EC-COUNCIL EC1-349 Online Practice Questions and Exam Preparation

EC-COUNCIL EC1-349 Online Questions & Answers

• Question 121:

  An employee is attempting to wipe out data stored on a couple of compact discs (CDs) and digital video discs (DVDs) by using a large magnet. You inform him that this method will not be effective in wiping out the data because CDs and DVDs are _________ media used to store large amounts of data and are not affected by the magnet.

  A. Magnetic
  B. Optical
  C. Anti-Magnetic
  D. Logical
  B. Optical

• Question 122:

  During an investigation, an employee was found to have deleted harassing emails that were sent to someone else. The company was using Microsoft Exchange and had message tracking enabled. Where could the investigator search to find the message tracking log file on the Exchange server?

  A. C:\Program Files\Exchsrvr\servername.log
  B. D:\Exchsrvr\Message Tracking\servername.log
  C. C:\Exchsrvr\Message Tracking\servername.log
  D. C:\Program Files\Microsoft Exchange\srvr\servername.log
  A. C:\Program Files\Exchsrvr\servername.log

• Question 123:

  Jones had been trying to penetrate a remote production system for the past two weeks. This time however, he is able to get into the system. He was able to use the system for a period of three weeks. However law enforcement agencies were recording his every activity and this was later presented as evidence. The organization had used a virtual environment to trap Jones. What is a virtual environment?

  A. A system using Trojaned commands
  B. A honeypot that traps hackers
  C. An environment set up after the user logs in
  D. An environment set up before an user logs in
  B. A honeypot that traps hackers

• Question 124:

  Which of the following email headers specifies an address for mailer-generated errors, like "no such user" bounce messages, to go to (instead of the sender's address)?

  A. Errors-To header
  B. Content-Transfer-Encoding header
  C. Mime-Version header
  D. Content-Type header
  A. Errors-To header

• Question 125:

  During first responder procedure you should follow all laws while collecting the evidence, and contact a computer forensic examiner as soon as possible

  A. True
  B. False
  A. True

• Question 126:

  What layer of the OSI model do TCP and UDP utilize?

  A. Data Link
  B. Network
  C. Transport
  D. Session
  C. Transport

• Question 127:

  In the following directory listing,

  

  which file should be used to restore archived email messages for someone using Microsoft Outlook?

  A. Outlook bak
  B. Outlook ost
  C. Outlook NK2
  D. Outlook pst
  D. Outlook pst

• Question 128:

  If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?

  A. The system has been compromised using a t0rnrootkit
  B. The system administrator has created an incremental backup
  C. The system files have been copied by a remote attacker
  D. Nothing in particular as these can be operational files
  D. Nothing in particular as these can be operational files

• Question 129:

  When searching through file headers for picture file formats, what should be searched to find a JPEG file in hexadecimal format?

  A. FF D8 FF E0 00 10
  B. FF FF FF FF FF FF
  C. FF 00 FF 00 FF 00
  D. EF 00 EF 00 EF 00
  A. FF D8 FF E0 00 10

• Question 130:

  Software firewalls work at which layer of the OSI model?

  A. Transport
  B. Application
  C. Data Link
  D. Network
  C. Data Link