EC-COUNCIL EC1-349 Online Practice Questions and Exam Preparation

EC-COUNCIL EC1-349 Online Questions & Answers

• Question 131:

  Which one of the following statements is not correct while preparing for testimony?

  A. Go through the documentation thoroughly
  B. Do not determine the basic facts of the case before beginning and examining the evidence
  C. Establish early communication with the attorney
  D. Substantiate the findings with documentation and by collaborating with other computer forensics professionals
  B. Do not determine the basic facts of the case before beginning and examining the evidence

• Question 132:

  In an echo data hiding technique, the secret message is embedded into a __________as an echo.

  A. Cover audio signal
  B. Phase spectrum of a digital signal
  C. Pseudo-random signal
  D. Pseudo- spectrum signal
  A. Cover audio signal

• Question 133:

  Corporate investigations are typically easier than public investigations because: A. the users have standard corporate equipment and software

  B. the investigator does not have to get a warrant
  C. the investigator has to get a warrant
  D. the users can load whatever they want on their machines
  B. the investigator does not have to get a warrant

• Question 134:

  What method of copying should always be performed first before carrying out an investigation?

  A. Parity-bit copy
  B. Bit-stream copy
  C. MS-DOS disc copy
  D. System level copy
  B. Bit-stream copy

• Question 135:

  Which forensic investigating concept trails the whole incident from how the attack began to how the victim was affected?

  A. Point-to-point
  B. End-to-end
  C. Thorough
  D. Complete event analysis
  B. End-to-end

• Question 136:

  What operating system would respond to the following command? C:\> nmap -sW 10.10.145.65

  A. Windows XP
  B. Mac OS X
  C. FreeBSD
  D. Windows 95
  C. FreeBSD

• Question 137:

  Shortcuts are the files with the extension .Ink that are created and are accessed by the users. These files provide you with information about:

  A. Files or network shares
  B. Running application
  C. Application logs
  D. System logs
  A. Files or network shares

• Question 138:

  Email archiving is a systematic approach to save and protect the data contained in emails so that it can tie easily accessed at a later date.

  A. True
  B. False
  A. True

• Question 139:

  You are working as a computer forensics investigator for a corporation on a computer abuse case. You discover evidence that shows the subject of your investigation is also embezzling money from the company. The company CEO and the corporate legal counsel advise you to contact local law enforcement and provide them with the evidence that you have found. The law enforcement officer that responds requests that you put a network sniffer on your network and monitor all traffic to the subject computer. You inform the officer that you will not be able to comply with thatnetwork sniffer on your network and monitor all traffic to the subject? computer. You inform the officer that you will not be able to comply with that request because doing so would:

  A. Violate your contract
  B. Cause network congestion
  C. Make you an agent of law enforcement
  D. Write information to the subject hard driveWrite information to the subject? hard drive
  C. Make you an agent of law enforcement

• Question 140:

  If a file (readme.txt) on a hard disk has a size of 2600 bytes, how many sectors are normally allocated to this file?

  A. 4 Sectors
  B. 5 Sectors
  C. 6 Sectors
  D. 7 Sectors
  C. 6 Sectors