1. Home
  2. EC-COUNCIL
  3. EC0-349

EC-COUNCIL EC0-349 Online Practice Questions and Exam Preparation

EC0-349 Exam Details

  • Exam Code
    :EC0-349
  • Exam Name
    :Computer Hacking Forensic Investigator
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :325 Q&As
  • Last Updated
    :May 24, 2026

EC-COUNCIL EC0-349 Online Questions & Answers

  • Question 201:

    Jonathan is a network administrator who is currently testing the internal security of his network. He is attempting to hijack a session, using Ettercap, of a user connected to his Web server. Why will Jonathan not succeed?

    A. Only an HTTPS session can be hijacked
    B. HTTP protocol does not maintain session
    C. Only FTP traffic can be hijacked
    D. Only DNS traffic can be hijacked

  • Question 202:

    When is it appropriate to use computer forensics?

    A. If copyright and intellectual property theft/misuse has occurred
    B. If employees do not care for their boss management techniques
    C. If sales drop off for no apparent reason for an extended period of time
    D. If a financial institution is burglarized by robbers

  • Question 203:

    What will the following command accomplish in Linux? fdisk /dev/hda

    A. Partition the hard drive
    B. Format the hard drive
    C. Delete all files under the /dev/hda folder
    D. Fill the disk with zeros

  • Question 204:

    In what way do the procedures for dealing with evidence in a criminal case differ from the procedures for dealing with evidence in a civil case?

    A. evidence must be handled in the same way regardless of the type of case
    B. evidence procedures are not important unless you work for a law enforcement agency
    C. evidence in a criminal case must be secured more tightly than in a civil case
    D. evidence in a civil case must be secured more tightly than in a criminal case

  • Question 205:

    When examining the log files from a Windows IIS Web Server, how often is a new log file created?

    A. the same log is used at all times
    B. a new log file is created everyday
    C. a new log file is created each week
    D. a new log is created each time the Web Server is started

  • Question 206:

    A forensics investigator needs to copy data from a computer to some type of removable media so he can examine the information at another location. The problem is that the data is around 42GB in size. What type of removable media could the investigator use?

    A. Blu-Ray single-layer
    B. HD-DVD
    C. Blu-Ray dual-layer
    D. DVD-18

  • Question 207:

    Which legal document allows law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime?

    A. bench warrant
    B. wire tap
    C. subpoena
    D. search warrant

  • Question 208:

    When using Windows acquisitions tools to acquire digital evidence, it is important to use a well-tested hardware write-blocking device to:

    A. Automate Collection from image files
    B. Avoiding copying data from the boot partition
    C. Acquire data from host-protected area on a disk
    D. Prevent Contamination to the evidence drive

  • Question 209:

    Bob has been trying to penetrate a remote production system for the past two weeks. This time however, he is able to get into the system. He was able to use the System for a period of three weeks. However, law enforcement agencies were

    recoding his every activity and this was later presented as evidence.

    The organization had used a Virtual Environment to trap Bob. What is a Virtual Environment?

    A. A Honeypot that traps hackers
    B. A system Using Trojaned commands
    C. An environment set up after the user logs in
    D. An environment set up before a user logs in

  • Question 210:

    John is using Firewalk to test the security of his Cisco PIX firewall. He is also utilizing a sniffer located on a subnet that resides deep inside his network. After analyzing the sniffer log files, he does not see any of the traffic produced by Firewalk. Why is that?

    A. Firewalk cannot pass through Cisco firewalls
    B. Firewalk sets all packets with a TTL of zero
    C. Firewalk cannot be detected by network sniffers
    D. Firewalk sets all packets with a TTL of one

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your EC0-349 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.