EC-Council EC-Council certification exam is generally known as EC-Council EC0-349 exam which is never an easy test. Many graduates who main in world wide web technology are usually eager to get certified. There are many EC-Council EC0-349 exam studying materials or online education course from the market. Choose a suitable along with valuable EC-Council preparation resources is a great essential career.
2021 Oct EC0-349 test
Q41. In a virtual test environment, Michael is testing the strength and security of BGP using multiple routers to mimic the backbone of the Internet. This project will help him write his doctoral thesis on "bringing down the Internet". Without sniffing the traffic between the routers, Michael sends millions of RESET packets to the routers in an attempt to shut one or all of them down. After a few hours, one of the routers finally shuts itself down. What will the other routers communicate between themselves?
A. The change in the routing fabric to bypass the affected router
B. More RESET packets to the affected router to get it to power back up
C. RESTART packets to the affected router to get it to power back up
D. STOP packets to all other routers warning of where the attack originated
Answer: A
Q42. When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?
A. a disk editor
B. a write-blocker
C. a protocol analyzer
D. a firewall
Answer: B
Q43. You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company clients. You have rummaged through their trash and found very little information. You do not want to set off any alarms on their network, so you plan on performing passive footprinting against their Web servers. What tool should you use?
A. Ping sweep
B. Nmap
C. Netcraft
D. Dig
Answer: C
Q44. An expert witness may give an opinion if:
A. to stimulate discussion between the consulting expert and the expert witness
B. to define the issues of the case for determination by the finder of fact
C. to deter the witness from expanding the scope of his or her investigation beyond the requirements of the case
D. the opinion, inferences, or conclusions depend on special knowledge, skill, or training not within the ordinary experience of lay jurors
Answer: D
Q45. Which of the following should a computer forensics investigations lab have?
A. isolation
B. restricted access
C. open access
D. an entry log
Answer: B
Update EC0-349 exam engine:
Q46. various hard disks at the forensics lab due to sensitivity of the case. How would you permanently erase the data on the hard disks? (Recovery of data should be impossible)
A. Overwrite the contents of the hard disk with junk data
B. Format the hard disk multiple times using a low level disk utility
C. Smash the hard disk with a hammer
D. Run powerful magnets over the hard disk
E. Throw the hard disk into the fire
Answer: E
Q47. If you plan to startup a suspect's computer, you must modify the to ensure that you do not contaminate or alter data on the suspect's hard drive by booting to the hard drive.
A. Boot.sys
B. CMOS
C. deltree command
D. Scandisk utility
Answer: B
Q48. How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?
A. 32
B. 64
C. 48
D. 16
Answer: A
Q49. When obtaining a warrant it is important to:
B. particularlydescribe the place to be searched and generally describe the items to be seized C. generallydescribe the place to be searched and particularly describe the items to be seized D. generallydescribe the place to be searched and generally describe the items to be seized
Answer: A
Q50. When you carve an image, recovering the image depends on which of the following skills?
A. recovering the image from a tape backup
B. recognizing the pattern of a corrupt file C. recognizing the pattern of the header content
D. recognizing the pattern of the data content
Answer: C