Exam Code: EC0-349 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Computer Hacking Forensic Investigator
Certification Provider: EC-Council
Free Today! Guaranteed Training- Pass EC0-349 Exam.
2017 Jan EC0-349 practice exam
Q101. During the course of a corporate investigation, you find that an employee is committing a crime. Can the employer file a criminal complain with the police?
A. no, because the investigation was conducted without following standard police procedures
B. no, because the investigation was conducted without a warrant
C. yes, but only if you turn the evidence over to a federal law enforcement agency
D. yes, and all evidence can be turned over to the police
Q102. What does mactime, an essential part of the coroner's toolkit do?
A. It is a tool specific to the MAC OS and forms a core component of the toolkit
B. It traverses the file system and produces a listing of all files based on the modification, access and change timestamps
C. The toolsscans for i-node information, which is used by other tools in the tool kit
D. It can recover deleted file space and search it for data. However, it does not allow the investigator to preview them
Q103. Microsoft Outlook maintains email messages in a proprietary format in what type of file?
38. You are employed directly by an attorney to help investigate an alleged sexual harassment case at a large pharmaceutical manufacturer. While at the corporate office of the company, the CEO demands to know the status of the investigation. What prevents you from discussing the case with the CEO?
A. Trade secrets
B. the attorney-work-product rule
C. ISO 17799
D. Good manners
Q104. How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?
Q105. Office documents (Word, Excel, PowerPoint) contain a code that allows tracking the MAC, or unique identifier, of the machine that created the document. What is that code called?
A. Microsoft Virtual Machine Identifier
B. Globally Unique ID
C. Personal Application Protocol
D. Individual ASCII String
Abreast of the times EC0-349 dumps:
Q106. Profiling is a forensics technique for analyzing evidence with the goal of identifying the perpetrator from their pervious activity. After a computer has been compromised by a hacker, which of the following would be most important in forming a profile of the incident?
A. The nature of the attack
B. The vulnerability exploited in the incident
C. The manufacture of the system compromised
D. The logic, formatting and elegance of the code used in the attack
Q107. a large pharmaceutical manufacturer. While at the corporate office of the company, the CEO demands to know the status of the investigation. What prevents you from discussing the case with
A. the attorney-work-product rule
B. Good manners
C. ISO 17799
D. Trade secrets
Q108. You are the network administrator for a small bank in Dallas, Texas. To ensure network security, you enact a security policy that reQuires all users to have 14 character passwords. After giving your users 2 weeks notice, you change the Group Policy to force 14 character passwords. A week later you dump the SAM database from the standalone server and run a password-cracking tool
"Pass Any Exam. Any Time." -www.itexamworld.com 100 against it. Over 99% of the passwords are broken within an hour. Why were these passwords cracked so Quickly?
A. Passwords of 14 characters or less are broken up into two 7-character hashes
B. A password Group Policy change takes at least 3 weeks to completely replicate throughout a network
C. Networks using Active Directory never use SAM databases so the SAM database pulled was empty
D. The passwords that were cracked are local accounts on the Domain Controller
Q109. Terri works for a security consulting firm that is currently performing a penetration test on First National Bank in Tokyo. Terri's duties include bypassing firewalls and switches to gain access to the network. Terri sends an IP packet to one of the company's switches with ACK bit and the source address of her machine set. What is Terri trying to accomplish by sending this IP packet?
A. Trick the switch into thinking it already has a session with Terri's computer
B. Poison the switch's MAC address table by flooding it with ACK bits
C. Crash the switch with aDoS attack since switches cannot send ACK bits
D. Enable tunneling feature on the switch
Q110. A state department site was recently attacked and all the servers had their hard disks erased. The incident response team sealed the area and commenced investigation. During evidence collection, they came across a zip disk that did not have the standard labeling on it. The incident team ran the disk on an isolated system and found that the system disk was accidentally erased. They decided to call in the FBI for further investigation. Meanwhile, they short listed possible suspects including three summer interns. Where did the incident team go wrong?
A. They examined the actual evidence on an unrelated system
B. They tampered with the evidence by using it
C. They attempted to implicate personnel without proof
D. They called in the FBI without correlating with the fingerprint data
see more EC0-349 dumps