Eccouncil dumpspedia last Attempt 312-49v10 Questions by Ffion q210 vce pdf

Page: 11 / 26

Exam Name:	Computer Hacking Forensic Investigator (CHFI-v10)
Exam Code:	312-49v10 Dumps
Vendor:	ECCouncil	Certification:	CHFI v10
Questions:	704 Q&A's	Shared By:	ffion

Question 44

A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker. Given below is an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by studying the log. Please note that you are required to infer only what is explicit in the excerpt.

(Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.)

03/15-20:21:24.107053 211.185.125.124:3500 -> 172.16.1.108:111

TCP TTL:43 TOS:0x0 ID:29726 IpLen:20 DgmLen:52 DF

***A**** Seq: 0x9B6338C5 Ack: 0x5820ADD0 Win: 0x7D78 TcpLen: 32

TCP Options (3) => NOP NOP TS: 23678634 2878772

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

03/15-20:21:24.452051 211.185.125.124:789 -> 172.16.1.103:111

UDP TTL:43 TOS:0x0 ID:29733 IpLen:20 DgmLen:84

Len: 64

01 0A 8A 0A 00 00 00 00 00 00 00 02 00 01 86 A0 ................

00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 00 ................

00 00 00 00 00 00 00 00 00 01 86 B8 00 00 00 01 ................

00 00 00 11 00 00 00 00 ........

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

03/15-20:21:24.730436 211.185.125.124:790 -> 172.16.1.103:32773

UDP TTL:43 TOS:0x0 ID:29781 IpLen:20 DgmLen:1104

Len: 1084

47 F7 9F 63 00 00 00 00 00 00 00 02 00 01 86 B8

Options:

The attacker has conducted a network sweep on port 111

The attacker has scanned and exploited the system using Buffer Overflow

The attacker has used a Trojan on port 32773

The attacker has installed a backdoor

Discussion

Question 45

You have completed a forensic investigation case. You would like to destroy the data contained in various disks at the forensics lab due to sensitivity of the case. How would you permanently erase the data on the hard disk?

Options:

Throw the hard disk into the fire

Run the powerful magnets over the hard disk

Format the hard disk multiple times using a low level disk utility

Overwrite the contents of the hard disk with Junk data

Discussion

Question 46

When you carve an image, recovering the image depends on which of the following skills?

Options:

Recognizing the pattern of the header content

Recovering the image from a tape backup

Recognizing the pattern of a corrupt file

Recovering the image from the tape backup

Discussion

Question 47

Jim performed a vulnerability analysis on his network and found no potential problems. He runs another utility that executes exploits against his system to verify the results of the vulnerability test.

The second utility executes five known exploits against his network in which the vulnerability analysis said were not exploitable. What kind of results did Jim receive from his vulnerability analysis?

Options:

False negatives

False positives

True negatives

True positives

Discussion

Cecilia

Yes, I passed my certification exam using Cramkey Dumps.

Helena Sep 19, 2024

Great. Yes they are really effective

Freddy

I passed my exam with flying colors and I'm confident who will try it surely ace the exam.