EC-COUNCIL EC1-349 Online Practice Questions and Exam Preparation

EC-COUNCIL EC1-349 Online Questions & Answers

• Question 341:

  When collecting evidence from the RAM, where do you look for data?

  A. Swap file
  B. SAM file
  C. Data file
  D. Log file
  A. Swap file

• Question 342:

  Tyler is setting up a wireless network for his business that he runs out of his home. He has followed all the directions from the ISP as well as the wireless router manual. He does not have any encryption set and the SSID is being broadcast. On his laptop, he can pick up the wireless signal for short periods of time, but then the connection drops and the signal goes away. Eventually the wireless signal shows back up, but drops intermittently. What could be Tyler issue with his home wireless network?

  A. CB radio
  B. 2.4Ghz Cordless phones
  C. Satellite television
  D. Computers on his wired network
  B. 2.4Ghz Cordless phones

• Question 343:

  While searching through a computer under investigation, you discover numerous files that appear to have had the first letter of the file name replaced by the hex code byte 5h.?What does this indicate on the computer?replaced by the hex code byte ?5h.?What does this indicate on the computer?

  A. The files have been marked as hidden
  B. The files have been marked for deletion
  C. The files are corrupt and cannot be recovered
  D. The files have been marked as read-only
  B. The files have been marked for deletion

• Question 344:

  Which of the following is NOT a graphics file?

  A. Picture1.tga
  B. Picture2.bmp
  C. Picture3.nfo
  D. Picture4.psd
  C. Picture3.nfo

• Question 345:

  Windows identifies which application to open a file with by examining which of the following?

  A. The File extension
  B. The file attributes
  C. The file Signature at the end of the file
  D. The file signature at the beginning of the file
  A. The File extension

• Question 346:

  Which of the following is not correct when documenting an electronic crime scene?

  A. Document the physical scene, such as the position of the mouse and the location of components near the system
  B. Document related electronic components that are difficult to find
  C. Record the condition of the computer system, storage media, electronic devices and conventional evidence, including power status of the computer
  D. Write down the color of shirt and pant the suspect was wearing
  D. Write down the color of shirt and pant the suspect was wearing

• Question 347:

  In Linux, what is the smallest possible shellcode?

  A. 8 bytes
  B. 24 bytes
  C. 800 bytes
  D. 80 bytes
  B. 24 bytes

• Question 348:

  ____________________ is simply the application of Computer Investigation and analysis techniques in the interests of determining potential legal evidence.

  A. Network Forensics
  B. Computer Forensics
  C. Incident Response
  D. Event Reaction
  B. Computer Forensics

• Question 349:

  What technique used by Encase makes it virtually impossible to tamper with evidence once it has been acquired?

  A. Every byte of the file(s) is given an MD5 hash to match against a master file
  B. Every byte of the file(s) is verified using 32-bit CRC
  C. Every byte of the file(s) is copied to three different hard drives
  D. Every byte of the file(s) is encrypted using three different methods
  B. Every byte of the file(s) is verified using 32-bit CRC

• Question 350:

  Which of the following Wi-Fi chalking methods refers to drawing symbols in public places to advertise open Wi-Fi networks?

  A. WarWalking
  B. WarFlying
  C. WarChalking
  D. WarDhving
  C. WarChalking