Free EC-COUNCIL 312-49v11 Exam Dumps Questions & Answers

During a malware investigation on a Linux server in Phoenix, investigators suspect that the malicious process is making frequent system calls to access protected resources. To analyze this behavior, they decide to trace and log the system calls made by the process. Which strace command provides a summary count of time, calls, and errors for each system call?

• A.strace -p
• B.strace -o out.txt ./
• C.strace -c ls > /dev/null
• D.strace -P ls /var/empty

An investigator is reviewing the Apache access logs for suspicious traffic. She notices a series of requests for
/admin.php from an IP address that is not normally associated with administrative access. What should she do next to determine whether this is an unauthorized access attempt?

• A.Cross-reference the IP address with the server's DNS logs to see if it is part of a known network.
• B.Analyze the user-agent strings associated with the requests to identify the browser being used.
• C.Check the HTTP status codes in the log entries for these requests to identify whether they were successful.
• D.Review the timestamps of the requests to determine if they occurred during business hours.

During a digital forensics investigation, an investigator is tasked with collecting data from servers and shared drives within an organization ' s infrastructure. The investigator accesses and retrieves relevant electronic evidence from these central storage locations to assist in the investigation. This data collection includes files, user logs, and other system artifacts necessary for understanding the scope of the incident. Which eDiscovery collection methodology is the investigator employing in this scenario?

• A.The investigator uses network collection to gather data directly from internal repositories and organizational data hubs across the network.
• B.The investigator uses cloud-based collection to retrieve data from cloud storage and platforms.
• C.The investigator uses email collection to extract relevant communications and attachments from email systems.
• D.The investigator uses mobile device collection to retrieve data from smartphones, tablets, or other mobile devices.

During a service-manipulation investigation at a logistics company in Columbus, Ohio, an examiner reviews the Windows System log from a compromised workstation. The timeline shows an entry indicating that a request was issued to stop a critical service, but the service did not immediately transition to a stopped state.
To correctly interpret this log entry and distinguish intent from outcome, the examiner must understand what the recorded event represents. What does Event ID 7035 indicate in this context?

• A.A Windows service successfully transitioned to a started or stopped state
• B.A remote-access connection recorded in the Application log
• C.A control request was sent to a service to start or stop
• D.A custom application event written by logevent.exe

During an insider-leak investigation at a law firm, analysts perform targeted data acquisition using Python to extract authorship-related properties from a collection of finalized contract documents preserved for legal review. The examiner needs to retrieve attributes such as document title, creator information, subject fields, and embedded keywords without modifying the files. Which Python script should be used to extract this information from the document set?

• A.Metadata_Word.py
• B.Metadata_Powerpoint.py
• C.metadata_pdf.py
• D.Metadata_Excel.py