In a forensic examination of hard drives for digital evidence, what type of user is most likely to have the most file slack to analyze?
Answer(s): D
In what way do the procedures for dealing with evidence in a criminal case differ from the procedures for dealing with evidence in a civil case?
Answer(s): C
You are assigned to work in the computer forensics lab of a state police agency. While working on a high profile criminal case, you have followed every applicable procedure, however your boss is still concerned that the defense attorney might question whether evidence has been changed while at the lab. What can you do to prove that the evidence is the same as it was when it first entered the lab?
Answer(s): A
Study the log given below and answer the following question:Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from 194.222.156.169Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194.222.156.169:56693 -> 172.16.1.107:482Apr 24 18:01:05 [4663]: IDS/DNS-version-query: 212.244.97.121:3485 -> 172.16.1.107:53Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval: 194.222.156.169:1425 -> 172.16.1.107:21Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from 24.9.255.53Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 -> 172.16.1.107:53Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 -> 172.16.1.101:53Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 -> 172.16.1.107:111Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard: 198.173.35.164:4221 -> 172.16.1.107:80Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 -> 172.16.1.101:53Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 -> 172.16.1.107:53Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for user simple by (uid=0)Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user simon by simple(uid=506)Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 -> 172.16.1.107:1080Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23 -> 213.28.22.189:4558Precautionary measures to prevent this attack would include writing firewall rules. Of these firewall rules, which among the following would be appropriate?
When monitoring for both intrusion and security events between multiple computers, it is essential that the computers' clocks are synchronized. Synchronized time allows an administrator to reconstruct what took place during an attack against multiple computers. Without synchronized time, it is very difficult to determine exactly when specific events took place, and how events interlace. What is the name of the service used to synchronize time among multiple computers?
Answer(s): B
Post your Comments and Discuss EC-Council 312-49 exam dumps with other Community members:
nobody Commented on June 18, 2025 The answer for Question 266 should be Complete Event Analysis HONG KONG
Valery Commented on March 01, 2025 What version of exam have this practice questions? KAZAKHSTAN
Moorthy Commented on December 18, 2024 This is the best place to pratice C_CPI_15 exam. Anonymous
Carlos Commented on February 29, 2024 @AKM, I took this exam about 2 weeks ago. The questions in this practice questions are very similar to the exam. However some answers were not that accurate. I got the full PDF version with the testing software called Xengien app. It did help me pass my exam. So yes, it is worth it. UNITED STATES
AKM Commented on February 29, 2024 Have anyone took the test after practicing here? What is accuracy of this question compared to actual test INDIA
SA Commented on February 07, 2024 Great place to test your preparation. INDIA
Balu Commented on November 03, 2014 Thank you so much for helping me on this. Let me have a look on this and will provide further update as soon as possible. UNITED STATES