Eccouncil 312-49 practice test

Computer Hacking Forensic Investigator Exam

Last exam update: May 13 ,2024
Page 1 out of 32. Viewing questions 1-15 out of 486

Question 1

Jim performed a vulnerability analysis on his network and found no potential problems. He runs
another utility that executes exploits against his system to verify the results of the vulnerability test.
The second utility executes five known exploits against his network in which the vulnerability analysis
said were not exploitable. What kind of results did Jim receive from his vulnerability analysis?

  • A. False negatives
  • B. True negatives
  • C. True positives
  • D. False positives
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

What does ICMP Type 3/Code 13 mean?

  • A. Administratively Blocked
  • B. Host Unreachable
  • C. Protocol Unreachable
  • D. Port Unreachable
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Meyer Electronics Systems just recently had a number of laptops stolen out of their office. On these
laptops contained sensitive corporate information regarding patents and company strategies. A
month after the laptops were stolen, a competing company was found to have just developed
products that almost exactly duplicated products that Meyer produces. What could have prevented
this information from being stolen from the laptops?

  • A. DFS Encryption
  • B. EFS Encryption
  • C. SDW Encryption
  • D. IPS Encryption
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

George is a senior security analyst working for a state agency in Florid
a. His state's congress just passed a bill mandating every state agency to undergo a security audit
annually. After learning what will be required, George needs to implement an IDS as soon as possible
before the first audit occurs. The state bill requires that an IDS with a "time-based induction
machine" be used. What IDS feature must George implement to meet this requirement?

  • A. Pattern matching
  • B. Statistical-based anomaly detection
  • C. Real-time anomaly detection
  • D. Signature-based anomaly detection
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

Harold wants to set up a firewall on his network but is not sure which one would be the most
appropriate. He knows he needs to allow FTP traffic to one of the servers on his network, but he
wants to only allow FTP-PUT. Which firewall would be most appropriate for Harold? needs?

  • A. Packet filtering firewall
  • B. Circuit-level proxy firewall
  • C. Application-level proxy firewall
  • D. Data link layer firewall
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

What
will
the
following
URL
produce
in
an
unpatched
IIS
Web
Server?
http://www.thetargetsite.com/scripts/..%
co%af../..%co%af../windows/system32/cmd.exe?/c+dir+c:\

  • A. Directory listing of C: drive on the web server
  • B. Execute a buffer flow in the C: drive of the web server
  • C. Directory listing of the C:\windows\system32 folder on the web server
  • D. Insert a Trojan horse into the C: drive of the web server
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

You are assisting a Department of Defense contract company to become compliant with the stringent
security policies set by the DoD. One such strict rule is that firewalls must only allow incoming
connections that were first initiated by internal computers. What type of firewall must you
implement to abide by this policy?

  • A. Packet filtering firewall
  • B. Application-level proxy firewall
  • C. Statefull firewall
  • D. Circuit-level proxy firewall
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

After attending a CEH security seminar, you make a list of changes you would like to perform on your
network to increase its security. One of the first things you change is to switch the
RestrictAnonymous setting from 0 to 1 on your servers. This, as you were told, would prevent
anonymous users from establishing a null session on the server. Using Userinfo tool mentioned at the
seminar, you succeed in establishing a null session with one of the servers. Why is that?
A. RestrictAnonymous must be set to "2" for complete security
B. There is no way to always prevent an anonymous null session from establishing
C. RestrictAnonymous must be set to "10" for complete security
D. RestrictAnonymous must be set to "3" for complete security

Answer:

A

Discussions
0 / 1000

Question 9

Kyle is performing the final testing of an application he developed for the accounting department.
His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following
command. What is he testing at this point? #include #include int main(int argc, char *argv[]) { char
buffer[10]; if (argc < 2) { fprintf (stderr, "USAGE: %s string\n", argv[0]); return 1; } strcpy(buffer,
argv[1]); return 0; }

  • A. SQL injection
  • B. Format string bug
  • C. Buffer overflow
  • D. Kernal injection
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

George is performing security analysis for Hammond and Sons LLC. He is testing security
vulnerabilities of their wireless network. He plans on remaining as "stealthy" as possible during the
scan. Why would a scanner like Nessus is not recommended in this situation?

  • A. Nessus cannot perform wireless testing
  • B. Nessus is too loud
  • C. There are no ways of performing a "stealthy" wireless scan
  • D. Nessus is not a network scanner
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

Jonathan is a network administrator who is currently testing the internal security of his network. He
is attempting to hijack a session, using Ettercap, of a user connected to his Web server. Why will
Jonathan not succeed?

  • A. Only FTP traffic can be hijacked
  • B. Only an HTTPS session can be hijacked
  • C. HTTP protocol does not maintain session
  • D. Only DNS traffic can be hijacked
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

What will the following command produce on a website login page?
SELECT email, passwd, login_id, full_name FROM members
WHERE email = '[email protected]';
DROP TABLE members; --'

  • A. Retrieves the password for the first user in the members table
  • B. This command will not produce anything since the syntax is incorrect
  • C. Deletes the entire members table
  • D. Inserts the Error! Reference source not found. email address into the members table
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation: The third line deletes the table named members.

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

Why are Linux/Unix based computers better to use than Windows computers for idle scanning?

  • A. Windows computers will not respond to idle scans
  • B. Linux/Unix computers are easier to compromise
  • C. Windows computers are constantly talking
  • D. Linux/Unix computers are constantly talking
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

What is kept in the following directory? HKLM\SECURITY\Policy\Secrets

  • A. IAS account names and passwords
  • B. Service account passwords in plain text
  • C. Local store PKI Kerberos certificates
  • D. Cached password hashes for the past 20 users
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

What operating system would respond to the following command? C:\> nmap -sW 10.10.145.65

  • A. Windows XP
  • B. Mac OS X
  • C. FreeBSD
  • D. Windows 95
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2