Certbus > EC-COUNCIL > EC-COUNCIL Certifications > EC0-349 > EC0-349 Online Practice Questions and Answers

EC0-349 Online Practice Questions and Answers

Questions 4

Why are Linux/Unix based computers better to use than Windows computers for idle scanning?

A. Linux/Unix computers are easier to compromise

B. Linux/Unix computers are constantly talking

C. Windows computers are constantly talking

D. Windows computers will not respond to idle scans

Browse 304 Q&As
Questions 5

Software firewalls work at which layer of the OSI model?

A. Application

B. Network

C. Transport

D. Data Link

Browse 304 Q&As
Questions 6

If a PDA is seized in an investigation while the device is turned on, what would be the proper procedure?

A. Keep the device powered on

B. Turn off the device immediately

C. Remove the battery immediately

D. Remove any memory cards immediately

Browse 304 Q&As
Questions 7

What feature of Decryption Collection allows an investigator to crack a password as quickly as possible?

A. Cracks every password in 10 minutes

B. Distribute processing over 16 or fewer computers

C. Support for Encrypted File System

D. Support for MD5 hash verification

Browse 304 Q&As
Questions 8

On an Active Directory network using NTLM authentication, where on the domain controllers are the passwords stored?

A. SAM

B. AMS

C. Shadow file

D. Password.conf

Browse 304 Q&As
Questions 9

In handling computer-related incidents, which IT role should be responsible for recovery, containment, and prevention to constituents?

A. Security Administrator

B. Network Administrator

C. Director of Information Technology

D. Director of Administration

Browse 304 Q&As
Questions 10

Where is the startup configuration located on a router?

A. Static RAM

B. BootROM

C. NVRAM

D. Dynamic RAM

Browse 304 Q&As
Questions 11

When an investigator contacts by telephone the domain administrator or controller listed by a Who is lookup to request all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail records?

A. Title 18, Section 1030

B. Title 18, Section 2703(d)

C. Title 18, Section Chapter 90

D. Title 18, Section 2703(f)

Browse 304 Q&As
Questions 12

A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker. Given below is an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by studying the log. Please note that you are required to infer only what is explicit in the excerpt. (Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.) 03/15-20:21:24.107053 211.185.125.124:3500 -> 172.16.1.108:111 TCP TTL:43 TOS:0x0 ID:29726 IpLen:20 DgmLen:52 DF ***A**** Seq: 0x9B6338C5 Ack: 0x5820ADD0 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 23678634 2878772 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

03/15-20:21:24.452051 211.185.125.124:789 -> 172.16.1.103:111 UDP TTL:43 TOS:0x0 ID:29733 IpLen:20 DgmLen:84 Len: 64 01 0A 8A 0A 00 00 00 00 00 00 00 02 00 01 86 A0 ................ 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 01 86 B8 00 00 00 01 ................ 00 00 00 11 00 00 00 00 ........ =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= 03/15-20:21:24.730436 211.185.125.124:790 -> 172.16.1.103:32773 UDP TTL:43 TOS:0x0 ID:29781 IpLen:20 DgmLen:1104 Len: 1084 47 F7 9F 63 00 00 00 00 00 00 00 02 00 01 86 B8

A. The attacker has conducted a network sweep on port 111

B. The attacker has scanned and exploited the system using Buffer Overflow

C. The attacker has used a Trojan on port 32773

D. The attacker has installed a backdoor

Browse 304 Q&As
Questions 13

You are working for a local police department that services a population of 1,000,000 people and you have been given the task of building a computer forensics lab. How many law-enforcement computer investigators should you request to staff the lab?

A. 8

B. 1

C. 4

D. 2

Browse 304 Q&As
Questions 14

When obtaining a warrant, it is important to:

A. particularlydescribe the place to be searched and particularly describe the items to be seized

B. generallydescribe the place to be searched and particularly describe the items to be seized

C. generallydescribe the place to be searched and generally describe the items to be seized

D. particularlydescribe the place to be searched and generally describe the items to be seized

Browse 304 Q&As
Questions 15

You should make at least how many bit-stream copies of a suspect drive?

A. 1

B. 2

C. 3

D. 4

Browse 304 Q&As
Questions 16

When you carve an image, recovering the image depends on which of the following skills?

A. Recognizing the pattern of the header content

B. Recovering the image from a tape backup

C. Recognizing the pattern of a corrupt file

D. Recovering the image from the tape backup

Browse 304 Q&As
Questions 17

Printing under a Windows Computer normally requires which one of the following files types to be created?

A. EME

B. MEM

C. EMF

D. CME

Browse 304 Q&As
Questions 18

Microsoft Outlook maintains email messages in a proprietary format in what type of file?

A. .email

B. .mail

C. .pst

D. .doc

Browse 304 Q&As
Exam Code: EC0-349
Exam Name: Computer Hacking Forensic Investigator
Last Update: Mar 19, 2025
Questions: 304 Q&As

PDF

$49.99

VCE

$55.99

PDF + VCE

$65.99