Pass EC-COUNCIL EC0-349 Actual Free Exam Q&As Updated Dump Oct 16, 2024
Latest EC0-349 Actual Free Exam Updated 490 Questions
Ending Notes
A career in computer forensics means a career is a hot domain that will endow the specialist with better market penetration and stability. To make this happen, we suggest you put effort into the EC-Council EC0-349 exam. While this test is your target, bank upon Amazon to access quality books for your preparation. When clubbed with dedication, these study resources will do wonders to your mastery over all exam topics.
NEW QUESTION # 172
If you come across a sheepdip machine at your client site, what would you infer?
- A. A sheepdip computer defers a denial of service attack
- B. A sheepdip computer is used only for virus-checking.
- C. A sheepdip coordinates several honeypots
- D. A sheepdip computer is another name for a honeypot
Answer: B
NEW QUESTION # 173
Which of the following steganography types hides the secret message in a specifically designed pattern on the document that is unclear to the average reader?
- A. Open code steganography
- B. Text semagrams steganography
- C. Technical steganography
- D. Visual semagrams steganography
Answer: A
NEW QUESTION # 174
Task list command displays a list of applications and services with their Process ID (PID) for all tasks running on either a local or a remote computer. Which of the following task list commands provides information about the listed processes, including the image name, PID, name, and number of the session for the process?
- A. tasklist/s
- B. tasklist/p
- C. tasklist/V
- D. tasklist/u
Answer: C
NEW QUESTION # 175
Microsoft Security IDs are available in Windows Registry Editor. The path to locate IDs in Windows 7 is:
- A. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule
- B. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion \ProfileList
- C. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentsVersion \setup
- D. HKEY_LOCAL_MACHlNE\SOFTWARE\Microsoft\Windows NT\CurrentVersion \NetworkList
Answer: B
NEW QUESTION # 176
In conducting a computer abuse investigation you become aware that the suspect of the investigation is using ABC Company as his Internet Service Provider (ISP). You contact ISP and request that they provide you assistance with your investigation. What assistance can the ISP provide?
- A. ISP's never maintain log files so they would be of no use to your investigation
- B. The ISP can't conduct any type of investigations on anyone and therefore can't assist you
- C. The ISP can investigate computer abuse committed by their employees, but must preserve the privacy of their customers and therefore cannot assist you without a warrant
- D. The ISP can investigate anyone using their service and can provide you with assistance
Answer: C
NEW QUESTION # 177
What file structure database would you expect to find on floppy disks?
- A. FAT12
- B. FAT16
- C. FAT32
- D. NTFS
Answer: A
Explanation:
Explanation: NTFS is not designed for removable media, although used on some removable media that is very large, never for floppy disks. FAT32 has a minimum space requirement which is larger than floppy disks FAT16 would seem like a logical choice, but is not usually used on floppies FAT12 would be on floppy disks, and probably not seen on anything else. Since floppy disk media is small in size (less than 2 MB), a FAT12 file system has lower overhead and is more efficient.
NEW QUESTION # 178
The newer Macintosh Operating System (MacOS X) is based on:
- A. BSD Unix
- B. OS/2
- C. Linux
- D. Microsoft Windows
Answer: A
NEW QUESTION # 179
What does the superblock in Linux define?
- A. filesynames
- B. location of the firstinode
- C. diskgeometr
- D. available space
Answer: B
NEW QUESTION # 180
Which of the following is the certifying body of forensics labs that investigate criminal cases by analyzing evidence?
- A. The American Society of Crime Laboratory Directors (ASCLD)
- B. The American Forensics Laboratory for Computer Forensics (AFLCF)
- C. The American Forensics Laboratory Society (AFLS)
- D. International Society of Forensics Laboratory (ISFL)
Answer: A
NEW QUESTION # 181
On Linux/Unix based Web servers, what privilege should the daemon service be run under?
- A. Root
- B. You cannot determine what privilege runs the daemon service
- C. Something other than root
- D. Guest
Answer: C
NEW QUESTION # 182
Using Internet logging software to investigate a case of malicious use of computers, the investigator comes across some entries that appear odd.
From the log, the investigator can see where the person in question went on the Internet.
From the log, it appears that the user was manually typing in different user ID numbers.
What technique this user was trying?
- A. Cookie Poisoning
- B. SQL injection
- C. Cross site scripting
- D. Parameter tampering
Answer: D
NEW QUESTION # 183
You should make at least how many bit-stream copies of a suspect drive?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: A
NEW QUESTION # 184
You are working as an independent computer forensics investigator and receive a call from a systems administrator for a local school system requesting your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a simple backup copy of the hard drive in the PC and put it on this drive and requests that you examine that drive for evidence of the suspected images. You inform him that a simple backup copy will not provide deleted files or recover file fragments.
What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceedings?
- A. Bit-stream Copy
- B. Robust Copy
- C. Incremental Backup Copy
- D. Full backup Copy
Answer: A
NEW QUESTION # 185
What hashing method is used to password protect Blackberry devices?
- A. RC5
- B. MD5
- C. AES
- D. SHA-1
Answer: D
NEW QUESTION # 186
The rule of thumb when shutting down a system is to pull the power plug. However, it has certain drawbacks.
Which of the following would that be?
- A. All running processes will be lost
- B. The /tmp directory will be flushed
- C. Any data not yet flushed to the system will be lost
- D. Power interruption will corrupt the pagefile
Answer: C
NEW QUESTION # 187
Kimberly is studying to be an IT security analyst at a vocational school in her town. The school offers many different programming as well as networking languages. What networking protocol language should she learn that routers utilize?
- A. UDP
- B. OSPF
- C. ATM
- D. BPG
Answer: B
NEW QUESTION # 188
Which of the following is not a part of the technical specification of the laboratory-based imaging system?
- A. Anti-repudiation techniques
- B. Remote preview and imaging pod
- C. High performance workstation PC
- D. very low image capture rate
Answer: D
NEW QUESTION # 189
......
Certificate Eligibility
The EC-Council CHFI designation is not for industry beginners. It is for those who have already investigated computer forensics and are aware of how things work in this domain. As per the official website, it is wise if the candidate has two years of hands-on experience and has worked in the InfoSec domain before aiming at EC0-349 exam. What is more, this test goes through an application process and is subjected to the approval of this application. Those who lack work experience can compensate by attending an official training course by the vendor. This class can be joined in multiple ways through the EC-Council Authorized Training Center.
Online Questions - Valid Practice EC0-349 Exam Dumps Test Questions: https://braindumps.getvalidtest.com/EC0-349-brain-dumps.html