This page was exported from Easily Pass By Training Lead2pass Latest Dumps [ https://www.freebraindump.com ]
Export date: Thu Mar 28 10:37:57 2024 / +0000 GMT

Free Download Lastest Pass4sure EC-Council CHFI EC0-349 Exam Questions


Computer Hacking Forensic Investigator: EC0-349 Exam
EC0-349 Questions & Answers
Exam Code: EC0-349
Exam Name: Computer Hacking Forensic Investigator
Q & A: 309 Q&As

QUESTION 1
Which forensic investigating concept trails the whole incident from how the attack began to how
the victim was affected?
A. Point-to-point
B. End-to-end
C. Thorough
D. Complete event analysis
Answer: B



QUESTION 2
What is the slave device connected to the secondary IDE controller on a Linux OS referred to?
A. hda
B. hdd
C. hdb
D. hdc
Answer: B

QUESTION 3
You have used a newly released forensic investigation tool, which doesnt meet the Daubert Test,
during a case. The case has ended-up in court. What argument could the defense make to
weaken your case?
A. Only the local law enforcement should use the tool
B. You are not certified for using the tool
C. The toolhasnt been tested by the International Standards Organization (ISO)
D. The tool has not been reviewed and accepted by your peers
Answer: D

QUESTION 4
What type of attack sends SYN requests to a target system with spoofed IP addresses?
A. SYN flood
B. Ping of death
C. Cross site scripting
D. Land
Answer: A

QUESTION 5
If you plan to startup a suspect's computer, you must modify the ___________ to ensure that you
do not contaminate or alter data on the suspect's hard drive by booting to the hard drive.
A. Scandisk utility
B. deltree command
C. CMOS
D. Boot.sys
Answer: C

QUESTION 6
Why would an investigator use Visual TimeAnalyzer when investigating a computer used by
numerous users?
A. To see if the Kerberos ticket time is in sync with the rest of the domain
B. To see if any of the users changed the system time on the computer
C. To see how long each user utilized different programs
D. To see if any of the users were able to change their local permission
Answer: C

QUESTION 7
You are working as an independent computer forensics investigator and receive a call from a
systems administrator for a local school system requesting your assistance. One of the students at
the local high school is suspected of downloading inappropriate images from the Internet to a PC
in the Computer Lab. When you arrive at the school, the systems administrator hands you a hard
drive and tells you that he made a simple backup copy of the hard drive in the PC and put it on this
drive and requests that you examine the drive for evidence of the suspected images. You inform
him that a simple backup copy will not provide deleted files or recover file fragments. What type of
copy do you need to make to ensure that the evidence found is complete and admissible in future
proceedings?
A. incremental backup copy
B. bit-stream copy
C. robust copy
D. full backup copy
Answer: B

QUESTION 8
The offset in a hexadecimal code is:
A. The 0x at the beginning of the code
B. The 0x at the end of the code
C. The first byte after the colon
D. The last byte after the colon
Answer: A

QUESTION 9
What does mactime, an essential part of the coroner's toolkit do?
A. It is a tool specific to the MAC OS and forms a core component of the toolkit
B. It traverses the file system and produces a listing of all files based on the modification, access and change timestamps
C. The toolsscans for i-node information, which is used by other tools in the tool kit
D. It can recover deleted file space and search it for data. However, it does not allow the
investigator to preview them
Answer: B

QUESTION 10
What type of attack sends spoofed UDP packets (instead of ping packets) with a fake source
address to the IP broadcast address of a large network?
A. Fraggle
B. Smurf scan
C. SYN flood
D. Teardrop
Answer: A

QUESTION 11
What file on an iPod stores the computer names and usernames used to connect to an iPod?
A. StoredInfo
B. UserInfo
C. iPodInfo
D. DeviceInfo
Answer: D

QUESTION 12
E-mail logs contain which of the following information to help you in your investigation?
A. attachments sent with the e-mail message
B. contents of the e-mail message
C. user account that was used to send the message
D. unique message identifier
E. date and time the message was sent
Answer: ABCE

…go to http://www.lead2pass.com/ec0-349.html to download the full version Q&As.
Post date: 2013-08-16 04:08:48
Post date GMT: 2013-08-16 04:08:48
Post modified date: 2014-05-28 00:45:59
Post modified date GMT: 2014-05-28 00:45:59
Powered by [ Universal Post Manager ] plugin. HTML saving format developed by gVectors Team www.gVectors.com