EC-COUNCIL 312-49v11 問題集

質問 1：
A clothing company has recently deployed a website on Its latest product line to Increase Its conversion rate and base of customers. Andrew, the network administrator recently appointed by the company, has been assigned with the task of protecting the website from Intrusion and vulnerabilities. Which of the following tool should Andrew consider deploying in this scenario?
A. Recuva
B. Kon-Boot
C. CryptaPix
D. ModSecurity
正解：D

質問 2：
One way to identify the presence of hidden partitions on a suspect's hard drive is to:
A. Add up the total size of all known partitions and compare it to the total size of the hard drive
B. Examine the LILO and note an H in the partition Type field
C. Examine the FAT and identify hidden partitions by noting an H in the partition Type field
D. It is not possible to have hidden partitions on a hard drive
正解：A

質問 3：
Which of the following commands shows you the NetBIOS name table each?
A. nbtstat -c
B. nbtstat -n
C. nbtstat -s
D. nbtstat -r
正解：B

質問 4：
A master boot record (MBR) is the first sector ("sector zero") of a data storage device. What is the size of MBR?
A. Depends on the capacity of the storage device
B. 4092 Bytes
C. 1048 Bytes
D. 512 Bytes
正解：D

質問 5：
As a Computer Hacking Forensic Investigator, you are analyzing an intrusion incident in a corporate network. You discovered the traces of a fileless malware attack that utilized a memory exploit. The indicators suggest that the initial payload was delivered via a malicious Word document received through a phishing email. As part of the response and prevention plan, which among the following steps would be the most effective to disrupt the Infection Chain of the detected fileless malware?
A. Implementing a strict policy on macros embedded in Office documents across the organization
B. Patching the vulnerabilities in Flash and Java plugins in all browsers within the corporate network
C. Disabling the use of all scripting languages, such as JavaScript, in the corporate environment
D. Replacing the currently used traditional antivirus solution with the latest signature-based IDS
正解：A

質問 6：
You are a security analyst performing reconnaissance on a company you will be carrying out a penetration test for. You conduct a search for IT jobs on Dice.com and find the following information for an open position:
- 7+ years experience in Windows Server environment
- 5+ years experience in Exchange 2000/2003 environment
- Experience with Cisco Pix Firewall, Linksys 1376 router, Oracle 11i and MYOB v3.4.
Accounting software are required MCSA desired, MCSE, CEH preferred. No Unix/Linux Experience needed.
What is this information posted on the job website considered?
A. Social engineering exploit
B. Competitive exploit
C. Information vulnerability
D. Trade secret
正解：C

質問 7：
Which of the following is NOT an anti-forensics technique?
A. Encryption
B. Steganography
C. Data Deduplication
D. Password Protection
正解：C

質問 8：
Which of the following approaches checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or multiple fields?
A. Rule-based approach
B. Automated field correlation approach
C. Graph-based approach
D. Neural network-based approach
正解：B

質問 9：
Printing under a Windows Computer normally requires which one of the following files types to be created?
A. EMF
B. CME
C. EME
D. MEM
正解：A