Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple70

Pass the ECCouncil Certification EC0-349 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.
Exam EC0-349 Premium Access

View all detail and faqs for the EC0-349 exam

Go to Exam

382 Students Passed

88% Average Score

98% Same Questions
Viewing page 1 out of 5 pages
Viewing questions 1-10 out of questions
Questions # 1:

Which is a standard procedure to perform during all computer forensics investigations?

Options:

A.

With the hard drive in the suspect PC, check the date and time in the system CMOSWith the hard drive in the suspect PC, check the date and time in the system? CMOS

B.

With the hard drive removed from the suspect PC, check the date and time in the system CMOSWith the hard drive removed from the suspect PC, check the date and time in the system? CMOS

C.

With the hard drive in the suspect PC, check the date and time in the File Allocation Table

D.

With the hard drive removed from the suspect PC, check the date and time in the system RAMWith the hard drive removed from the suspect PC, check the date and time in the system? RAM

Questions # 2:

You are called in to assist the police in an investigation involving a suspected drug dealer. The police searched the suspect house after aYou are called in to assist the police in an investigation involving a suspected drug dealer. The police searched the suspect? house after a warrant was obtained and they located a floppy disk in the suspect bedroom. The disk contains several files, but they appear to be passwordwarrant was obtained and they located a floppy disk in the suspect? bedroom. The disk contains several files, but they appear to be password protected. What are two common methods used by password cracking software that you could use to obtain the password?

Options:

A.

Limited force and library attack

B.

Brute force and dictionary attack

C.

Maximum force and thesaurus attack

D.

Minimum force and appendix attack

Questions # 3:

You are called by an author who is writing a book and he wants to know how long the copyright for his book will last after he has the book published?

Options:

A.

70 years

B.

The life of the author

C.

The life of the author plus 70 years

D.

Copyrights last forever

Questions # 4:

What must an investigator do before disconnecting an iPod from any type of computer?

Options:

A.

Unmount the iPod

B.

Mount the iPod

C.

Disjoin the iPod

D.

Join the iPod

Questions # 5:

Given the drive dimensions as follows and assuming a sector has 512 bytes, what is the capacity of the described hard drive?

22,164 cylinders/disk

80 heads/cylinder

63 sectors/track

Options:

A.

53.26 GB

B.

57.19 GB

C.

11.17 GB

D.

10 GB

Questions # 6:

What advantage does the tool Evidor have over the built-in Windows search?

Options:

A.

It can find deleted files even after they have been physically removed

B.

It can find bad sectors on the hard drive

C.

It can search slack space

D.

It can find files hidden within ADS

Questions # 7:

When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?

Options:

A.

Write-blocker

B.

Protocol analyzer

C.

Firewall

D.

Disk editor

Questions # 8:

During an investigation, an employee was found to have deleted harassing emails that were sent to someone else. The company was using Microsoft Exchange and had message tracking enabled. Where could the investigator search to find the message tracking log file on the Exchange server?

Options:

A.

C:\Program Files\Exchsrvr\servername.log

B.

D:\Exchsrvr\Message Tracking\servername.log

C.

C:\Exchsrvr\Message Tracking\servername.log

D.

C:\Program Files\Microsoft Exchange\srvr\servername.log

Questions # 9:

Preparing an image drive to copy files to is the first step in Linux forensics. For this purpose, what would the following command accomplish? dcfldd if=/dev/zero of=/dev/hda bs=4096 conv=noerror, sync

Options:

A.

Fill the disk with zeros

B.

Low-level format

C.

Fill the disk with 4096 zeros

D.

Copy files from the master disk to the slave disk on the secondary IDE controller

Questions # 10:

John is working as a computer forensics investigator for a consulting firm in Canada. He is called to seize a computer at a local web caf?John is working as a computer forensics investigator for a consulting firm in Canada. He is called to seize a computer at a local web caf purportedly used as a botnet server. John thoroughly scans the computer and finds nothing that would lead him to think the computer was a botnet server. John decides to scan the virtual memory of the computer to possibly find something he had missed. What information will the virtual memory scan produce?

Options:

A.

It contains the times and dates of when the system was last patched

B.

It is not necessary to scan the virtual memory of a computer

C.

It contains the times and dates of all the system files

D.

Hidden running processes

Viewing page 1 out of 5 pages
Viewing questions 1-10 out of questions
TOP CODES

TOP CODES

Top selling exam codes in the certification world, popular, in demand and updated to help you pass on the first try.

2V0-11.25
ADM-201
Agentforce-Specialist
CMMC-CCP
Data-Cloud-Consultant
PCNSE
PDI
PSE-Strata-Pro-24
Secure-Software-Design
Sharing-and-Visibility-Architect
Workday-Pro-Integrations
ZDTA