CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 312-49

Free 312-49 Exam Braindumps (page: 25)

Page 25 of 133
PDF with 531 Questions

Chris has been called upon to investigate a hacking incident reported by one of his clients. The company suspects the involvement of an insider accomplice in the attack. Upon reaching the incident scene, Chris secures the physical area, records the scene using visual media. He shuts the system down by pulling the power plug so that he does not disturb the system in any way. He labels all cables and connectors prior to disconnecting any. What do you think would be the next sequence of events?

  1. Connect the target media; prepare the system for acquisition; Secure the evidence; Copy the media
  2. Prepare the system for acquisition; Connect the target media; copy the media; Secure the evidence
  3. Connect the target media; Prepare the system for acquisition; Secure the evidence; Copy the media
  4. Secure the evidence; prepare the system for acquisition; Connect the target media; copy the media

Answer(s): B



The use of warning banners helps a company avoid litigation by overcoming an employee assumed
______________. When connecting to the company's intranet, network or Virtual Private Network(VPN) and will allow the company's investigators to monitor, search and retrieve information stored within the network.

  1. Right to work
  2. Right of free speech
  3. Right to Internet Access
  4. Right of Privacy

Answer(s): D



What does mactime, an essential part of the coroner's toolkit do?

  1. It traverses the file system and produces a listing of all files based on the modification, access and change timestamps
  2. It can recover deleted file space and search it for data. However, it does not allow the investigator to preview them
  3. The tools scans for i-node information, which is used by other tools in the tool kit
  4. It is too specific to the MAC OS and forms a core component of the toolkit

Answer(s): A



One way to identify the presence of hidden partitions on a suspect's hard drive is to:

  1. Add up the total size of all known partitions and compare it to the total size of the hard drive
  2. Examine the FAT and identify hidden partitions by noting an H in the partition Type field
  3. Examine the LILO and note an H in the partition Type field
  4. It is not possible to have hidden partitions on a hard drive

Answer(s): A



Page 25 of 133



Post your Comments and Discuss EC-Council 312-49 exam with other Community members:

Valery commented on August 13, 2024
What version of exam have this dumps?
KAZAKHSTAN
upvote

Moorthy commented on June 01, 2024
This is the best place to pratice C_CPI_15 exam.
Anonymous
upvote

Carlos commented on February 29, 2024
@AKM, I took this exam about 2 weeks ago. The questions in this exam dumps are very similar to the exam. However some answers were not that accurate. I got the full PDF version with the testing software called Xengien app. It did help me pass my exam. So yes, it is worth it.
UNITED STATES
upvote

AKM commented on February 29, 2024
Have anyone took the test after practicing here? What is accuracy of this question compared to actual test
INDIA
upvote

SA commented on February 07, 2024
Great place to test your preparation.
INDIA
upvote

Balu commented on November 03, 2014
Thank you so much for helping me on this. Let me have a look on this and will provide further update as soon as possible.
UNITED STATES
upvote