Join the discussion
Question 1/216
John is working on his company policies and guidelines. The section he is currently working on covers company documents; how they should be handled, stored, and eventually destroyed. John is concerned about the process whereby outdated documents are destroyed. What type of shredder should John write in the guidelines to be used when destroying documents?
Correct Answer: C
Add Comments
- Other Question (216q)
- Q1. John is working on his company policies and guidelines. The section he is currently workin...
- Q2. When you carve an image, recovering the image depends on which of the following skills?...
- Q3. Bob has encountered a system crash and has lost vital data stored on the hard drive of his...
- Q4. What method of copying should always be performed first before carrying out an investigati...
- Q5. In a Fllesystem Hierarchy Standard (FHS), which of the following directories contains the ...
- Q6. What is the capacity of Recycle bin in a system running on Windows Vista?...
- Q7. Cybercriminals sometimes use compromised computers to commit other crimes, which may invol...
- Q8. George is a senior security analyst working for a state agency in Florid a. His state's co...
- Q9. The police believe that Melvin Matthew has been obtaining unauthorized access to computers...
- Q10. Netstat is a tool for collecting information regarding network connections. It provides a ...
- Q11. In a computer that has Dropbox client installed, which of the following files related to t...
- Q12. A forensic analyst has been tasked with investigating unusual network activity Inside a re...
- Q13. An investigator has extracted the device descriptor for a 1GB thumb drive that looks like:...
- Q14. The following is a log file screenshot from a default installation of IIS 6.0. (Exhibit) W...
- Q15. Which of the following files stores information about a local Google Drive installation su...
- Q16. Smith is an IT technician that has been appointed to his company's network vulnerability a...
- Q17. Frank, a cloud administrator in his company, needs to take backup of the OS disks of two A...
- Q18. Which of the following Ii considered as the starting point of a database and stores user d...
- Q19. When should an MD5 hash check be performed when processing evidence?...
- Q20. Which of the following Ii considered as the starting point of a database and stores user d...
- Q21. What does the 56.58.152.114(445) denote in a Cisco router log? Jun 19 23:25:46.125 EST: %S...
- Q22. An Expert witness give an opinion if:
- Q23. You are running known exploits against your network to test for possible vulnerabilities. ...
- Q24. What is the slave device connected to the secondary IDE controller on a Linux OS referred ...
- Q25. Which of the following refers to the data that might still exist in a cluster even though ...
- Q26. SO/IEC 17025 is an accreditation for which of the following:...
- Q27. Which password cracking technique uses details such as length of password, character sets ...
- Q28. Jason discovered a file named $RIYG6VR.doc in the C:\$Recycle.Bin\<USER SID>\ while ...
- Q29. A suspect is accused of violating the acceptable use of computing resources, as he has vis...
- Q30. Storage location of Recycle Bin for NTFS file systems (Windows Vista and later) is located...
- Q31. Examination of a computer by a technically unauthorized person will almost always result i...
- Q32. If you discover a criminal act while investigating a corporate policy abuse, it becomes a ...
- Q33. What will the following Linux command accomplish? dd if=/dev/mem of=/home/sam/mem.bin bs=1...
- Q34. Which of the following network attacks refers to sending huge volumes of email to an addre...
- Q35. Assume there Is a file named myflle.txt In C: drive that contains hidden data streams. Whi...
- Q36. You are working in the security Department of law firm. One of the attorneys asks you abou...
- Q37. What must be obtained before an investigation is carried out at a location?...
- Q38. Wireless access control attacks aim to penetrate a network by evading WLAN access control ...
- Q39. An investigator has found certain details after analysis of a mobile device. What can reve...
- Q40. Which of the following application password cracking tool can discover all password-protec...
- Q41. What technique is used by JPEGs for compression?...
- Q42. Which of the following files stores information about local Dropbox installation and accou...
- Q43. Which of the following standard represents a legal precedent set in 1993 by the Supreme Co...
- Q44. The information security manager at a national legal firm has received several alerts from...
- Q45. Consider a scenario where the perpetrator of a dark web crime has unlnstalled Tor browser ...
- Q46. Assume there Is a file named myflle.txt In C: drive that contains hidden data streams. Whi...
- Q47. When marking evidence that has been collected with the "aaa/ddmmyy/nnnn/zz" format, what d...
- Q48. You are a security analyst performing a penetration tests for a company in the Midwest. Af...
- Q49. What will the following command accomplish?
- Q50. Why would you need to find out the gateway of a device when investigating a wireless attac...
- Q51. During an investigation, Noel found the following SIM card from the suspect's mobile. What...
