We provide you with the 100% refund policy in case you fail the actual EC-Council EC-Council exam after utilizing our exam products. Or you are able to claim another EC-Council EC-Council exam dumps in the same value without charging any kind of fees. If you have another questions, please seek the online customer assistance for help. Our primary objective is your own success as well as satisfaction.

2016 Nov EC0-349 test preparation

Q61. When monitoring for both intrusion and security events between multiple computers, it is essential that the computers' clocks are synchronized. Synchronized time allows an administrator to reconstruct what took place during an attack against multiple computers. Without synchronized time, it is very difficult to determine exactly when specific events took place, and how events interlace. What is the name of the service used to synchronize time among multiple computers? 

A. Universal Time Set 

B. SyncTime Service 

C. Network Time Protocol 

D. Time-Sync Protocol 


Q62. data on an evidence disk? 

A. a disk editor 

B. a firewall 

C. a write-blocker 

D. a protocol analyzer 


Q63. Hackers can gain access to the Windows Registry and manipulate user passwords, DNS settings, access rights, or other features that they may need in order to accomplish their objectives. One simple method for loading an application at startup is to add an entry (key) to the following Registry hive: 

A. HKEY_LOCAL_USER\\Software\\Microsoft\\OldVersion\\Load 

B. HKEY_LOCAL_MACHINE\\Hardware\\Windows\\Start 

C. HKEY_LOCAL_MACHINE\\Software\\Microsoft\\CurrentVersion\\Run 

D. HKEY_CURRENT_USER\\Microsoft\\Default 


Q64. From the following spam mail header, identify the host IP that sent this spam? 

From jie02@netvigator.com jie02@netvigator.com Tue Nov 27 17:27:11 2001 

Received: from viruswall.ie.cuhk.edu.hk (viruswall []) by eng.ie.cuhk.edu.hk 

 (8.11.6/8.11.6) with ESMTP id 

fAR9RAP23061 for ; Tue, 27 Nov 2001 17:27:10 +0800 (HKT) 

Received: from mydomain.com (pcd249020.netvigator.com []) by 

viruswall.ie.cuhk.edu.hk (8.12.1/8.12.1) 

with SMTP id fAR9QXwZ018431 for ; Tue, 27 Nov 2001 17:26:36 +0800 (HKT) 

Message-Id: >200111270926.fAR9QXwZ018431@viruswall.ie.cuhk.edu.hk 

From: "china hotel web" To: "Shlam" Subject: SHANGHAI (HILTON HOTEL) PACKAGE Date: Tue, 27 Nov 2001 17:25:58 +0800 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal Reply-To: "china hotel web" 






Q65. James is testing the ability of his routers to withstand DoS attacks. James sends ICMP ECHO requests to the broadcast address of his network. What type of DoS attack is James testing against his network? 

A. Smurf 

B. Trinoo 

C. Fraggle 

D. SYN flood 


Down to date EC0-349 testing engine:

Q66. Chris has been called upon to investigate a hacking incident reported by one of his clients. The company suspects the involvement of an insider accomplice in the attack. Upon reaching the incident scene, Chris secures the physical area, records the scene using visual media. He shuts the system down by pulling the power plug so that he does not disturb the system in any way. He labels all cables and connectors prior to disconnecting any. What do you think would be the next sequence of events? 

A. Connect the target media; Prepare the system for acquisition; Secure the evidence; Copy the media 

B. Prepare the system for acquisition; Connect the target media; Copy the media; Secure the evidence 

C. Connect the target media; Prepare the system for acquisition; Secure the evidence; Copy the media 

D. Secure the evidence; Prepare the system for acquisition; Connect the target media; Copy the media 


Q67. What should you do when approached by a reporter about a case that you are working on or have worked on? 

A. refer the reporter to the attorney that retained you 

B. answer only the questions that help your case 

C. answer all the reporters questions as completely as possible 

D. say, "no comment" 


Q68. You are assisting in the investigation of a possible Web Server hack. The company who called you stated that customers reported to them that whenever they entered the web address of the company in their browser, what they received was a pornographic web site. The company checked the web server and nothing appears wrong. When you type in the IP address of the web site in your browser everything appears normal. What is the name of the attack that affects the DNS cache of the name resolution servers, resulting in those servers directing users to the wrong web site? 

A. IP Spoofing 

B. ARP Poisoning 

C. DNS Poisoning 

D. HTTP redirect attack 


Q69. Which of the following should a computer forensics investigations lab have? 

A. an entry log 

B. restricted access 

C. isolation 

D. open access 


Q70. An expert witness may give an opinion if: 

A. the opinion, inferences, or conclusions depend on special knowledge, skill, or training not within the ordinary experience of lay jurors 

B. to deter the witness from expanding the scope of his or her investigation beyond the requirements of the case 

C. to stimulate discussion between the consulting expert and the expert witness 

D. to define the issues of the case for determination by the finder of fact