EC-COUNCIL EC1-349 Online Practice Questions and Exam Preparation

EC-COUNCIL EC1-349 Online Questions & Answers

• Question 91:

  To check for POP3 traffic using Ethereal, what port should an investigator search by?

  A. 143
  B. 25
  C. 110
  D. 125
  C. 110

• Question 92:

  In the following email header, where did the email first originate from?

  

  A. Somedomain.com
  B. Smtp1.somedomain.com
  C. Simon1.state.ok.gov.us
  D. David1.state.ok.gov.us
  C. Simon1.state.ok.gov.us

• Question 93:

  Wi-Fi Protected Access (WPA) is a data encryption method for WLANs based on 802.11 standards. Temporal Key Integrity Protocol (TKIP) enhances WEP by adding a rekeying mechanism to provide fresh encryption and integrity keys. Temporal keys are changed for every____________.

  A. 5,000 packets
  B. 10.000 packets
  C. 15,000 packets
  D. 20.000 packets
  B. 10.000 packets

• Question 94:

  Consistency in the investigative report is more important than the exact format in the report to eliminate uncertainty and confusion.

  A. True
  B. False
  A. True

• Question 95:

  An expert witness is a witness, who by virtue of education, profession, or experience, is believed to have special knowledge of his/her subject beyond that of the average person, sufficient that others legally depend upon his/her opinion.

  A. True
  B. False
  A. True

• Question 96:

  When a router receives an update for its routing table, what is the metric value change to that path?

  A. Increased by 2
  B. Decreased by 1
  C. Increased by 1
  D. Decreased by 2
  C. Increased by 1

• Question 97:

  Which program is the oot loader?when Windows XP starts up?Which program is the ?oot loader?when Windows XP starts up?

  A. KERNEL.EXE
  B. NTLDR
  C. LOADER
  D. LILO
  B. NTLDR

• Question 98:

  Jack Smith is a forensics investigator who works for Mason Computer Investigation Services. He is investigating a computer that was infected by Ramen Virus.

  

  He runs the netstat command on the machine to see its current connections. In the following screenshot, what do the 0.0.0.0 IP addresses signify?

  A. Those connections are established
  B. Those connections are in listening mode
  C. Those connections are in closed/waiting mode
  D. Those connections are in timed out/waiting mode
  B. Those connections are in listening mode

• Question 99:

  The police believe that Mevin Matthew has been obtaining unauthorized access to computers belonging to numerous computer software and computer operating systems manufacturers, cellular telephone manufacturers, Internet Service Providers, and educational institutions. They also suspect that he has been stealing, copying, and misappropriating proprietary computer software belonging to the several victim companies. What is preventing the police from breaking down the suspect door and searching his home and seizing all of his computer equipment if they haveis preventing the police from breaking down the suspect? door and searching his home and seizing all of his computer equipment if they have not yet obtained a warrant?

  A. The USA Patriot Act
  B. The Good Samaritan Laws
  C. The Federal Rules of Evidence
  D. The Fourth Amendment
  D. The Fourth Amendment

• Question 100:

  Injection flaws are web application vulnerabilities that allow untrusted data to be Interpreted and executed as part of a command or query. Attackers exploit injection flaws by constructing malicious commands or queries that result in data loss or corruption, lack of accountability, or denial of access. Which of the following injection flaws involves the injection of malicious code through a web application?

  A. SQL Injection
  B. Password brute force
  C. Nmap Scanning
  D. Footprinting
  A. SQL Injection