EC-COUNCIL EC1-349 Online Practice Questions and Exam Preparation

EC-COUNCIL EC1-349 Online Questions & Answers

• Question 141:

  When examining a hard disk without a write-blocker, you should not start windows because Windows will write data to the:

  A. Recycle Bin
  B. MSDOS.sys
  C. BIOS
  D. Case files
  A. Recycle Bin

• Question 142:

  A system with a simple logging mechanism has not been given much attention during development, this system is now being targeted by attackers, if the attacker wants to perform a new line injection attack, what will he/she inject into the log file?

  A. Plaintext
  B. Single pipe character
  C. Multiple pipe characters
  D. HTML tags
  A. Plaintext

• Question 143:

  You are called in to assist the police in an investigation involving a suspected drug dealer. The police searched the suspect house after aYou are called in to assist the police in an investigation involving a suspected drug dealer. The police searched the suspect? house after a warrant was obtained and they located a floppy disk in the suspect bedroom. The disk contains several files, but they appear to be passwordwarrant was obtained and they located a floppy disk in the suspect? bedroom. The disk contains several files, but they appear to be password protected. What are two common methods used by password cracking software that you could use to obtain the password?

  A. Limited force and library attack
  B. Brute force and dictionary attack
  C. Maximum force and thesaurus attack
  D. Minimum force and appendix attack
  B. Brute force and dictionary attack

• Question 144:

  Web applications provide an Interface between end users and web servers through a set of web pages that are generated at the server-end or contain script code to be executed dynamically within the client Web browser.

  A. True
  B. False
  A. True

• Question 145:

  Which part of the Windows Registry contains the user's password file?

  A. HKEY_LOCAL_MACHINE
  B. HKEY_CURRENT_CONFIGURATION
  C. HKEY_USER
  D. HKEY_CURRENT_USER
  A. HKEY_LOCAL_MACHINE
  D. HKEY_CURRENT_USER

• Question 146:

  When reviewing web logs, you see an entry for esource not found?in the HTTP status code field. What is the actual error code that you wouldWhen reviewing web logs, you see an entry for ?esource not found?in the HTTP status code field. What is the actual error code that you would see in the log for esource not found?see in the log for ?esource not found?

  A. 202
  B. 404
  C. 606
  D. 999
  B. 404

• Question 147:

  Subscriber Identity Module (SIM) is a removable component that contains essential information about the subscriber. Its main function entails authenticating the user of the cell phone to the network to gain access to subscribed services. SIM contains a 20-digit long Integrated Circuit Card identification (ICCID) number, identify the issuer identifier Number from the ICCID below.

  

  A. 89
  B. 44
  C. 245252
  D. 001451548
  C. 245252

• Question 148:

  It takes _____________ mismanaged case/s to ruin your professional reputation as a computer forensics examiner?

  A. by law, three
  B. quite a few
  C. only one
  D. at least two
  C. only one

• Question 149:

  Where is the startup configuration located on a router?

  A. Static RAM
  B. BootROM
  C. NVRAM
  D. Dynamic RAM
  C. NVRAM

• Question 150:

  You are assisting in the investigation of a possible Web Server hack. The company who called you stated that customers reported to them that whenever they entered the web address of the company in their browser, what they received was a pornographic web site. The company checked the web server and nothing appears wrong. When you type in the IP address of the web site in your browser everything appears normal. What is the name of the attack that affects the DNS cache of the name resolution servers, resulting in those servers directing users to the wrong web site?

  A. ARP Poisoning
  B. DNS Poisoning
  C. HTTP redirect attack
  D. IP Spoofing
  B. DNS Poisoning