1. Home
  2. EC-Council
  3. 312-49v9 Exam

Question 79

- (Topic 3)
What information do you need to recover when searching a victim computer for a crime committed with specific e-mail message?What information do you need to recover when searching a victim? computer for a crime committed with specific e-mail message?

Correct Answer:B

Question 80

- (Topic 1)
Data compression involves encoding the data to take up less storage space and less bandwidth for transmission. It helps in saving cost and high data manipulation in many business applications. Which data compression technique maintains data integrity?

Correct Answer:A

Question 81

- (Topic 3)
In what way do the procedures for dealing with evidence in a criminal case differ from the procedures for dealing with evidence in a civil case?

Correct Answer:C

Question 82

- (Topic 3)
Why would a company issue a dongle with the software they sell?

Correct Answer:C

Question 83

- (Topic 3)
When an investigator contacts by telephone the domain administrator or controller listed by a whois lookup to request all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail records?

Correct Answer:D
18 U.S.C. § 1029 Fraud and Related Activity in Connection with Access Devices 18 U.S.C. § 1030 Fraud and Related Activity in Connection with Computers
18 U.S.C. § 2703 Required Disclosure of Customer Communications Records 18 U.S.C. § 2703(d) Requirements for Court Order
18 U.S.C. § 2703(f) Requirement to Preserve Evidence

Question 84

- (Topic 3)
Study the log given below and answer the following question:
Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169
Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482 Apr 24 18:01:05 [4663]:
IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53
Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 -> 172.16.1.107:21
Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53
Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53
Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53
Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111
Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80
Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53 Apr 26 06:43:05 [6283]:
IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53
Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by (uid=0)
Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506) Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080
Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558
Precautionary measures to prevent this attack would include writing firewall rules. Of these firewall rules, which among the following would be appropriate?

Correct Answer:A

START 312-49v9 EXAM
© All pages Copyright to 2024 by Shareitexam.com. All rights reserved. testpreplab.com certstest.com