Exam Code: EC0-349 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Computer Hacking Forensic Investigator
Certification Provider: EC-Council
Free Today! Guaranteed Training- Pass EC0-349 Exam.

2021 Nov EC0-349 test question

Q131. When conducting computer forensic analysis, you must guard against   so that you remain focused on the primary job and insure that the level of work does not increase beyond what was originally expected. 

A. scope creep 

B. unauthorized expenses 

C. hard drive failure 

D. overzealous marketing 

Answer:


Q132. Why are Linux/Unix based computers better to use than Windows computers for idle scanning? 

A. Linux/Unix computers are easier to compromise 

B. Linux/Unix computers are constantly talking 

C. Windows computers are constantly talking 

D. Windows computers will not respond to idle scans 

Answer:


Q133. When examining a hard disk without a write-blocker, you should not start Windows because Windows will write data to the: 

A. Case files 

B. Recycle Bin 

C. BIOS 

D. MSDOS.SYS 

Answer:


Q134. You are working as an independent computer forensics investigator and receive a call from a systems administrator for a local school system requesting your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer Lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a simple backup copy of the hard drive in the PC and put it on this drive and requests that you examine the drive for evidence of the suspected images. You inform  

"Pass Any Exam. Any Time." -www.itexamworld.com 11 him that a simple backup copy will not provide deleted files or recover file fragments. What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceedings? 

A. incremental backup copy 

B. bit-stream copy 

C. robust copy 

D. full backup copy 

Answer:


Q135. You are assisting a Department of Defense contract company to become compliant with the stringent security policies set by the DoD. One such strict rule is that firewalls must only allow incoming connections that were first initiated by internal computers. What type of firewall must you implement to abide by this policy? 

A. Packet filtering firewall 

B. Circuit-level proxy firewall 

C. Application-level proxy firewall 

D. Statefull firewall 

Answer:


Replace EC0-349 test question:

Q136. You are trying to locate Microsoft Outlook Web Access Default Portal using Google search on the Internet. What search string will you use to locate them? 

A. allinurl:"exchange/logon.asp" 

B. intitle:"exchange server" 

C. locate:"logon page" 

D. outlook:"search" 

Answer:


Q137. From jie02@netvigator.com jie02@netvigator.com Tue Nov 27 17:27:11 2001 

Received: from viruswall.ie.cuhk.edu.hk (viruswall [137.189.96.52]) by eng.ie.cuhk.edu.hk 

(8.11.6/8.11.6) with ESMTP id 

fAR9RAP23061 for ; Tue, 27 Nov 2001 17:27:10 +0800 (HKT) 

Received: from mydomain.com (pcd249020.netvigator.com [203.218.39.20]) by 

viruswall.ie.cuhk.edu.hk (8.12.1/8.12.1) 

with SMTP id fAR9QXwZ018431 for ; Tue, 27 Nov 2001 17:26:36 +0800 (HKT) 

Message-Id: >200111270926.fAR9QXwZ018431@viruswall.ie.cuhk.edu.hk From: "china hotel web" To: "Shlam" Subject: SHANGHAI (HILTON HOTEL) PACKAGE Date: Tue, 27 Nov 2001 17:25:58 +0800 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal Reply-To: "china hotel web" 

A. 203.218.39.50 

B. 203.218.39.20 

C. 137.189.96.52 

D. 8.12.1.0 

Answer:


Q138. Jason has set up a honeypot environment by creating a DMZ that has no physical or logical access to his production network. In this honeypot, he has placed a server running Windows Active Directory. He has also placed a Web server in the DMZ that services a number of web pages that offer visitors a chance to download sensitive information by clicking on a button. A week later, Jason finds in his network logs how an intruder accessed the honeypot and downloaded sensitive information. Jason uses the logs to try and prosecute the intruder for stealing sensitive corporate information. Why will this not be viable? 

A. Entrapment 

B. Enticement 

C. Intruding into ahoneypot is not illegal 

D. Intruding into a DMZ is not illegal 

Answer:


Q139. What happens when a file is deleted by a Microsoft operating system using the FAT file system? 

A. only the reference to the file is removed from the FAT 

B. a copy of the file is stored and the original file is erased 

C. the file is erased and cannot be recovered 

D. the file is erased but can be recovered 

Answer:


Q140. As a CHFI professional, which of the following is the most important to your professional reputation? 

A. The correct, successful management of each and every case 

B. The fee that you charge 

C. Your certifications 

D. The friendship of local law enforcement officers 

Answer: