-
EC0-349题库demo免费下载
Filed under EC-COUNCILAug 3EC-COUNCIL认证EC0-349考试题库介绍
考试代号: EC0-349
问题数量:186 Q&As
更新时间: 2009-09-29
注册地点: Prometric/Pearson VUE
题库全称:Computer Hacking Forensic Investigator免费EC0-349题库Demo赏析
Exam : EC-Council EC0-349
Title : E-Commerce Architect1. Why is it still possible to recover files that have been emptied from the Recycle Bin on a Windows computer?
A.The data is still present until the original location of the file is used
B.The data is moved to the Restore directory and is kept there indefinitely
C.The data will reside in the L2 cache on a Windows computer until it is manually deleted
D.It is not possible to recover data that has been emptied from the Recycle Bin
Answer: A2. What hashing method is used to password protect Blackberry devices?
A.AES
B.RC5
C.MD5
D.SHA-1
Answer: D3. In conducting a computer abuse investigation you become aware that the suspect of the investigation is using ABC Company as his Internet Service Provider
(ISP). You contact the ISP and request that they provide you assistance with your investigation. What assistance can the ISP provide?
A.The ISP can investigate anyone using their service and can provide you with assistance
B.The ISP can investigate computer abuse committed by their employees, but must preserve the privacy of their customers and therefore cannot assist you
without a warrant
C.The ISP cannot conduct any type of investigations on anyone and therefore cannot assist you
D.ISPs never maintain log files so they would be of no use to your investigation
Answer: B4. A suspect is accused of violating the acceptable use of computing resources, as he has visited adult websites and downloaded images. The investigator
wants to demonstrate that the suspect did indeed visit these sites. However, the suspect has cleared the search history and emptied the cookie cache.
Moreover, he has removed any images he might have downloaded. What can the investigator do to prove the violation? Choose the most feasible option.
A.Image the disk and try to recover deleted files
B.Seek the help of co-workers who are eye-witnesses
C.Check the Windows registry for connection data (You may or may not recover)
D.Approach the websites for evidence
Answer: A5. While searching through a computer under investigation, you discover numerous files that appear to have had the first letter of the file name replaced by
the hex code byte E5h. What does this indicate on the computer?
A.The files have been marked as hidden
B.The files have been marked for deletion
C.The files are corrupt and cannot be recovered
D.The files have been marked as read-only
Answer: B6. Madison is on trial for allegedly breaking into her universitys internal network. The police raided her dorm room and seized all of her computer
equipment. Madisons lawyer is trying to convince the judge that the seizure was unfounded and baseless. Under which US Amendment is Madisons lawyer trying to
prove the police violated?
A.The 10th Amendment
B.The 5th Amendment
C.The 1st Amendment
D.The 4th Amendment
Answer: D7. Sectors in hard disks typically contain how many bytes?
A.256
B.512
C.1024
D.2048
Answer: B8. When a router receives an update for its routing table, what is the metric value change to that path?
A.Increased by 2
B.Decreased by 1
C.Increased by 1
D.Decreased by 2
Answer: C9. Which forensic investigating concept trails the whole incident from how the attack began to how the victim was affected?
A.Point-to-point
B.End-to-end
C.Thorough
D.Complete event analysis
Answer: B10. When carrying out a forensics investigation, why should you never delete a partition on a dynamic disk?
A.All virtual memory will be deleted
B.The wrong partition may be set to active
C.This action can corrupt the disk
D.The computer will be set in a constant reboot state
Answer: C11. What will the following Linux command accomplish?
dd if=/dev/mem of=/home/sam/mem.bin bs=1024
A.Copy the master boot record to a file
B.Copy the contents of the system folder mem to a file
C.Copy the running memory to a file
D.Copy the memory dump file to an image file
Answer: C12. A forensics investigator is searching the hard drive of a computer for files that were recently moved to the Recycle Bin. He searches for files in
C:RECYCLED using a command line tool but does not find anything. What is the reason for this?
A.He should search in C:WindowsSystem32RECYCLED folder
B.The Recycle Bin does not exist on the hard drive
C.The files are hidden and he must use a switch to view them
D.Only FAT system contains RECYCLED folder and not NTFS
Answer: C13. A picture file is recovered from a computer under investigation. During the investigation process, the file is enlarged 500% to get a better view of its
contents. The pictures quality is not degraded at all from this process. What kind of picture is this file?
