EC-COUNCIL 312-49v11 問題集

質問 1：
Network forensics allows Investigators to inspect network traffic and logs to identify and locate the attack system.
Network forensics can reveal: (Select three answers)
A. Source of security incidents' and network attacks
B. Hardware configuration of the attacker's system
C. Path of the attack
D. Intrusion techniques used by attackers
正解：A,C,D

質問 2：
Which of the following registry hive gives the configuration information about which application was used to open various files on the system?
A. HKEY_CLASSES_ROOT
B. HKEY_CURRENT_CONFIG
C. HKEY_USERS
D. HKEY_LOCAL_MACHINE
正解：A

質問 3：
What is the size value of a nibble?
A. 0.5 bit
B. 0.5 byte
C. 0.5 kilo byte
D. 2 bits
正解：B

質問 4：
You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation.
Your job is to complete the required evidence custody forms to properly document each piece of evidence as other members of your team collect it. Your manager instructs you to complete one multi-evidence form for the entire case and a single-evidence form for each hard drive. How will these forms be stored to help preserve the chain of custody of the case?
A. The multi-evidence form should be placed in the report file and the single-evidence forms should be kept with each hard drive in an approved secure container
B. All forms should be placed in the report file because they are now primary evidence in the case
C. The multi-evidence form should be placed in an approved secure container with the hard drives and the single-evidence forms should be placed in the report file
D. All forms should be placed in an approved secure container because they are now primary evidence in the case
正解：A

質問 5：
A forensics investigator is searching the hard drive of a computer for files that were recently moved to the Recycle Bin. He searches for files in C:\RECYCLED using a command line tool but does not find anything. What is the reason for this?
A. The files are hidden and he must use switch to view them
B. He should search in C:\Windows\System32\RECYCLED folder
C. Only FAT system contains RECYCLED folder and not NTFS
D. The Recycle Bin does not exist on the hard drive
正解：A

質問 6：
Cyber-crime is defined as any Illegal act involving a gun, ammunition, or its applications.
A. False
B. True
正解：A

質問 7：
JPEG is a commonly used method of compressing photographic Images. It uses a compression algorithm to minimize the size of the natural image, without affecting the quality of the image. The JPEG lossy algorithm divides the image in separate blocks of____________.
A. 16x16 pixels
B. 4x4 pixels
C. 8x8 pixels
D. 32x32 pixels
正解：C

質問 8：
Jason discovered a file named $RIYG6VR.doc in the C:\$Recycle.Bin\<USER SID>\ while analyzing a hard disk image for the deleted data. What inferences can he make from the file name?
A. It is a doc file deleted in seventh sequential order
B. RIYG6VR.doc is the name of the doc file deleted from the system
C. It is file deleted from R drive
D. It is a deleted doc file
正解：D

質問 9：
All Blackberry email is eventually sent and received through what proprietary RIM-operated mechanism?
A. Blackberry WAP gateway
B. Blackberry WEP gateway
C. Microsoft Exchange
D. Blackberry Message Center
正解：D