EC-COUNCIL EC1-349 Online Practice Questions and Exam Preparation

EC-COUNCIL EC1-349 Online Questions & Answers

• Question 401:

  This is the original file structure database that Microsoft originally designed for floppy disks. It is written to the outermost track of a disk and contains information about each file stored on the drive.

  A. Master Boot Record (MBR)
  B. Master File Table (MFT)
  C. File Allocation Table (FAT)
  D. Disk Operating System (DOS)
  C. File Allocation Table (FAT)

• Question 402:

  With regard to using an antivirus scanner during a computer forensics investigation, you should:

  A. Scan the suspect hard drive before beginning an investigation
  B. Never run a scan on your forensics workstation because it could change your system configurationNever run a scan on your forensics workstation because it could change your system? configuration
  C. Scan your forensics workstation at intervals of no more than once every five minutes during an investigation
  D. Scan your forensics workstation before beginning an investigation
  D. Scan your forensics workstation before beginning an investigation

• Question 403:

  Network forensics allows Investigators 10 inspect network traffic and logs to identify and locate the attack system Network forensics can reveal: (Select three answers)

  A. Source of security incidents' and network attacks
  B. Path of the attack
  C. Intrusion techniques used by attackers
  D. Hardware configuration of the attacker's system
  A. Source of security incidents' and network attacks
  B. Path of the attack
  C. Intrusion techniques used by attackers

• Question 404:

  After undergoing an external IT audit, George realizes his network is vulnerable to DDoS attacks. What countermeasures could he take to prevent DDoS attacks?

  A. Enable BGP
  B. Enable direct broadcasts
  C. Disable BGP
  D. Disable direct broadcasts
  D. Disable direct broadcasts

• Question 405:

  What will the following Linux command accomplish? dd if=/dev/mem of=/home/sam/mem.bin bs=1024

  A. Copy the master boot record to a file
  B. Copy the contents of the system folder em?to a fileCopy the contents of the system folder ?em?to a file
  C. Copy the running memory to a file
  D. Copy the memory dump file to an image file
  C. Copy the running memory to a file

• Question 406:

  What is the smallest allocation unit of a hard disk?

  A. Cluster
  B. Spinning tracks
  C. Disk platters
  D. Slack space
  A. Cluster

• Question 407:

  What is the "Best Evidence Rule"?

  A. It states that the court only allows the original evidence of a document, photograph, or recording at the trial rather than a copy
  B. It contains system time, logged-on user(s), open files, network information, process information, process-to-port mapping, process memory, clipboard contents, service/driver information, and command history
  C. It contains hidden files, slack space, swap file, index.dat files, unallocated clusters, unused partitions, hidden partitions, registry settings, and event logs
  D. It contains information such as open network connection, user logout, programs that reside in memory, and cache data
  A. It states that the court only allows the original evidence of a document, photograph, or recording at the trial rather than a copy

• Question 408:

  You setup SNMP in multiple offices of your company. Your SNMP software manager is not receiving data from other offices like it is for your main office. You suspect that firewall changes are to blame. What ports should you open for SNMP to work through Firewalls (Select 2)

  A. 161
  B. 162
  C. 163
  D. 160
  A. 161
  B. 162

• Question 409:

  An attack vector is a path or means by which an attacker can gain access to computer or network resources in order to deliver an attack payload or cause a malicious outcome.

  A. True
  B. False
  A. True

• Question 410:

  Where does Encase search to recover NTFS files and folders?

  A. MBR
  B. MFT
  C. Slack space
  D. HAL
  B. MFT