Want to know Testking EC0-349 Exam practice test features? Want to lear more about EC-Council Computer Hacking Forensic Investigator certification experience? Study Top Quality EC-Council EC0-349 answers to Refresh EC0-349 questions at Testking. Gat a success with an absolute guarantee to pass EC-Council EC0-349 (Computer Hacking Forensic Investigator) test on your first attempt.
2021 Nov EC0-349 book
Q11. During the course of an investigation, you locate evidence that may prove the innocence of the suspect of the investigation. You must maintain an unbiased opinion and be objective in your entire fact finding process. Therefore you report this evidence. This type of evidence is known as:
A. Exculpatory evidence
B. Terrible evidence
C. Inculpatory evidence
D. Mandatory evidence
Answer: A
Q12. The use of warning banners helps a company avoid litigation by overcoming an employees assumed when connecting to the companys intranet, network, or virtual private network (VPN) and will allow the companys investigators to monitor, search, and retrieve information stored within the network.
A. right to Internet access
B. right of privacy
C. right to work
D. right of free speech
Answer: B
Q13. Which is a standard procedure to perform during all computer forensics investigations?
A. with the hard drive removed from the suspect PC, check the date and time in the systems RAM
B. with the hard drive removed from the suspect PC, check the date and time in the systems CMOS
C. with the hard drive in the suspect PC, check the date and time in the systems CMOS
D. with the hard drive in the suspect PC, check the date and time in the File Allocation Table
Answer: B
Q14. firm to investigate possible computer abuse by one of the firms employees. You meet with the owner of the firm and discover that the company has never published a policy stating that they reserve the right to inspect their computing assets at will. What do you do?
A. inform the owner that conducting an investigation without a policy is a violation of the 4th Amendment
B. inform the owner that conducting an investigation without a policy is a violation of the employees expectation of privacy
C. inform the owner that conducting an investigation without a policy is not a problem because the company is privately owned
D. inform the owner that conducting an investigation without a policy is not a problem because a
policy is only necessary for government agencies
Answer: B
Q15. You are working for a large clothing manufacturer as a computer forensics investigator and are called in to investigate an unusual case of an employee possibly stealing clothing designs from the company and selling them under a different brand name for a different company. What you discover during the course of the investigation is that the clothing designs are actually original products of the employee and the company has no policy against an employee selling his own designs on his own time. The only thing that you can find that the employee is doing wrong is that his clothing design incorporates the same graphic symbol as that of the company with only the wording in the graphic being different. What area of the law is the employee violating?
A. patent law
B. copyright law
C. IP Law
D. trademark law
Answer: B
Refresh EC0-349 practice:
Q16. How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?
A. 16
B. 64 C. 32
D. 48
Answer: C
Q17. Melanie was newly assigned to an investigation and asked to make a copy of all the evidence from the compromised system. Melanie did a DOS copy of all the files on the system. What would be the primary reason for you to recommend a disk imaging tool?
A. Evidence file format will contain case data entered by the examiner and encrypted at the beginning of the evidence file
B. A disk imaging tool would check for CRC32s for internal self checking and validation and have MD5 checksum
C. There is no case for an imaging tool as it will use a closed, proprietary format that if compared to the original will not match up sector for sector
D. A simple DOS copy will not include deleted files, file slack and other information
Answer: D
Q18. so that you remain focused on the primary job and insure that the level of work does not increase beyond what was originally expected.
A. hard drive failure
B. scope creep
C. unauthorized expenses
D. overzealous marketing
Answer: B
Q19. In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?
A. law of probability
B. rules of evidence
C. policy of separation
D. chain of custody
Answer: D
Q20. You have used a newly released forensic investigation tool, which doesnt meet the Daubert Test, during a case. The case has ended-up in court. What argument could the defense make to weaken your case?
A. The toolhasnt been tested by the International Standards Organization (ISO)
B. You are not certified for using the tool
C. Only the local law enforcement should use the tool
D. The tool has not been reviewed and accepted by your peers
Answer: D