This page was exported from Easily Pass By Training Lead2pass Latest Dumps
[ https://www.freebraindump.com ] Export date: Thu Mar 28 10:37:57 2024 / +0000 GMT |
Free Download Lastest Pass4sure EC-Council CHFI EC0-349 Exam QuestionsComputer Hacking Forensic Investigator: EC0-349 Exam EC0-349 Questions & Answers Exam Code: EC0-349 Exam Name: Computer Hacking Forensic Investigator Q & A: 309 Q&As QUESTION 1 Which forensic investigating concept trails the whole incident from how the attack began to how the victim was affected? A. Point-to-point B. End-to-end C. Thorough D. Complete event analysis Answer: B QUESTION 2 What is the slave device connected to the secondary IDE controller on a Linux OS referred to? A. hda B. hdd C. hdb D. hdc Answer: B QUESTION 3 You have used a newly released forensic investigation tool, which doesnt meet the Daubert Test, during a case. The case has ended-up in court. What argument could the defense make to weaken your case? A. Only the local law enforcement should use the tool B. You are not certified for using the tool C. The toolhasnt been tested by the International Standards Organization (ISO) D. The tool has not been reviewed and accepted by your peers Answer: D QUESTION 4 What type of attack sends SYN requests to a target system with spoofed IP addresses? A. SYN flood B. Ping of death C. Cross site scripting D. Land Answer: A QUESTION 5 If you plan to startup a suspect's computer, you must modify the ___________ to ensure that you do not contaminate or alter data on the suspect's hard drive by booting to the hard drive. A. Scandisk utility B. deltree command C. CMOS D. Boot.sys Answer: C QUESTION 6 Why would an investigator use Visual TimeAnalyzer when investigating a computer used by numerous users? A. To see if the Kerberos ticket time is in sync with the rest of the domain B. To see if any of the users changed the system time on the computer C. To see how long each user utilized different programs D. To see if any of the users were able to change their local permission Answer: C QUESTION 7 You are working as an independent computer forensics investigator and receive a call from a systems administrator for a local school system requesting your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer Lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a simple backup copy of the hard drive in the PC and put it on this drive and requests that you examine the drive for evidence of the suspected images. You inform him that a simple backup copy will not provide deleted files or recover file fragments. What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceedings? A. incremental backup copy B. bit-stream copy C. robust copy D. full backup copy Answer: B QUESTION 8 The offset in a hexadecimal code is: A. The 0x at the beginning of the code B. The 0x at the end of the code C. The first byte after the colon D. The last byte after the colon Answer: A QUESTION 9 What does mactime, an essential part of the coroner's toolkit do? A. It is a tool specific to the MAC OS and forms a core component of the toolkit B. It traverses the file system and produces a listing of all files based on the modification, access and change timestamps C. The toolsscans for i-node information, which is used by other tools in the tool kit D. It can recover deleted file space and search it for data. However, it does not allow the investigator to preview them Answer: B QUESTION 10 What type of attack sends spoofed UDP packets (instead of ping packets) with a fake source address to the IP broadcast address of a large network? A. Fraggle B. Smurf scan C. SYN flood D. Teardrop Answer: A QUESTION 11 What file on an iPod stores the computer names and usernames used to connect to an iPod? A. StoredInfo B. UserInfo C. iPodInfo D. DeviceInfo Answer: D QUESTION 12 E-mail logs contain which of the following information to help you in your investigation? A. attachments sent with the e-mail message B. contents of the e-mail message C. user account that was used to send the message D. unique message identifier E. date and time the message was sent Answer: ABCE …go to http://www.lead2pass.com/ec0-349.html to download the full version Q&As. |
Post date: 2013-08-16 04:08:48 Post date GMT: 2013-08-16 04:08:48 Post modified date: 2014-05-28 00:45:59 Post modified date GMT: 2014-05-28 00:45:59 |
Powered by [ Universal Post Manager ] plugin. HTML saving format developed by gVectors Team www.gVectors.com |