Top Tips Of EC0-349 tutorials

Exambible provides your examinees with the free downloadable EC0-349 exam questions. You can require a quiz to look at the questions along with answers quality regarding ourEC-Council EC-Council training materials before a person purchase the idea. It is additionally helpful to suit your needs to seek out your EC-Council exam weakness, you then should operate harder on this kind of in your after study. Each of the EC-Council certification study products can be available at Exambible website. You can download them pertaining to free in accordance with your personal wants.

2016 Dec EC0-349 dumps

Q151. You are called in to assist the police in an investigation involving a suspected drug dealer. The suspects house was searched by the police after a warrant was obtained and they located a floppy disk in the suspects bedroom. The disk contains several files, but they appear to be password protected. What are two common methods used by password cracking software that you can use to obtain the password? 

A. maximum force and thesaurus attack 

B. minimum force and appendix attack 

C. brute force and dictionary attack 

D. limited force and library attack 

Answer:


Q152. 30 TB storage area networks that store customer data. What method would be most efficient for you to acquire digital evidence from this network? 

A. make a bit-stream disk-to-disk file 

B. make a bit-stream disk-to-image file 

C. create a compressed copy of the file with DoubleSpace 

D. create a sparse data copy of a folder or file 

Answer:


Q153. When conducting computer forensic analysis, you must guard against   so that you remain focused on the primary job and insure that the level of work does not increase beyond what was originally expected. 

A. hard drive failure 

B. scope creep 

C. unauthorized expenses 

D. overzealous marketing 

Answer:


Q154. What should you do when approached by a reporter about a case that you are working on or have worked on? 

A. refer the reporter to the attorney that retained you 

B. answer only the questions that help your case 

C. say, "no comment" 

D. answer all the reporters questions as completely as possible 

Answer:


Q155. Which of following refers to the data that might still exist in a cluster even though the original file 

A. Sector 

B. Slack Space 

C. MFT 

D. Metadata 

Answer:


Renew EC0-349 sample question:

Q156. You have used a newly released forensic investigation tool, which doesn't meet the Daubert Test, during a case. The case has ended-up in court. What argument could the defense make to weaken your case? 

A. You are not certified for using the tool 

B. The tool has not been reviewed and accepted by your peers 

C. Only the local law enforcement should use the tool 

D. The tool hasn't been tested by the International Standards Organization (ISO) 

Answer:


Q157. You are working in the Security Department of a law firm. One of the attorneys asks you about the topic of sending fake email because he has a client who has been charged with doing just that. His client alleges that he is innocent and that there is no way for a fake email to actually be sent. You inform the attorney that his client is mistaken and that fake email is a possibility and that you can prove it. You return to your desk and craft a fake email to the attorney that appears to come from his boss. What port do you send the email to on the companys SMTP server? 

A. 25 

B. 10 

C. 135 

D. 110 

Answer:


Q158. When monitoring for both intrusion and security events between multiple computers, it is essential that the computers' clocks are synchronized. Synchronized time allows an administrator to reconstruct what took place during an attack against multiple computers. Without synchronized time, it is very difficult to determine exactly when specific events took place, and how events interlace. What is the name of the service used to synchronize time among multiple computers? 

A. Universal Time Set 

B. Network Time Protocol 

C. Time-Sync Protocol 

D. SyncTime Service 

Answer:


Q159. Why should you note all cable connections for a computer you want to seize as evidence? 

A. to know what cable connections existed 

B. to know what hardware existed 

C. to prepare for shutting down the computer 

D. to document the evidence 

Answer:


Q160. When investigating a Windows system, it is important to view the contents of the "page" or "swap" file because: 

A. Windows stores all of the systems configuration information in this file 

B. this is the file that Windows uses to store the history of the last 100 commands that were run from the command line 

C. a large volume of data can exist within the swap file of which the computer user has no knowledge 

D. this is the file that Windows uses to communicate directly with the Registry 

Answer:



see more EC0-349 dumps