1. Home
  2. EC-COUNCIL
  3. EC0-349

EC-COUNCIL EC0-349 Online Practice Questions and Exam Preparation

EC0-349 Exam Details

  • Exam Code
    :EC0-349
  • Exam Name
    :Computer Hacking Forensic Investigator
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :325 Q&As
  • Last Updated
    :May 24, 2026

EC-COUNCIL EC0-349 Online Questions & Answers

  • Question 161:

    Bill is the accounting manager for Grummon and Sons LLC in Chicago. On a regular basis, he needs to send PDF documents containing sensitive information through E-mail to his customers.

    Bill protects the PDF documents with a password and sends them to their intended recipients.

    Why PDF passwords do not offer maximum protection?

    A. PDF passwords can easily be cracked by software brute force tools
    B. PDF passwords are converted to clear text when sent through E-mail
    C. PDF passwords are not considered safe by Sarbanes-Oxley
    D. When sent through E-mail, PDF passwords are stripped from the document completely

  • Question 162:

    If an attacker's computer sends an IPID of 31400 to a zombie computer on an open port in IDLE scanning, what will be the response?

    A. The zombie will not send a response
    B. 31402
    C. 31399
    D. 31401

  • Question 163:

    The efforts to obtain information before a trail by demanding documents, depositions, questioned and answers written under oath, written requests for admissions of fact and examination of the scene is a description of what legal term?

    A. Detection
    B. Hearsay
    C. Spoliation
    D. Discovery

  • Question 164:

    Why is it a good idea to perform a penetration test from the inside?

    A. It is never a good idea to perform a penetration test from the inside
    B. Because 70% of attacks are from inside the organization
    C. To attack a network from a hacker's perspective
    D. It is easier to hack from the inside

  • Question 165:

    With the standard Linux second extended file system (Ext2fs), a file is deleted when the inode internal link count reaches ________.

    B. 10
    C. 100
    D. 1

  • Question 166:

    Item 2If you come across a sheepdip machine at your client site, what would you infer?

    A. A sheepdip coordinates several honeypots
    B. A sheepdip computer is another name for a honeypot
    C. A sheepdip computer is used only for virus-checking.
    D. A sheepdip computer defers a denial of service attack

  • Question 167:

    During an investigation, an employee was found to have deleted harassing emails that were sent to someone else. The company was using Microsoft Exchange and had message tracking enabled. Where could the investigator search to find the message tracking log file on the Exchange server?

    A. C:\Program Files\Exchsrvr\servername.log
    B. D:\Exchsrvr\Message Tracking\servername.log
    C. C:\Exchsrvr\Message Tracking\servername.log
    D. C:\Program Files\Microsoft Exchange\srvr\servername.log

  • Question 168:

    What encryption technology is used on Blackberry devices Password Keeper?

    A. 3DES
    B. AES
    C. Blowfish
    D. RC5

  • Question 169:

    What technique is used by JPEGs for compression?

    A. ZIP
    B. TCD
    C. DCT
    D. TIFF-8

  • Question 170:

    After undergoing an external IT audit, George realizes his network is vulnerable to DDoS attacks. What countermeasures could he take to prevent DDoS attacks?

    A. Enable direct broadcasts
    B. Disable direct broadcasts
    C. Disable BGP
    D. Enable BGP

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your EC0-349 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.