Cause all that matters here is passing the EC-Council EC0-349 exam. Cause all that you need is a high score of EC0-349 Computer Hacking Forensic Investigator exam. The only one thing you need to do is downloading Ucertify EC0-349 exam study guides now. We will not let you down with our money-back guarantee.

2016 Nov EC0-349 exams

Q71. This is the original file structure database that Microsoft originally designed for floppy disks. It is written to the outermost track of a disk and contains information about each file stored on the drive. 

A. Disk Operating System (DOS) 

B. Master File Table (MFT) 

C. Master Boot Record (MBR) 

D. File Allocation Table (FAT) 


Q72. A suspect is accused of violating the acceptable use of computing resources, as he has visited adult websites and downloaded images. The investigator wants to demonstrate that the suspect did indeed visit these sites. However, the suspect has cleared the search history and emptied the cookie cache. Moreover, he has removed any images he might have downloaded. What can the investigator do to prove the violation? Choose the most feasible option. 

A. Seek the help of co-workers who are eye-witnesses 

C. Image the disk and try to recover deleted files 

D. Approach the websites for evidence 


Q73. Which is a standard procedure to perform during all computer forensics investigations? 

A. with the hard drive in the suspect PC, check the date and time in the File Allocation Table 

B. with the hard drive in the suspect PC, check the date and time in the systems CMOS 

C. with the hard drive removed from the suspect PC, check the date and time in the systems RAM 

D. with the hard drive removed from the suspect PC, check the date and time in the systems CMOS 


Q74. If a suspect's computer is located in an area that may have toxic chemicals, you must 

A. determine a way to obtain the suspect computer 

B. coordinate with the HAZMAT team 

C. do not enter alone 

D. assume the suspect machine is contaminated 


Q75. If you plan to startup a suspect's computer, you must modify the   to ensure that you do not contaminate or alter data on the suspect's hard drive by booting to the hard drive. 


B. Boot.sys 

C. deltree command 

D. Scandisk utility 


Renewal EC0-349 testing engine:

Q76. A state department site was recently attacked and all the servers had their hard disks erased. The incident response team sealed the area and commenced investigation. During evidence collection, they came across a zip disk that did not have the standard labeling on it. The incident team ran the disk on an isolated system and found that the system disk was accidentally erased. They decided to call in the FBI for further investigation. Meanwhile, they short listed possible suspects including three summer interns. Where did the incident team go wrong? 

A. They examined the actual evidence on an unrelated system 

B. They tampered with the evidence by using it 

C. They attempted to implicate personnel without proof 

D. They called in the FBI without correlating with the fingerprint data 


Q77. After normal working hours, you initiate a DoS attack against your external firewall. The firewall Quickly freezes up and becomes unusable. You then initiate an FTP connection from an external IP into your internal network. The connection is successful even though you have FTP blocked at the external firewall. What has happened? 

A. The firewall failed-bypass 

B. The firewall failed-closed 

C. The firewall ACL has been purged 

D. The firewall failed-open 


Q78. When reviewing web logs, you see an entry for resource not found in the HTTP status code field. What is the actual error code that you would see in the log for resource not found? 

A. 202 

B. 909 

C. 404 

D. 606 


Q79. An employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the employees computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekend. You detain the employee before he leaves the building and recover the floppy disk and secure his computer. Will you be able to break the encryption so that you can verify that the employee was in possession of the proprietary information? 

A. When the encrypted file was copied to the floppy disk, it was automatically unencrypted, so you can recover the information. 

B. EFSuses a 128-bit key that cannot be cracked, so you will not be able to recover the information. 

C. When the encrypted file was copied to the floppy disk, the EFS private key was also copied to the floppy disk, so you can recover the information. 

D. The EFS Revoked Key Agent can be used on the computer to recover the information. 


Q80. What binary coding is used most often for e-mail purposes? 



C. Uuencode