Eccouncil 312-49 Exam Questions Instant Access

Question 1

In the context of file deletion process, which of the following statement holds true?

AWhen files are deleted, the data is overwritten and the cluster marked as available

BThe longer a disk is in use, the less likely it is that deleted files will be overwritten

CWhile booting, the machine may create temporary files that can delete evidence

DSecure delete programs work by completely overwriting the file in one go

Answer : C

Question 2

What will the following Linux command accomplish?

dd if=/dev/mem of=/home/sam/mem.bin bs=1024

ACopy the master boot record to a file

BCopy the contents of the system folder to a file

CCopy the running memory to a file

DCopy the memory dump file to an image file

Answer : C

Question 3

Which of the following file contains the traces of the applications installed, run, or uninstalled from a system?

AShortcut Files

BVirtual files

CPrefetch Files

DImage Files

Answer : A

Question 4

A Linux system is undergoing investigation. In which directory should the investigators look for its current state data if the system is in powered on state?

A/auth

B/proc

C/var/log/debug

D/var/spool/cron/

Answer : B

Question 5

Area density refers to:

Athe amount of data per disk

Bthe amount of data per partition

Cthe amount of data per square inch

Dthe amount of data per platter

Answer : A

Question 6

Which of the following is a MAC-based File Recovery Tool?

AVirtualLab

BGetDataBack

CCisdem DataRecovery 3

DSmart Undeleter

Answer : C

Question 7

Which Linux command when executed displays kernel ring buffers or information about device drivers loaded into the kernel?

Apgrep

Bdmesg

Cfsck

Dgrep

Answer : B

Eccouncil Computer Hacking Forensic Investigator V10 312-49 Exam Questions