ECCouncil 312-49v11 - Computer Hacking Forensic Investigator Exam
Page: 1 / 30
Total 150 questions
Question #1 (Topic: Exam A)
A suspect is accused of violating the acceptable use of computing resources, as he has visited adult websites and downloaded images. The investigator wants to demonstrate that the suspect did indeed visit these sites. However, the suspect has cleared the search history and emptied the cookie cache. Moreover, he has removed any images he might have downloaded. What can the investigator do to prove the violation?
A. Image the disk and try to recover deleted files
B. Seek the help of co-workers who are eye-witnesses
C. Check the Windows registry for connection data (you may or may not recover)
D. Approach the website's administrator for evidence
Answer: A
Question #2 (Topic: Exam A)
You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud by printing cheques that have not been authorized. You have exhaustively searched all data files on a bitmap image of the target computer, but have found no evidence. You suspect the files may not have been saved. What should you examine next in this case?
A. The registry
B. The swap file
C. The recycle bin
D. The metadata
Answer: B
Question #3 (Topic: Exam A)
Which of the following are small pieces of data sent from a website and stored on the user’s computer by the user’s web browser to track, validate, and maintain specific user information?
A. Temporary Files
B. Open files
C. Cookies
D. Web Browser Cache
Answer: C
Question #4 (Topic: Exam A)
Depending upon the jurisdictional areas, different laws apply to different incidents. Which of the following law is related to fraud and related activity in connection with computers?
A. 18 USC §1029
B. 18 USC §1030
C. 18 USC §1361
D. 18 USC §1371
Answer: B
Question #5 (Topic: Exam A)
Data is striped at a byte level across multiple drives, and parity information is distributed among all member drives.
What RAID level is represented here?
What RAID level is represented here?
A. RAID Level 0
B. RAID Level 5
C. RAID Level 3
D. RAID Level 1
Answer: B
