council Exam Questions and Free Practice Test

Question 13

- (Exam Topic 1)
A state department site was recently attacked and all the servers had their disks erased. The incident response team sealed the area and commenced investigation. During evidence collection they came across a zip disks that did not have the standard labeling on it. The incident team ran the disk on an isolated system and found that the system disk was accidentally erased. They decided to call in the FBI for further investigation. Meanwhile, they short listed possible suspects including three summer interns. Where did the incident team go wrong?

A. They examined the actual evidence on an unrelated system

B. They attempted to implicate personnel without proof

C. They tampered with evidence by using it

D. They called in the FBI without correlating with the fingerprint data

Correct Answer:C

Question 14

- (Exam Topic 2)
How often must a company keep log files for them to be admissible in a court of law?

A. All log files are admissible in court no matter their frequency

B. Weekly

C. Monthly

D. Continuously

Correct Answer:D

Question 15

- (Exam Topic 3)
What is the capacity of Recycle bin in a system running on Windows Vista?

A. 2.99GB

B. 3.99GB

C. Unlimited

D. 10% of the partition space

Correct Answer:C

Question 16

- (Exam Topic 1)
With Regard to using an Antivirus scanner during a computer forensics investigation, You should:

A. Scan the suspect hard drive before beginning an investigation

B. Never run a scan on your forensics workstation because it could change your systems configuration

C. Scan your forensics workstation at intervals of no more than once every five minutes during an investigation

D. Scan your Forensics workstation before beginning an investigation

Correct Answer:D

Question 17

- (Exam Topic 1)
What is kept in the following directory? HKLMSECURITYPolicySecrets

A. Cached password hashes for the past 20 users

B. Service account passwords in plain text

C. IAS account names and passwords

D. Local store PKI Kerberos certificates

Correct Answer:B

Question 18

- (Exam Topic 3)
Smith is an IT technician that has been appointed to his company's network vulnerability assessment team. He is the only IT employee on the team. The other team members include employees from
Accounting, Management, Shipping, and Marketing. Smith and the team members are having their first meeting to discuss how they will proceed. What is the first step they should do to create the network
vulnerability assessment plan?

A. Their first step is to make a hypothesis of what their final findings will be.

B. Their first step is to create an initial Executive report to show the management team.

C. Their first step is to analyze the data they have currently gathered from the company or interviews.

D. Their first step is the acquisition of required documents, reviewing of security policies and compliance.

Correct Answer:D

START 312-49v10 EXAM