312-49v9 EC-Council Exam Questions and Free Practice Test

Question 19

- (Topic 3)
If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?

A. The system has been compromised using a t0rnrootkit

B. The system administrator has created an incremental backup

C. The system files have been copied by a remote attacker

D. Nothing in particular as these can be operational files

Correct Answer:D

Question 20

- (Topic 1)
Which of the following file in Novel GroupWise stores information about user accounts?

A. ngwguard.db

B. gwcheck.db

C. PRIV.EDB

D. PRIV.STM

Correct Answer:A

Question 21

- (Topic 1)
TCP/IP (Transmission Control Protocol/Internet Protocol) is a communication protocol used to connect different hosts in the Internet. It contains four layers, namely the network interface layer. Internet layer, transport layer, and application layer.
Which of the following protocols works under the transport layer of TCP/IP?

A. UDP

B. HTTP

C. FTP

D. SNMP

Correct Answer:A

Question 22

- (Topic 3)
What does ICMP Type 3/Code 13 mean?

A. Administratively Blocked

B. Host Unreachable

C. Protocol Unreachable

D. Port Unreachable

Correct Answer:A

Question 23

- (Topic 1)
A system with a simple logging mechanism has not been given much attention during development, this system is now being targeted by attackers, if the attacker wants to perform a new line injection attack, what will he/she inject into the log file?

A. Plaintext

B. Single pipe character

C. Multiple pipe characters

D. HTML tags

Correct Answer:A

Question 24

- (Topic 3)
You have completed a forensic investigation case. You would like to destroy the data contained in various disks at the forensics lab due to sensitivity of the case.
How would you permanently erase the data on the hard disk?

A. Throw the hard disk into the fire

B. Run the powerful magnets over the hard disk

C. Format the hard disk multiple times using a low level disk utility

D. Overwrite the contents of the hard disk with Junk data

Correct Answer:AC
To be effective with throwing the hard drive into the fire, the fire would have to be hot enough to melt the platters into molten metal, which requires an industrial furnance. This requires special facilities.
Running powerful magnets over the disk, such as degaussing the disk, may destroy the data, but may also be ineffective. In some cases, the degaussing process for tape and disk may render the disk unusable for use again. (of course throwing the drives into a furnance also guarantee that as well).
Formatting the disk multiple times with a low level disk utility is the best way to go, and still beable to re-use the disk for later projects. The keys are “multiple” and “low level”. A low level format is typicall a slow, thorough, format that is a wipe. Multiple – as opposed to once – is recommended. There is a theory on “how many times”, some schools say at least three times. The problem with this answer is that with newer drives, such as ATA and SCSI, low level formats can destroy the volumes as well, and some BIOS may actually ignore the LLF directives.
Overwritting the disk with junk data would perform some form of wipe because the old data is wiped out, but still may be recoverd.
Note:
According to some websites:
Physical Methods that will not work to destroy data on a hard drive include:Throwing it in the water (this does not do much)Setting it on fire (the temperature is not going to be high enough at home)Throwing it out of the window. Hard drives can take quite a bit of G force. They are not heavy so the impact of the hard drive on the ground is not likely to destroy the platters.Drive over the hard drive. A car, or even a tank, driving over a hard drive will do nothing, any more than they would driving over a book. Unless the drive is actually flattened, the platters are not going to be destroyed

START 312-49v9 EXAM