Cause all that matters here is passing the EC-Council EC0-349 exam. Cause all that you need is a high score of EC0-349 Computer Hacking Forensic Investigator exam. The only one thing you need to do is downloading Actualtests EC0-349 exam study guides now. We will not let you down with our money-back guarantee.

2016 Nov EC0-349 simulations

Q1. What does mactime, an essential part of the coroner's toolkit do? 

A. It is a tool specific to the MAC OS and forms a core component of the toolkit 

B. It traverses the file system and produces a listing of all files based on the modification, access and change timestamps 

C. The toolsscans for i-node information, which is used by other tools in the tool kit 

D. It can recover deleted file space and search it for data. However, it does not allow the investigator to preview them 


Q2. Click on the Exhibit Button Paulette works for an IT security consulting company that is currently performing an audit for the firm ACE Unlimited. Paulette's duties include logging on to all the company's network equipment to ensure IOS versions are up-to-date and all the other security settings are as stringent as possible. Paulette presents the following screenshot to her boss so he can inform the client about necessary changes need to be made. From the screenshot, what changes should the client company make? 

A. Remove any identifying numbers, names, or version information 

B. The banner should have more detail on the version numbers for the networkeQuipment 

C. The banner should not state "only authorized IT personnel may proceed" 

D. The banner should include the Cisco tech support contact information as well 


Q3. video discs (DVDs) by using a large magnet. You inform him that this method will not be effective in wiping out the data because CDs and DVDs are   media used to store large amounts of data and are not affected by the magnet. 

A. anti-magnetic 

B. magnetic 

C. logical 

D. optical 


Q4. In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court? 

A. chain of custody 

B. law of probability 

C. rules of evidence 

D. policy of separation 


Q5. Kimberly is studying to be an IT security analyst at a vocational school in her town. The school offers many different programming as well as networking languages. What networking protocol language should she learn that routers utilize? 






Leading EC0-349 free draindumps:

Q6. Volatile memory is one of the leading problems for forensics. Worms such as Code Red are memory resident and do write themselves to the hard drive, if you turn the system off they disappear. In a lab environment, which of the following options would you suggest as the most appropriate to overcome the problem of capturing volatile memory? 

A. Use intrusion forensic techniques to study memory resident infections 

B. Create a separate partition of several hundred megabytes and place the swap file there 

D. make an MD5 hash of the evidence and compare it with the original MD5 hash that was taken when the evidence first entered the lab 


Q7. In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court? 

A. rules of evidence 

B. chain of custody 

C. policy of separation 

D. law of probability 


Q8. You are working in the Security Department of a law firm. One of the attorneys asks you about the topic of sending fake email because he has a client who has been charged with doing just that. His client alleges that he is innocent and that there is no way for a fake email to actually be sent. You inform the attorney that his client is mistaken and that fake email is a possibility and that you can prove it. You return to your desk and craft a fake email to the attorney that appears to come from his boss. What port do you send the email to on the companys SMTP server? 

A. 135 

B. 110 

C. 10 

D. 25 


Q9. With regard to using an antivirus scanner during a computer forensics investigation, you should: 

A. scan your forensics workstation at intervals of no more than once every five minutes during an investigation 

B. scan your forensics workstation before beginning an investigation 

C. neverrun a scan on your forensics workstation because it could change your systems configuration 

D. scan the suspect hard drive before beginning an investigation 


Q10. When conducting computer forensic analysis, you must guard against   so that you remain focused on the primary job and insure that the level of work does not increase beyond what was originally expected. 

A. hard drive failure 

B. scope creep 

C. unauthorized expenses 

D. overzealous marketing