- Q52. Michael works for Kimball Construction Company as senior security analyst. As part of year...
- Q53. Lance wants to place a honeypot on his network. Which of the following would be your recom...
- Q54. What method would be most efficient for you to acquire digital evidence from this network?...
- Q55. An investigator is analyzing a checkpoint firewall log and comes across symbols. What type...
- Q56. If the partition size is 4 GB, each cluster will be 32 K. Even if a file needs only 10 K, ...
- Q57. What is the target host IP in the following command?...
- Q58. An "idle" system is also referred to as what?
- Q59. Maria has executed a suspicious executable file In a controlled environment and wants to s...
- Q60. In which loT attack does the attacker use multiple forged identities to create a strong il...
- Q61. Steve, a forensic investigator, was asked to investigate an email incident in his organiza...
- Q62. You need to deploy a new web-based software package for your organization. The package req...
- Q63. Meyer Electronics Systems just recently had a number of laptops stolen out of their office...
- Q64. When investigating a potential e-mail crime, what is your first step in the investigation?...
- Q65. Derrick, a forensic specialist, was investigating an active computer that was executing va...
- Q66. Consider a scenario where a forensic investigator is performing malware analysis on a memo...
- Q67. Harold is finishing up a report on a case of network intrusion, corporate spying, and embe...
- Q68. Randy has extracted data from an old version of a Windows-based system and discovered info...
- Q69. Which of the following statements is TRUE with respect to the Registry settings in the use...
- Q70. Where does Encase search to recover NTFS files and folders?...
- Q71. Jason has set up a honeypot environment by creating a DMZ that has no physical or logical ...
- Q72. A forensic examiner encounters a computer with a failed OS installation and the master boo...
- Q73. What feature of Windows is the following command trying to utilize? (Exhibit)...
- Q74. What happens lo the header of the file once It Is deleted from the Windows OS file systems...
- Q75. Which of the following is a precomputed table containing word lists like dictionary files ...
- Q76. At what layer does a cross site scripting attack occur on?...
- Q77. Which Event Correlation approach assumes and predicts what an attacker can do next after t...
- Q78. When a user deletes a file or folder, the system stores complete path including the origin...
- Q79. Bob has encountered a system crash and has lost vital data stored on the hard drive of his...
- Q80. Which of the following data structures stores attributes of a process, as well as pointers...
- Q81. Which of the following is a tool to reset Windows admin password?...
- Q82. Identify the location of Recycle Bin on a Windows 7 machine that uses NTFS file system to ...
- Q83. Which of these rootkit detection techniques function by comparing a snapshot of the file s...
- Q84. Why should you never power on a computer that you need to acquire digital evidence from?...
- Q85. When installed on a Windows machine, which port does the Tor browser use to establish a ne...
- Q86. James is testing the ability of his routers to withstand DoS attacks. James sends ICMP ECH...
- Q87. Where should the investigator look for the Edge browser's browsing records, including hist...
- Q88. After passively scanning the network of Department of Defense (DoD), you switch over to ac...
- Q89. While collecting Active Transaction Logs using SQL Server Management Studio, the query Sel...
- Q90. What happens when a file is deleted by a Microsoft operating system using the FAT file sys...
- Q91. ____________________ is simply the application of Computer Investigation and analysis tech...
- Q92. You have completed a forensic investigation case. You would like to destroy the data conta...
- Q93. Why would a company issue a dongle with the software they sell?...
- Q94. Which of the following Windows event logs record events related to device drives and hardw...
- Q95. George is performing security analysis for Hammond and Sons LLC. He is testing security vu...
- Q96. Which of the following tasks DOES NOT come under the investigation phase of a cybercrime f...
- Q97. A computer forensics Investigator or forensic analyst Is a specially trained professional ...
- Q98. Given the drive dimensions as follows and assuming a sector has 512 bytes, what is the cap...
- Q99. To preserve digital evidence, an investigator should ____________________....
- Q100. Area density refers to:
- Q101. Which Intrusion Detection System (IDS) usually produces the most false alarms due to the u...
- Q102. An EC2 instance storing critical data of a company got infected with malware. The forensic...
- Q103. When investigating a computer forensics case where Microsoft Exchange and Blackberry Enter...
- Q104. Using Linux to carry out a forensics investigation, what would the following command accom...
- Q105. Frank is working on a vulnerability assessment for a company on the West coast. The compan...
- Q106. Fill In the missing Master Boot Record component. 1. Master boot code 2. Partition table 3...
- Q107. E-mail logs contain which of the following information to help you in your investigation? ...
