[Virtual] EC0-349 EC-Council practice exam 1-10 (Dec 2016)

Want to know Pass4sure EC0-349 Exam practice test features? Want to lear more about EC-Council Computer Hacking Forensic Investigator certification experience? Study Top Quality EC-Council EC0-349 answers to Up to the immediate present EC0-349 questions at Pass4sure. Gat a success with an absolute guarantee to pass EC-Council EC0-349 (Computer Hacking Forensic Investigator) test on your first attempt.

2016 Dec EC0-349 pdf exam

Q1. Printing under a windows computer normally requires which one of the following files types to be created? 

A. EME 

B. CME 

C. MEM 

D. EMF 

Answer:


Q2. What should you do when approached by a reporter about a case that you are working on or have worked on? 

A. refer the reporter to the attorney that retained you 

B. answer only the questions that help your case 

C. answer all the reporters questions as completely as possible 

D. say, "no comment" 

Answer:


Q3. When examining a hard disk without a write-blocker, you should not start Windows because Windows will write data to the: 

A. Case files 

B. Recycle Bin 

C. BIOS 

D. MSDOS.SYS 

Answer:


Q4. This is the original file structure database that Microsoft originally designed for floppy disks. It is written to the outermost track of a disk and contains information about each file stored on the drive. 

A. Disk Operating System (DOS) 

B. Master File Table (MFT) 

C. Master Boot Record (MBR) 

D. File Allocation Table (FAT) 

Answer:


Q5. An "idle" system is also referred to as what? 

A. PC not connected to the Internet 

B. Zombie 

C. PC not being used 

D. Bot 

Answer:


Refresh EC0-349 exam cram:

Q6. In a virtual test environment, Michael is testing the strength and security of BGP using multiple routers to mimic the backbone of the Internet. This project will help him write his doctoral thesis on "bringing down the Internet". Without sniffing the traffic between the routers, Michael sends millions of RESET packets to the routers in an attempt to shut one or all of them down. After a few hours, one of the routers finally shuts itself down. What will the other routers communicate between themselves? 

A. The change in the routing fabric to bypass the affected router 

B. More RESET packets to the affected router to get it to power back up 

C. RESTART packets to the affected router to get it to power back up 

D. STOP packets to all other routers warning of where the attack originated 

Answer:


Q7. You should make at least how many bit-stream copies of a suspect drive? 

A. 3 

B. 2 

C. 1 

D. 4 

Answer:


Q8. What does mactime, an essential part of the coroner's toolkit do? 

A. It traverses the file system and produces a listing of all files based on the modification, access and change timestamps 

B. It is a tool specific to the MAC OS and forms a core component of the toolkit 

C. The toolsscans for i-node information, which is used by other tools in the tool kit 

D. It can recover deleted file space and search it for data. However, it does not allow the investigator to preview them 

Answer:


Q9. What binary coding is used most often for e-mail purposes? 

A. SMTP 

B. IMAP 

C. Uuencode 

D. MIME 

Answer:


Q10. During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore you report this evidence. This type of evidence is known as: 

A. Exculpatory evidence 

B. Terrible evidence 

C. Inculpatory evidence 

D. Mandatory evidence 

Answer:



see more EC0-349 dumps