Your EC-Council train could assist the EC0-349 trainees to be able to elevate the professional level rather than uneducated. While just how may graduates with out experience complete EC0-349, and obtain the EC-Council certification? The issues sit from the a variety of examination capabilities together with challenges emerging out. Exam query lender, query result in capabilities, just practising fraudulence, disloyal, and so on. beat the crooks due to bad supervision in EC-Council.
2021 Nov EC0-349 test engine
Q141. In conducting a computer abuse investigation you become aware that the suspect of the investigation is using ABC Company as his Internet Service Provider (ISP). You contact the ISP and request that they provide you assistance with your investigation. What assistance can the ISP provide?
A. the ISP cannot conduct any type of investigations on anyone and therefore cannot assist you
B. ISPs never maintain log files so they would be of no use to your investigation
C. the ISP can investigate computer abuse committed by their employees, but must preserve the privacy of their customers and therefore cannot assist you without a warrant
D. the ISP can investigate anyone using their service and can provide you with assistance
Answer: C
Q142. What does the superblock in Linux define?
A. location of the firstinode
B. file system names
C. disk geometry
D. available space
Answer: A
Q143. To preserve digital evidence, an investigator should .
A. only store the original evidence item
B. make two copies of each evidence item using a single imaging tool
C. make a single copy of each evidence item using an approved imaging tool
D. make two copies of each evidence item using different imaging tools
Answer: D
Q144. You should make at least how many bit-stream copies of a suspect drive?
A. 3
B. 2
C. 1
D. 4
Answer: B
Q145. You are assigned to work in the computer forensics lab of a state police agency. While working on a high profile criminal case, you have followed every applicable procedure, however your boss is still concerned that the defense attorney might question wheather evidence has been changed while at the lab. What can you do to prove that the evidence is the same as it was when it first entered the lab?
A. make an MD5 hash of the evidence and compare it with the original MD5 hash that was taken when the evidence first entered the lab
B. sign a statement attesting that the evidence is the same as it was when it entered the lab
C. there is no reason to worry about this possible claim because state labs are certified
D. make an MD5 hash of the evidence and compare it to the standard database developed by NIST
Answer: A
Improved EC0-349 exam question:
Q146. Printing under a windows computer normally requires which one of the following files types to be created?
A. CME
B. EME
C. MEM
D. EMF
Answer: D
Q147. , which are facts or circumstances that would lead a reasonable person to believe a crime has been committed or is about to be committed, evidence of the specific crime exists, and the evidence of the specific crime exists at the place to be searched.
A. mere suspicion
B. probable cause
C. beyond a reasonable doubt
D. a preponderance of the evidence
Answer: B
Q148. If a suspect's computer is located in an area that may have toxic chemicals, you must
A. coordinate with the HAZMAT team
B. determine a way to obtain the suspect computer
C. do not enter alone
D. assume the suspect machine is contaminated
Answer: A
Q149. What type of file is represented by a colon (:) with a name following it in the Master File Table (MFT) of an NTFS disk?
A. a reserved file
B. an encrypted file
C. a compressed file
D. a data streamfile
Answer: D
Q150. How many possible sequence number combinations are there in TCP/IP protocol?
A. 1 billion
B. 320 billion
C. 4 billion
D. 32 million
Answer: C