DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Latest EC-Council EC0-349 Exam Questions for Comprehensive Preparation

Take other online exams

Question #1
When an investigator contacts by telephone the domain administrator or controller listed by a Who is lookup to request all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail records?
A. itle 18, Section 1030
B. itle 18, Section 2703(d)
C. itle 18, Section Chapter 90
D. itle 18, Section 2703(f)
View answer
Correct Answer: D

View The Updated EC0-349 Exam Questions

SPOTO Provides 100% Real EC0-349 Exam Questions for You to Pass Your EC0-349 Exam!

Question #2
Item 2If you come across a sheepdip machine at your client site, what would you infer?
A. sheepdip coordinates several honeypots
B. sheepdip computer is another name for a honeypot
C. sheepdip computer is used only for virus-checking
D. sheepdip computer defers a denial of service attack
View answer
Correct Answer: C
Question #3
In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?
A. ules of evidence
B. aw of probability
C. hain of custody
D. olicy of separation
View answer
Correct Answer: C
Question #4
How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?
A. 28
B. 4
C. 2
D. 6
View answer
Correct Answer: C
Question #5
You are working on a thesis for your doctorate degree in Computer Science. Your thesis is based on HTML, DHTML, and other web-based languages and how they have evolved over the years.You navigate to archive. org and view the HTML code of news.com. You then navigate to the current news.com website and copy over the source code. While searching through the code, you come across something abnormal: What have you found?
A. eb bug
B. GI code
C. rojan
D. lind bug
View answer
Correct Answer: A
Question #6
You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?
A. :1000, 150
B. :1709, 150
C. :1709, 150
D. :1709-1858
View answer
Correct Answer: B
Question #7
A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker. Given below is an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by studying the log. Please note that you are required to infer only what is explicit in the excerpt.(Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.)03/15-20:21:24.107053 211.185.12
A. he attacker has conducted a network sweep on port 111
B. he attacker has scanned and exploited the system using Buffer Overflow
C. he attacker has used a Trojan on port 32773
D. he attacker has installed a backdoor
View answer
Correct Answer: A
Question #8
The newer Macintosh Operating System is based on:
A. S/2
B. SD Unix
C. inux
D. icrosoft Windows
View answer
Correct Answer: B
Question #9
Before you are called to testify as an expert, what must an attorney do first?
A. ngage in damage control
B. rove that the tools you used to conduct your examination are perfect
C. ead your curriculum vitae to the jury
D. ualify you as an expert witness
View answer
Correct Answer: D
Question #10
You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer dat
A. reate a compressed copy of the file with DoubleSpace
B. reate a sparse data copy of a folder or file
C. ake a bit-stream disk-to-image file
D. ake a bit-stream disk-to-disk file
View answer
Correct Answer: C
Question #11
Preparing an image drive to copy files to is the first step in Linux forensics. For this purpose, what would the following command accomplish? dcfldd if=/dev/zero of=/dev/hda bs=4096 conv=noerror, sync
A. Fill the disk with zeros
B. Low-level format
C. Fill the disk with 4096 zeros
D. Copy files from the master disk to the slave disk on the secondary IDE controller
View answer
Correct Answer: A
Question #12
You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud by printing cheques that have not been authorized. You have exhaustively searched all data files on a bitmap image of the target computer, but have found no evidence. You suspect the files may not have been saved. What should you examine next in this case?
A. The registry
B. The swapfile
C. The recycle bin
D. The metadata
View answer
Correct Answer: B
Question #13
The following is a log file screenshot from a default installation of IIS 6.0.
A. UTC
B. GMT
C. TAI
D. UT
View answer
Correct Answer: A
Question #14
An employee is attempting to wipe out data stored on a couple of compact discs (CDs) and digital video discs (DVDs) by using a large magnet. You inform him that this method will not be effective in wiping out the data because CDs and DVDs are _________ media used to store large amounts of data and are not affected by the magnet.
A. Magnetic
B. Optical
C. Anti-Magnetic
D. Logical
View answer
Correct Answer: B
Question #15
When needing to search for a website that is no longer present on the Internet today but was online few years back, what site can be used to view the website collection of pages?view the website? collection of pages?
A. Proxify
B. Dnsstuff
C. Samspade
D. Archive
View answer
Correct Answer: D
Question #16
What type of equipment would a forensics investigator store in a StrongHold bag?
A. PDAPDA?
B. Backup tapes
C. Hard drives
D. Wireless cards
View answer
Correct Answer: D
Question #17
What method of copying should always be performed first before carrying out an investigation?
A. Parity-bit copy
B. Bit-stream copy
C. MS-DOS disc copy
D. System level copy
View answer
Correct Answer: B
Question #18
With regard to using an antivirus scanner during a computer forensics investigation, you should:
A. Scan the suspect hard drive before beginning an investigation
B. Never run a scan on your forensics workstation because it could change your system configurationNever run a scan on your forensics workstation because it could change your system? configuration
C. Scan your forensics workstation at intervals of no more than once every five minutes during an investigation
D. Scan your forensics workstation before beginning an investigation
View answer
Correct Answer: D
Question #19
If a PDA is seized in an investigation while the device is turned on, what would be the proper procedure?
A. Keep the device powered on
B. Turn off the device immediately
C. Remove the battery immediately
D. Remove any memory cards immediately
View answer
Correct Answer: A
Question #20
Davidson Trucking is a small transportation company that has three local offices in DetroitMichigan. Ten female employees that work for the company have gone to an attorney reporting that male employees repeatedly harassed them and that management did nothing to stop the problem. Davidson has employee policies that outline all company guidelines, including awareness on harassment and how it will not be tolerated. When the case is brought to court, whom should the prosecuting attorney call upon for not uphol
A. IT personnel
B. Employees themselves
C. Supervisors
D. Administrative assistant in charge of writing policies
View answer
Correct Answer: C
Question #21
When investigating a network that uses DHCP to assign IP addresses, where would you look to determine which system (MAC address) had a specific IP address at a specific time?
A. On the individual computer ARP cacheOn the individual computer? ARP cache
B. In the Web Server log files
C. In the DHCP Server log files
D. There is no way to determine the specific IP address
View answer
Correct Answer: C
Question #22
When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?
A. Write-blocker
B. Protocol analyzer
C. Firewall
D. Disk editor
View answer
Correct Answer: A
Question #23
John is working on his company policies and guidelines. The section he is currently working on covers company documents; how they shouldJohn is working on his company? policies and guidelines. The section he is currently working on covers company documents; how they should be handled, stored, and eventually destroyed. John is concerned about the process whereby outdated documents are destroyed. What type of shredder shouldJohn write in the guidelines to be used when destroying documents?
A. Strip-cut shredder
B. Cross-cut shredder
C. Cross-hatch shredder
D. Cris-cross shredder
View answer
Correct Answer: B

View The Updated EC-Council Exam Questions

SPOTO Provides 100% Real EC-Council Exam Questions for You to Pass Your EC-Council Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: