You will probably find its to your best benefit to learn a variety of EC0-349 recognition packages together with free EC-Council EC0-349 recognition solutions, as this will make you more vital as being an staff member. Using our full EC-Council EC0-349 recognition training program, you can prevent the EC0-349 recognition expense and also be willing to cross the EC-Council EC0-349 recognition checks, 100% Cash back guarantee enclosed!
2021 Nov EC0-349 answers
Q31. Profiling is a forensics technique for analyzing evidence with the goal of identifying the perpetrator from their pervious activity. After a computer has been compromised by a hacker, which of the following would be most important in forming a profile of the incident?
A. The vulnerability exploited in the incident
B. The manufacture of the system compromised
C. The nature of the attack
D. The logic, formatting and elegance of the code used in the attack
Answer: D
Q32. What type of file is represented by a colon (:) with a name following it in the Master File Table (MFT) of an NTFS disk?
A. a reserved file
B. a compressed file
C. a data streamfile
D. an encrypted file
Answer: C
Q33. What is the name of the standard Linux command that is also available as a Windows application that can be used to create bit-stream images?
A. dd
B. mcopy
C. image
D. MD5
Answer: A
Q34. What does mactime, an essential part of the coroner's toolkit do?
A. It traverses the file system and produces a listing of all files based on the modification, access and change timestamps
B. It is a tool specific to the MAC OS and forms a core component of the toolkit
C. The toolsscans for i-node information, which is used by other tools in the tool kit
D. It can recover deleted file space and search it for data. However, it does not allow the investigator to preview them
Answer: A
Q35. Which of following refers to the data that might still exist in a cluster even though the original file
A. Sector
B. Slack Space
C. MFT
D. Metadata
Answer: B
Rebirth EC0-349 question:
Q36. To preserve digital evidence, an investigator should .
A. only store the original evidence item
B. make a single copy of each evidence item using an approved imaging tool
C. make two copies of each evidence item using different imaging tools
D. make two copies of each evidence item using a single imaging tool
Answer: C
Q37. Which of following refers to the data that might still exist in a cluster even though the original file has been overwritten by another file?
A. Sector
B. Slack Space
C. Metadata
D. MFT
Answer: B
Q38. A. HKEY_CURRENT_CONFIGURATION
B. HKEY_USER
C. HKEY_CURRENT_USER
D. HKEY_LOCAL_MACHINE
Answer: B
Q39. John is using Firewalk to test the security of his Cisco PIX firewall. He is also utilizing a sniffer located on a subnet that resides deep inside his network. After analyzing the sniffer log files, he does not see any of the traffic produced by Firewalk. Why is that?
A. Firewalk cannot pass through Cisco firewalls
B. Firewalk sets all packets with a TTL of zero
A. Enable direct broadcasts
B. Disable direct broadcasts
C. Disable BGP
D. Enable BGP
Answer: B
Q40. A(n) is one that performed by a computer program rather than the attacker manually performing the steps in the attack sequence.
A. blackout attack
B. central processing attack
C. automated attack
D. distributed attack
Answer: C