- Q108. You are assisting in the investigation of a possible Web Server Hack. The company who call...
- Q109. The ____________________ refers to handing over the results of private investigations to t...
- Q110. Cybercriminals sometimes use compromised computers to commit other crimes, which may invol...
- Q111. Which of the following protocols allows non-ASCII files, such as video, graphics, and audi...
- Q112. An attacker successfully gained access to a remote Windows system and plans to install per...
- Q113. Which of the following Event Correlation Approach checks and compares all the fields syste...
- Q114. As a security analyst, you setup a false survey website that will require users to create ...
- Q115. Buffer overflow vulnerabilities, of web applications, occurs when the application fails to...
- Q116. Hackers can gain access to Windows Registry and manipulate user passwords, DNS settings, a...
- Q117. What must an attorney do first before you are called to testify as an expert?...
- Q118. You just passed your ECSA exam and are about to start your first consulting job running se...
- Q119. What technique used by Encase makes it virtually impossible to tamper with evidence once i...
- Q120. Which among the following acts has been passed by the U.S. Congress to protect investors f...
- Q121. Using Internet logging software to investigate a case of malicious use of computers, the i...
- Q122. During the course of a corporate investigation, you find that an Employee is committing a ...
- Q123. A forensics investigator is searching the hard drive of a computer for files that were rec...
- Q124. Which of the following Registry components include offsets to other cells as well as the L...
- Q125. Jack Smith is a forensics investigator who works for Mason Computer Investigation Services...
- Q126. Shane, a forensic specialist, is investigating an ongoing attack on a MySQL database serve...
- Q127. Which of the following directory contains the binary files or executables required for sys...
- Q128. Which of the following methods of mobile device data acquisition captures all the data pre...
- Q129. Which type of attack is possible when attackers know some credible information about the v...
- Q130. Simona has written a regular expression for the detection of web application-specific atta...
- Q131. Consider a scenario where the perpetrator of a dark web crime has unlnstalled Tor browser ...
- Q132. Which OWASP loT vulnerability talks about security flaws such as lack of firmware validati...
- Q133. What do you call the process of studying the changes that have taken place across a system...
- Q134. In both pharming and phishing attacks an attacker can create websites that look similar to...
- Q135. You are trying to locate Microsoft Outlook Web Access Default Portal using Google search o...
- Q136. This organization maintains a database of hash signatures for known software....
- Q137. Sheila is a forensics trainee and is searching for hidden image files on a hard disk. She ...
- Q138. An investigator Is examining a file to identify any potentially malicious content. To avoi...
- Q139. Which tool does the investigator use to extract artifacts left by Google Drive on the syst...
- Q140. A forensic examiner encounters a computer with a failed OS installation and the master boo...
- Q141. You have been given the task to investigate web attacks on a Windows-based server. Which o...
- Q142. Jason is the security administrator of ACMA metal Corporation. One day he notices the comp...
- Q143. What is the primary function of the tool CHKDSK in Windows that authenticates the file sys...
- Q144. What type of flash memory card comes in either Type I or Type II and consumes only five pe...
- Q145. When a router receives an update for its routing table, what is the metric value change to...
- Q146. How many bits is Source Port Number in TCP Header packet?...
- Q147. Which Linux command when executed displays kernel ring buffers or information about device...
- Q148. What does the part of the log, "% SEC-6-IPACCESSLOGP", extracted from a Cisco router repre...
- Q149. You are assigned to work in the computer forensics lab of a state police agency. While wor...
- Q150. In Linux, what is the smallest possible shellcode?...
- Q151. What command-line tool enables forensic Investigator to establish communication between an...
- Q152. What value of the "Boot Record Signature" is used to indicate that the boot-loader exists?...
- Q153. Which of the following is a non-zero data that an application allocates on a hard disk clu...
- Q154. You are working as Computer Forensics investigator and are called by the owner of an accou...
- Q155. You are working as a Computer forensics investigator for a corporation on a computer abuse...
- Q156. Steve received a mail that seemed to have come from her bank. The mail has instructions fo...
- Q157. Which of the following tools will allow a forensic Investigator to acquire the memory dump...
- Q158. Why are Linux/Unix based computers better to use than Windows computers for idle scanning?...
- Q159. Analyze the hex representation of mysql-bin.000013 file in the screenshot below. Which of ...
- Q160. Ronald, a forensic investigator, has been hired by a financial services organization to In...
- Q161. Which of the following is a MAC-based File Recovery Tool?...
- Q162. How many possible sequence number combinations are there in TCP/IP protocol?...
- Q163. What file is processed at the end of a Windows XP boot to initialize the logon dialog box?...
- Q164. Data is striped at a byte level across multiple drives, and parity information is distribu...
- Q165. What type of attack sends SYN requests to a target system with spoofed IP addresses?...
- Q166. When investigating a Windows System, it is important to view the contents of the page or s...
- Q167. What type of analysis helps to identify the time and sequence of events in an investigatio...
- Q168. Robert needs to copy an OS disk snapshot of a compromised VM to a storage account in diffe...
- Q169. Shane has started the static analysis of a malware and is using the tool ResourcesExtract ...
- Q170. Which of the following tool can the investigator use to analyze the network to detect Troj...
- Q171. Which of the following email headers specifies an address for mailer-generated errors, lik...
- Q172. The working of the Tor browser is based on which of the following concepts?...
- Q173. Identify the file system that uses $BitMap file to keep track of all used and unused clust...
- Q174. Which of the following tools is used to dump the memory of a running process, either immed...
- Q175. Which of the following attacks refers to unintentional download of malicious software via ...
- Q176. Kyle is performing the final testing of an application he developed for the accounting dep...
- Q177. Davidson Trucking is a small transportation company that has three local offices in Detroi...
- Q178. Analyze the hex representation of mysql-bin.000013 file in the screenshot below. Which of ...
- Q179. James, a forensics specialist, was tasked with investigating a Windows XP machine that was...
- Q180. Derrick, a forensic specialist, was investigating an active computer that was executing va...
- Q181. Investigators can use the Type Allocation Code (TAC) to find the model and origin of a mob...
- Q182. What is the purpose of using Obfuscator in malware?...
- Q183. Which of the following is a requirement for senders as per the CAN-SPAM act?...
- Q184. Why is it a good idea to perform a penetration test from the inside?...
- Q185. What is the location of a Protective MBR in a GPT disk layout?...
- Q186. Which of the following examinations refers to the process of providing the opposing side i...
- Q187. When marking evidence that has been collected with the aa/ddmmyy/nnnn/zz format, what does...
- Q188. Which of the following files store the MySQL database data permanently, including the data...
- Q189. Which of the following is a device monitoring tool?...
- Q190. Event correlation is the process of finding relevance between the events that produce a fi...
- Q191. An investigator enters the command sqlcmd -S WIN-CQQMK62867E -e -s"," -E as part of collec...
- Q192. The surface of a hard disk consists of several concentric rings known as tracks; each of t...
- Q193. What is the smallest physical storage unit on a hard drive?...
- Q194. An investigator has acquired packed software and needed to analyze it for the presence of ...
- Q195. An Investigator Is checking a Cisco firewall log that reads as follows: Aug 21 2019 09:16:...
- Q196. One way to identify the presence of hidden partitions on a suspect's hard drive is to:...
- Q197. Which of the following files DOES NOT use Object Linking and Embedding (OLE) technology to...
- Q198. companyXYZ has asked you to assess the security of their perimeter email gateway. From you...
- Q199. Cylie is investigating a network breach at a state organization in Florid a. She discovers...
- Q200. Harold is a computer forensics investigator working for a consulting firm out of Atlanta G...
- Q201. Which of the following stand true for BIOS Parameter Block?...
- Q202. Bob works as information security analyst for a big finance company. One day, the anomaly-...
- Q203. During a forensic investigation, a large number of files were collected. The investigator ...
- Q204. Preparing an image drive to copy files to is the first step in Linux forensics. For this p...
- Q205. Amber, a black hat hacker, has embedded a malware into a small enticing advertisement and ...
- Q206. In Steganalysis, which of the following describes a Known-stego attack?...
- Q207. In Java, when multiple applications are launched, multiple Dalvik Virtual Machine instance...
- Q208. Sectors in hard disks typically contain how many bytes?...
- Q209. What do you call the process in which an attacker uses magnetic field over the digital med...
- Q210. In which cloud crime do attackers try to compromise the security of the cloud environment ...
- Q211. John is working as a computer forensics investigator for a consulting firm in Canad a. He ...
- Q212. You have compromised a lower-level administrator account on an Active Directory network of...
- Q213. What is the investigator trying to view by issuing the command displayed in the following ...
- Q214. Graphics Interchange Format (GIF) is a ____ RGB bitmap image format for images with up to ...
- Q215. This law sets the rules for commercial email, establishes requirements for commercial mess...
- Q216. What is cold boot (hard boot)?
[×]
Download PDF File
Enter your email address to download EC-COUNCIL.312-49v10.v2023-07-27.q216.pdf