Exam Code: EC0-349 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Computer Hacking Forensic Investigator
Certification Provider: EC-Council
Free Today! Guaranteed Training- Pass EC0-349 Exam.
2021 Nov EC0-349 exam answers
Q101. that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?
A. the file header
B. the file footer
C. the File Allocation Table
D. the sector map
Answer: A
Q102. When a file is deleted by Windows Explorer or through the MS-DOS Delete command, the
operating system inserts in the first letter position of the filename in the FAT database.
A. a blank space
B. the underscore symbol (_)
C. the lowercase Greek letter sigma (s)
D. a capital X
Answer: C
Q103. You are working for a large clothing manufacturer as a computer forensics investigator and are called in to investigate an unusual case of an employee possibly stealing clothing designs from the company and selling them under a different brand name for a different company. What you discover during the course of the investigation is that the clothing designs are actually original products of the employee and the company has no policy against an employee selling his own designs on his own time. The only thing that you can find that the employee is doing wrong is that his clothing design incorporates the same graphic symbol as that of the company with only the wording in the graphic being different. What area of the law is the employee violating?
A. copyright law
B. IP Law
C. patent law
D. trademark law
Answer: A
Q104. 30 TB storage area networks that store customer data. What method would be most efficient for you to acquire digital evidence from this network?
A. make a bit-stream disk-to-disk file
B. make a bit-stream disk-to-image file
C. create a compressed copy of the file with DoubleSpace
D. create a sparse data copy of a folder or file
Answer: D
Q105. A state department site was recently attacked and all the servers had their hard disks erased. The incident response team sealed the area and commenced investigation. During evidence collection, they came across a zip disk that did not have the standard labeling on it. The incident team ran the disk on an isolated system and found that the system disk was accidentally erased. They decided to call in the FBI for further investigation. Meanwhile, they short listed possible suspects including three summer interns. Where did the incident team go wrong?
A. They examined the actual evidence on an unrelated system
B. They called in the FBI without correlating with the fingerprint data
C. They attempted to implicate personnel without proof
D. They tampered with the evidence by using it
Answer: D
Avant-garde EC0-349 pdf exam:
Q106. You are called in to assist the police in an investigation involving a suspected drug dealer. The suspects house was searched by the police after a warrant was obtained and they located a floppy disk in the suspects bedroom. The disk contains several files, but they appear to be password protected. What are two common methods used by password cracking software that you can use to obtain the password?
A. limited force and library attack
B. brute force and dictionary attack
C. minimum force and appendix attack
D. maximum force and thesaurus attack
Answer: B
Q107. With the standard Linux second extended file system (Ext2fs), a file is deleted when the inode internal link count reaches .
A. 2
B. 0
C. 1
D. 10
Answer: B
Q108. Microsoft Outlook maintains email messages in a proprietary format in what type of file?
A. .email
B. .doc
C. .mail
D. .pst
Answer: D
Q109. to ensure that you do not contaminate or alter data on the suspect's hard drive by booting to the hard drive.
A. deltree command
B. Scandisk utility
C. CMOS
D. Boot.sys
Answer: C
Q110. Printing under a windows computer normally requires which one of the following files types to be created?
A. EME
B. CME
C. MEM
D. EMF
Answer: D