EC-COUNCIL EC1-349 Online Practice Questions and Exam Preparation

EC-COUNCIL EC1-349 Online Questions & Answers

• Question 321:

  You are conducting an investigation of fraudulent claims in an insurance company that involves complex text searches through large numbers of documents. Which of the following tools would allow you to quickly and efficiently search for a string within a file on the bitmap image of the target computer?

  A. Stringsearch
  B. grep
  C. dir
  D. vim
  B. grep

• Question 322:

  You work as a penetration tester for Hammond Security Consultants. You are currently working on a contract for the state government of California. Your next step is to initiate a DoS attack on their network. Why would you want to initiate a DoS attack on a system you are testing?

  A. Demonstrate that no system can be protected againstDoS attacks
  B. List weak points on their network
  C. Show outdatedeQuipment so it can be replaced
  D. Use attack as a launching point to penetrate deeper into the network
  B. List weak points on their network

• Question 323:

  What stage of the incident handling process involves reporting events?

  A. Containment
  B. Follow-up
  C. Identification
  D. Recovery
  C. Identification

• Question 324:

  If a PDA is seized in an investigation while the device is turned on, what would be the proper procedure?

  A. Keep the device powered on
  B. Turn off the device immediately
  C. Remove the battery immediately
  D. Remove any memory cards immediately
  A. Keep the device powered on

• Question 325:

  What document does the screenshot represent?

  

  A. Chain of custody form
  B. Search warrant form
  C. Evidence collection form
  D. Expert witness form
  A. Chain of custody form

• Question 326:

  LBA (Logical Block Address) addresses data by allotting a ___________to each sector of the hard disk.

  A. Sequential number
  B. Index number
  C. Operating system number
  D. Sector number
  A. Sequential number

• Question 327:

  Physical security recommendations: There should be only one entrance to a forensics lab

  A. True
  B. False
  A. True

• Question 328:

  When a file is deleted by Windows Explorer or through the MS-DOS delete command, the operating system inserts _______________ in the first letter position of the filename in the FAT database.

  A. A Capital X
  B. A Blank Space
  C. The Underscore Symbol
  D. The lowercase Greek Letter Sigma (s)
  D. The lowercase Greek Letter Sigma (s)

• Question 329:

  According to US federal rules, to present a testimony in a court of law, an expert witness needs to furnish certain information to prove his eligibility. Jason, a qualified computer forensic expert who has started practicing two years back, was denied an expert testimony in a computer crime case by the US Court of Appeals for the Fourth Circuit in Richmond, Virginia. Considering the US federal rules, what could be the most appropriate reason for the court to reject Jason's eligibility as an expert witness?

  A. Jason was unable to furnish documents showing four years of previous experience in the field
  B. Being a computer forensic expert, Jason is not eligible to present testimony in a computer crime case
  C. Jason was unable to furnish documents to prove that he is a computer forensic expert
  D. Jason was not aware of legal issues involved with computer crimes
  A. Jason was unable to furnish documents showing four years of previous experience in the field

• Question 330:

  You have compromised a lower-level administrator account on an Active Directory network of a small company in Dallas, Texas. You discover Domain Controllers through enumeration. You connect to one of the Domain Controllers on port

  389 using ldp.exe.

  What are you trying to accomplish here?

  A. Enumerate domain user accounts and built-in groups
  B. Enumerate MX and A records from DNS
  C. Establish a remote connection to the Domain Controller
  D. Poison the DNS records with false records
  A. Enumerate domain user accounts and built-in groups