EC-COUNCIL EC1-349 Online Practice Questions and Exam Preparation

EC-COUNCIL EC1-349 Online Questions & Answers

• Question 281:

  Which of the following refers to the data that might still exist in a cluster even though the original file has been overwritten by another file?

  A. Sector
  B. Metadata
  C. MFT
  D. Slack Space
  D. Slack Space

• Question 282:

  The status of the network interface cards (NICs) connected to a system gives information about whether the system is connected to a wireless access point and what IP address is being used. Which command displays the network configuration of the NICs on the system?

  A. ipconfig /all
  B. netstat
  C. net session
  D. tasklist
  A. ipconfig /all

• Question 283:

  Which response organization tracks hoaxes as well as viruses?

  A. NIPC
  B. FEDCIRC
  C. CERT
  D. CIAC
  D. CIAC

• Question 284:

  Harold is a computer forensics investigator working for a consulting firm out of Atlanta Georgia. Harold is called upon to help with a corporate espionage case in Miami Florida. Harold assists in the investigation by pulling all the data from the computers allegedly used in the illegal activities. He finds that two suspects in the company where stealing sensitive corporate information and selling it to competing companies. From the email and instant messenger logs recovered, Harold has discovered that the two employees notified the buyers by writing symbols on the back of specific stop signs. This way, the buyers knew when and where to meet with the alleged suspects to buy the stolen material. What type of steganography did these two suspects use?

  A. Text semagram
  B. Visual semagram
  C. Grill cipher
  D. Visual cipher
  B. Visual semagram

• Question 285:

  What is the goal of forensic science?

  A. To determine the evidential value of the crime scene and related evidence
  B. Mitigate the effects of the information security breach
  C. Save the good will of the investigating organization
  D. It is a disciple to deal with the legal processes
  A. To determine the evidential value of the crime scene and related evidence

• Question 286:

  Which of the following commands shows you the NetBIOS name table each?

  

  A. Option A
  B. Option B
  C. Option C
  D. Option D
  A. Option A

• Question 287:

  Determine the message length from following hex viewer record:

  

  A. 6E2F
  B. 13
  C. 27
  D. 810D
  D. 810D

• Question 288:

  When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?

  A. Write-blocker
  B. Protocol analyzer
  C. Firewall
  D. Disk editor
  A. Write-blocker

• Question 289:

  Data is striped at a byte level across multiple drives and parity information is distributed among all member drives.

  

  What RAID level is represented here?

  A. RAID Level0
  B. RAID Level 1
  C. RAID Level 3
  D. RAID Level 5
  D. RAID Level 5

• Question 290:

  If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?

  A. The system files have been copied by a remote attacker
  B. The system administrator has created an incremental backup
  C. The system has been compromised using a t0rn rootkit
  D. Nothing in particular as these can be operational files
  C. The system has been compromised using a t0rn rootkit