Limited Time Discount Offer 30% Off - Ends in 02:00:00

×

ECCouncil EC1-349 Exam - Computer Hacking Forensic Investigator (EC1-349)

Questions & Answers for ECCouncil EC1-349

Showing 1-15 of 304 Questions

Question #1 - Topic 1

An on-site incident response team is called to investigate an alleged case of computer
tampering within their company. Before proceeding with the investigation, the CEO informs
them that the incident will be classified as ow level? How long will the team have to
respond to the incident?the investigation, the CEO informs them that the incident will be
classified as ?ow level? How long will the team have to respond to the incident?

A. One working day

B. Two working days

C. Immediately

D. Four hours

Question #2 - Topic 1

What must an investigator do before disconnecting an iPod from any type of computer?

A. Unmount the iPod

B. Mount the iPod

C. Disjoin the iPod

D. Join the iPod

Question #3 - Topic 1

Given the drive dimensions as follows and assuming a sector has 512 bytes, what is the
capacity of the described hard drive?
22,164 cylinders/disk
80 heads/cylinder
63 sectors/track

A. 53.26 GB

B. 57.19 GB

C. 11.17 GB

D. 10 GB

Question #4 - Topic 1

What happens when a file is deleted by a Microsoft operating system using the FAT file
system?

A. The file is erased and cannot be recovered

B. The file is erased but can be recovered partially

C. A copy of the file is stored and the original file is erased

D. Only the reference to the file is removed from the FAT and can be recovered

Question #5 - Topic 1

John is working as a computer forensics investigator for a consulting firm in Canada. He is
called to seize a computer at a local web caf?John is working as a computer forensics
investigator for a consulting firm in Canada. He is called to seize a computer at a local web
caf purportedly used as a botnet server. John thoroughly scans the computer and finds
nothing that would lead him to think the computer was a botnet server. John decides to
scan the virtual memory of the computer to possibly find something he had missed. What
information will the virtual memory scan produce?

A. It contains the times and dates of when the system was last patched

B. It is not necessary to scan the virtual memory of a computer

C. It contains the times and dates of all the system files

D. Hidden running processes

Question #6 - Topic 1

When needing to search for a website that is no longer present on the Internet today but
was online few years back, what site can be used to view the website collection of
pages?view the website? collection of pages?

A. Proxify.net

B. Dnsstuff.com

C. Samspade.org

D. Archive.org

Question #7 - Topic 1

What file is processed at the end of a Windows XP boot to initialize the logon dialog box?

A. NTOSKRNL.EXE

B. NTLDR

C. LSASS.EXE

D. NTDETECT.COM

Question #8 - Topic 1

In the following directory listing,

which file should be used to restore archived email messages for someone using Microsoft
Outlook?

A. Outlook bak

B. Outlook ost

C. Outlook NK2

D. Outlook pst

Question #9 - Topic 1

If a PDA is seized in an investigation while the device is turned on, what would be the
proper procedure?

A. Keep the device powered on

B. Turn off the device immediately

C. Remove the battery immediately

D. Remove any memory cards immediately

Question #10 - Topic 1

What advantage does the tool Evidor have over the built-in Windows search?

A. It can find deleted files even after they have been physically removed

B. It can find bad sectors on the hard drive

C. It can search slack space

D. It can find files hidden within ADS

Question #11 - Topic 1

George was recently fired from his job as an IT analyst at Pitts and Company in Dallas
Texas. His main duties as an analyst were to support the company Active Directory
structure and to create network polices. George now wants to break into the company
network by cracking some ofcompany? Active Directory structure and to create network
polices. George now wants to break into the company? network by cracking some of the
service accounts he knows about. Which password cracking technique should George use
in this situation?

A. Brute force attack

B. Syllable attack

C. Rule-based attack

D. Dictionary attack

Question #12 - Topic 1

What feature of Decryption Collection allows an investigator to crack a password as quickly
as possible?

A. Cracks every password in 10 minutes

B. Distribute processing over 16 or fewer computers

C. Support for Encrypted File System

D. Support for MD5 hash verification

Question #13 - Topic 1

Where does Encase search to recover NTFS files and folders?

A. MBR

B. MFT

C. Slack space

D. HAL

Question #14 - Topic 1

What type of equipment would a forensics investigator store in a StrongHold bag?

A. PDAPDA?

B. Backup tapes

C. Hard drives

D. Wireless cards

Question #15 - Topic 1

Why should you never power on a computer that you need to acquire digital evidence
from?

A. When the computer boots up, files are written to the computer rendering the data nclean?When the computer boots up, files are written to the computer rendering the data ?nclean

B. When the computer boots up, the system cache is cleared which could destroy evidence

C. When the computer boots up, data in the memory buffer is cleared which could destroy evidenceWhen the computer boots up, data in the memory? buffer is cleared which could destroy evidence

D. Powering on a computer has no affect when needing to acquire digital evidence from it

You Need Avanset VCE Player in Order to Open VCE Files

AUTUMN SALE: 30% DISCOUNT
This is ONE TIME OFFER

You save
30%

Enter Your Email Address to Receive Your 30% Discount Code

AUTUMN SALE: 30% DISCOUNT

You save
30%

Use Discount Code:

A confirmation link was sent to your e-mail.

Please check your mailbox for a message from support@exam-labs.com and follow the directions.