A.Raster image
B.Vector image
C.Metafile image
D.Catalog image
Answer: B14. A forensics investigator needs to copy data from a computer to some type of removable media so he can examine the information at another location. The
problem is that the data is around 42GB in size. What type of removable media could the investigator use?
A.Blu-Ray single-layer
B.HD-DVD
C.Blu-Ray dual-layer
D.DVD-18
Answer: C15. What is the last bit of each pixel byte in an image called?
A.Last significant bit
B.Least significant bit
C.Least important bit
D.Null bit
Answer: B16. What information do you need to recover when searching a victims computer for a crime committed with specific e-mail message?
A.Internet service provider information
B.E-mail header
C.Username and password
D.Firewall log
Answer: B17. The efforts to obtain information before a trial by demanding documents, depositions, questions and Answers written under oath, written requests for
admissions of fact, and examination of the scene is a description of what legal term?
A.Detection
B.Hearsay
C.Spoliation
D.Discovery
Answer: D18. In the following Linux command, what is the outfile?
dd if=/usr/bin/personal/file.txt of=/var/bin/files/file.txt
A./usr/bin/personal/file.txt
B./var/bin/files/file.txt
C./bin/files/file.txt
D.There is not outfile specified
Answer: B19. Which legal document allows law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime?
A.Search warrant
B.Subpoena
C.Wire tap
D.Bench warrant
Answer: A20. You are working as an independent computer forensics investigator and receive a call from a systems administrator for a local school system requesting
your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer Lab.
When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a simple backup copy of the hard drive in the PC
and put it on this drive and requests that you examine the drive for evidence of the suspected images. You inform him that a simple backup copy will not
provide deleted files or recover file fragments. What type of copy do you need to make to ensure that the evidence found is complete and admissible in future
proceedings?
A.Bit-stream copy
B.Robust copy
C.Full backup copy
D.Incremental backup copy
Answer: A免费下载EC0-349题库Demo
Examsoon提供最新的Certified Ethical Hacker认证 EC0-349题库,其全名为:(Computer Hacking Forensic Investigator). 在您决定是否购买之前 可以先下载EC0-349题库的部分演示. Examsoon是全球唯一提供所有IT认证考试题库demo免费下载的厂商 ,以下为免费EC0-349模拟测试题的下载链接
EC-COUNCIL EC0-349学习指南
Certified Ethical Hacker认证 EC0-349考试已经证明了它在全世界的广泛性和重要性,因此明白这项认证考试的世界各地的人必须具备与认证考试相关领域所需的技能和知识。EC-COUNCIL认证 EC0-349学习指南的目的是检查考生的能力和他对概念的意识。很多时候练习测试EC0-349考试都已经被修改过了,删掉了许多过时的东西,而那些需求是在考试课程。当应用到时候你所学的知识的时候,就会鉴定出你所学到的东西以及对所学知识的应用是多么的恰到好处。EC-COUNCIL认证 EC0-349是在IT行业的知名品牌,所以如果您通过了这样一个知名公司举行的一次考试,你可以想象你将来的事业会做的多么好。
想要通过这个考试当然存在很多困难。你所要做的就是准备好充足的勇气和信心,而这些都来源与你平时训练的好坏.建议大家可以去Examsoon这个网站看一下,它的EC0-349考试是为了测试您在这方面的知识的掌握程度,最好的部分是它可以使你不断更新你所学的知识,不断进步。如果你知道所有的概念和如何使用他们的时候才是你真正掌握了Examsoon的用意。这门考试检查了您的能力和一旦你通过这次考验你将成为最优秀的人才,其他EC0-349考试的Examsoon结算值得注意的影响就是你的薪水将直线上升这大概也是每个人都希望获得的,所以要找一些好的资源才行。
Examsoon考题大师EC0-349试题都是考试原题的完美组合,覆盖率95%以上,答案由多位专业资深讲师原版破解得出,正确率100%,只要您使用Examsoon的考试题库参加EC0-349考试,保证您一次轻松通过考试;
售后服务第一!我们相信要想在当今时代取得成功,必须为广大用户提供全套的周到细致的全程优质售后服务,只有客户满意了,才能发展。客户至上是Examsoon考题大师的一贯宗旨;
Leave a Reply
You must be logged in to post a comment.
Recent Comments