1. Home
  2. EC-COUNCIL
  3. EC0-349

EC-COUNCIL EC0-349 Online Practice Questions and Exam Preparation

EC0-349 Exam Details

  • Exam Code
    :EC0-349
  • Exam Name
    :Computer Hacking Forensic Investigator
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :325 Q&As
  • Last Updated
    :May 24, 2026

EC-COUNCIL EC0-349 Online Questions & Answers

  • Question 151:

    You are the network administrator for a small bank in Dallas, Texas. To ensure network security, you enact a security policy that requires all users to have 14 character passwords. After giving your users 2 weeks notice, you change the Group Policy to force 14 character passwords. A week later you dump the SAM database from the standalone server and run a password-cracking tool against it. Over 99% of the passwords are broken within an hour. Why were these passwords cracked so Quickly?

    A. Passwords of 14 characters or less are broken up into two 7-character hashes
    B. A password Group Policy change takes at least 3 weeks to completely replicate throughout a network
    C. Networks using Active Directory never use SAM databases so the SAM database pulled was empty
    D. The passwords that were cracked are local accounts on the Domain Controller

  • Question 152:

    Lance wants to place a honeypot on his network. Which of the following would be your recommendations?

    A. Use a system that has a dynamic addressing on the network
    B. Use a system that is not directly interacting with the router
    C. Use it on a system in an external DMZ in front of the firewall
    D. It doesn't matter as all replies are faked

  • Question 153:

    The following is a log file screenshot from a default installation of IIS 6. 0.

    What time standard is used by IIS as seen in the screenshot?

    A. UTC
    B. GMT
    C. TAI
    D. UT

  • Question 154:

    You are working as an independent computer forensics investigator and receive a call from a systems administrator for a local school system requesting your assistance. One of the students at the local high school is suspected of

    downloading inappropriate images from the Internet to a PC in the Computer lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a simple backup copy of the hard drive in the PC

    and put it on this drive and requests that you examine that drive for evidence of the suspected images. You inform him that a simple backup copy will not provide deleted files or recover file fragments.

    What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceedings?

    A. Bit-stream Copy
    B. Robust Copy
    C. Full backup Copy
    D. Incremental Backup Copy

  • Question 155:

    When examining a file with a Hex Editor, what space does the file header occupy?

    A. the last several bytes of the file
    B. the first several bytes of the file
    C. none, file headers are contained in the FAT
    D. one byte at the beginning of the file

  • Question 156:

    John and Hillary works at the same department in the company. John wants to find out Hillary's network password so he can take a look at her documents on the file server. He enables Lophtcrack program to sniffing mode. John sends Hillary an email with a link to Error! Reference source not found. What information will he be able to gather from this?

    A. Hillary network username and password hash
    B. The SID of Hillary network account
    C. The SAM file from Hillary computer
    D. The network shares that Hillary has permissions

  • Question 157:

    You are working for a local police department that services a population of 1,000,000 people and you have been given the task of building a computer forensics lab. How many law-enforcement computer investigators should you request to staff the lab?

    A. 8
    B. 1
    C. 4
    D. 2

  • Question 158:

    What feature of Windows is the following command trying to utilize?

    A. White space
    B. AFS
    C. ADS
    D. Slack file

  • Question 159:

    Daryl, a computer forensics investigator, has just arrived at the house of an alleged computer hacker. Daryl takes pictures and tags all computer and peripheral equipment found in the house. Daryl packs all the items found in his van and takes them back to his lab for further examination. At his lab, Michael his assistant helps him with the investigation. Since Michael is still in training, Daryl supervises all of his work very carefully. Michael is not quite sure about the procedures to copy all the data off the computer and peripheral devices. How many data acquisition tools should Michael use when creating copies of the evidence for the investigation?

    A. Two
    B. One
    C. Three
    D. Four

  • Question 160:

    Why would you need to find out the gateway of a device when investigating a wireless attack?

    A. The gateway will be the IP of the proxy server used by the attacker to launch the attack
    B. The gateway will be the IP of the attacker computer
    C. The gateway will be the IP used to manage the RADIUS server
    D. The gateway will be the IP used to manage the access point

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your EC0-349 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.