Updated EC-Council EC0-349 - An Overview 141 to 150

It is more faster and easier to pass the EC-Council EC0-349 exam by using Highest Quality EC-Council Computer Hacking Forensic Investigator questuins and answers. Immediate access to the Most up-to-date EC0-349 Exam and find the same core area EC0-349 questions with professionally verified answers, then PASS your exam with a high score now.

2017 Feb EC0-349 study guide

Q141. When you carve an image, recovering the image depends on which of the following skills? 

A. recovering the image from a tape backup 

B. recognizing the pattern of the header content 

C. recognizing the pattern of a corrupt file 

D. recognizing the pattern of the data content 

Answer:


Q142. You have been asked to investigate after a user has reported a threatening e-mail theyve received from an external source. Which of the following are you most interested in when trying to trace the source of the message? 

A. The E-mail Header 

B. The X509 address 

C. The Host Domain Name 

D. The SMTP reply address 

Answer:


Q143. How many possible sequence number combinations are there in TCP/IP protocol? 

A. 1 billion 

B. 320 billion 

C. 4 billion 

D. 32 million 

Answer:


Q144. E-mail logs contain which of the following information to help you in your investigation? 

A. user account that was used to send the message 

B. date and time the message was sent 

C. contents of the e-mail message 

D. unique message identifier 

E. attachments sent with the e-mail message 

Answer: A,B,C,E 


Q145. After normal working hours, you initiate a DoS attack against your external firewall. The firewall Quickly freezes up and becomes unusable. You then initiate an FTP connection from an external IP into your internal network. The connection is successful even though you have FTP blocked at the external firewall. What has happened? 

A. The firewall failed-bypass 

B. The firewall failed-closed 

C. The firewall ACL has been purged 

D. The firewall failed-open 

Answer:


Most up-to-date EC0-349 test:

Q146. The use of warning banners helps a company avoid litigation by overcoming an employees assumed when connecting to the companys intranet, network, or virtual private network (VPN) and will allow the companys investigators to monitor, search, and retrieve information stored within the network. 

A. right of free speech 

B. right to Internet access 

C. right of privacy 

D. right to work 

Answer:


Q147. What happens when a file is deleted by a Microsoft operating system using the FAT file system? 

A. a copy of the file is stored and the original file is erased 

B. the file is erased and cannot be recovered 

C. only the reference to the file is removed from the FAT 

D. the file is erased but can be recovered 

Answer:


Q148. Which of the following should a computer forensics investigations lab have? 

A. isolation 

B. restricted access 

C. open access 

D. an entry log 

Answer:


Q149. In the context of file deletion process, which of the following statement holds true? 

A. The longer a disk is inuse, the less likely it is that deleted files will be overwritten 

B. Secure delete programs work by completely overwriting the file in one go 

C. When files are deleted, the data is overwritten and the cluster marked as available 

D. While booting, the machine may create temporary files that can delete evidence 

Answer:


Q150. The use of warning banners helps a company avoid litigation by overcoming an employees assumed when connecting to the companys intranet, network, or virtual private network (VPN) and will allow the companys investigators to monitor, search, and retrieve information stored within the network. 

A. right to Internet access 

B. right of privacy 

C. right to work 

D. right of free speech 

Answer:



see more EC0-349 dumps