CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 312-49

Free 312-49 Exam Braindumps (page: 25)

Page 24 of 133
PDF with 531 Questions

What should you do when approached by a reporter about a case that you are working on or have worked on?

  1. Refer the reporter to the attorney that retained you
  2. Say, "no comment"
  3. Answer all the reporter’s questions as completely as possible
  4. Answer only the questions that help your case

Answer(s): A



Which of the following refers to the data that might still exist in a cluster even though the original file has been overwritten by another file?

  1. Sector
  2. Metadata
  3. MFT
  4. Slack Space

Answer(s): D



A state department site was recently attacked and all the servers had their disks erased. The incident response team sealed the area and commenced investigation. During evidence collection they came across a zip disks that did not have the standard labeling on it. The incident team ran the disk on an isolated system and found that the system disk was accidentally erased. They decided to call in the FBI for further investigation.
Meanwhile, they short listed possible suspects including three summer interns. Where did the incident team go wrong?

  1. They examined the actual evidence on an unrelated system
  2. They attempted to implicate personnel without proof
  3. They tampered with evidence by using it
  4. They called in the FBI without correlating with the fingerprint data

Answer(s): C



When investigating a Windows System, it is important to view the contents of the page or swap file because:

  1. Windows stores all of the systems configuration information in this file
  2. This is file that windows use to communicate directly with Registry
  3. A Large volume of data can exist within the swap file of which the computer user has no knowledge
  4. This is the file that windows use to store the history of the last 100 commands that were run from the command line

Answer(s): C






Post your Comments and Discuss EC-Council 312-49 exam with other Community members:

312-49 Discussions & Posts