- Home
- EC-COUNCIL
- Computer Hacking Forensic Investigator
- EC-COUNCIL.EC0-349.v2018-03-15.q294
- Question 21
Valid EC0-349 Dumps shared by ExamDiscuss.com for Helping Passing EC0-349 Exam! ExamDiscuss.com now offer the newest EC0-349 exam dumps, the ExamDiscuss.com EC0-349 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com EC0-349 dumps with Test Engine here:
Access EC0-349 Dumps Premium Version
(490 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 21/294
What file structure database would you expect to find on floppy disks?
Correct Answer: C
- Question List (294q)
- Question 1: What advantage does the tool Evidor have over the built-in W...
- Question 2: What is kept in the following directory? HKLM\SECURITY\Polic...
- Question 3: Jack Smith is a forensics investigator who works for Mason C...
- Question 4: Steven has been given the task of designing a computer foren...
- Question 5: Michael works for Kimball Construction Company as senior sec...
- Question 6: You have completed a forensic investigation case. You would ...
- Question 7: While looking through the IIS log file of a web server, you ...
- Question 8: What feature of Windows is the following command trying to u...
- Question 9: Julia is a senior security analyst for Berber Consulting gro...
- Question 10: You are called by an author who is writing a book and he wan...
- 1 commentQuestion 11: Jacob is a computer forensics investigator with over 10 year...
- Question 12: What feature of Decryption Collection allows an investigator...
- Question 13: Hackers can gain access to Windows Registry and manipulate u...
- Question 14: The offset in a hexadecimal code is:...
- Question 15: Software firewalls work at which layer of the OSI model?...
- Question 16: You work as an IT security auditor hired by a law firm in Bo...
- Question 17: In the context of file deletion process, which of the follow...
- Question 18: What is one method of bypassing a system BIOS password?...
- Question 19: You have used a newly released forensic investigation tool, ...
- 1 commentQuestion 20: After attending a CEH security seminar, you make a list of c...
- Question 21: What file structure database would you expect to find on flo...
- Question 22: What does mactime, an essential part of the coroner's toolki...
- Question 23: You are contracted to work as a computer forensics investiga...
- Question 24: The following excerpt is taken from a honeypot log that was ...
- Question 25: Your company's network just finished going through a SAS 70 ...
- Question 26: Which part of the Windows Registry contains the user's passw...
- Question 27: This is original file structure database that Microsoft orig...
- Question 28: Windows identifies which application to open a file with by ...
- Question 29: If a suspect computer is located in an area that may have to...
- Question 30: An on-site incident response team is called to investigate a...
- Question 31: Heather, a computer forensics investigator, is assisting a g...
- Question 32: What stage of the incident handling process involves reporti...
- Question 33: You are the network administrator for a small bank in Dallas...
- Question 34: What operating system would respond to the following command...
- Question 35: To make sure the evidence you recover and analyze with compu...
- Question 36: Julie is a college student majoring in Information Systems a...
- Question 37: What is a good security method to prevent unauthorized users...
- Question 38: George is a senior security analyst working for a state agen...
- Question 39: You have been asked to investigate after a user has reported...
- Question 40: You are working for a large clothing manufacturer as a compu...
- Question 41: Paul's company is in the process of undergoing a complete se...
- Question 42: Which of the following is NOT a graphics file?...
- Question 43: In handling computer-related incidents, which IT role should...
- Question 44: ____________________ is simply the application of Computer I...
- Question 45: When using an iPod and the host computer is running Windows,...
- Question 46: Corporate investigations are typically easier than public in...
- Question 47: Tyler is setting up a wireless network for his business that...
- Question 48: You are called in to assist the police in an investigation i...
- Question 49: After passively scanning the network of Department of Defens...
- Question 50: Diskcopy is:
- Question 51: Frank is working on a vulnerability assessment for a company...
- Question 52: This type of testimony is presented by someone who does the ...
- Question 53: Area density refers to:
- Question 54: What will the following URL produce in an unpatched IIS Web ...
- Question 55: The use of warning banners helps a company avoid litigation ...
- Question 56: The following is a log file screenshot from a default instal...
- Question 57: To preserve digital evidence, an investigator should _______...
- Question 58: After undergoing an external IT audit, George realizes his n...
- Question 59: You are running known exploits against your network to test ...
- Question 60: If a PDA is seized in an investigation while the device is t...
- Question 61: When reviewing web logs, you see an entry for resource not f...
- Question 62: You setup SNMP in multiple offices of your company. Your SNM...
- Question 63: Which Intrusion Detection System (IDS) usually produces the ...
- Question 64: A forensics investigator is searching the hard drive of a co...
- Question 65: Larry is an IT consultant who works for corporations and gov...
- Question 66: You are using DriveSpy, a forensic tool and want to copy 150...
- Question 67: What is the following command trying to accomplish?...
- Question 68: What is the smallest physical storage unit on a hard drive?...
- Question 69: When cataloging digital evidence, the primary goal is to...
- Question 70: When obtaining a warrant, it is important to:...
- Question 71: Paul is a computer forensics investigator working for Tyler ...
- Question 72: When investigating a computer forensics case where Microsoft...
- Question 73: When monitoring for both intrusion and security events betwe...
- Question 74: After passing her CEH exam, Carol wants to ensure that her n...
- Question 75: Why would a company issue a dongle with the software they se...
- Question 76: With Regard to using an Antivirus scanner during a computer ...
- Question 77: How many bits is Source Port Number in TCP Header packet?...
- Question 78: Davidson Trucking is a small transportation company that has...
- Question 79: You are working as Computer Forensics investigator and are c...
- Question 80: What is considered a grant of a property right given to an i...
- Question 81: A picture file is recovered from a computer under investigat...
- Question 82: A small law firm located in the Midwest has possibly been br...
- Question 83: Paraben Lockdown device uses which operating system to write...
- Question 84: You are running through a series of tests on your network to...
- Question 85: You are working as an independent computer forensics investi...
- Question 86: An Employee is suspected of stealing proprietary information...
- Question 87: At what layer of the OSI model do routers function on?...
- Question 88: An Expert witness give an opinion if:...
- Question 89: Bob has been trying to penetrate a remote production system ...
- Question 90: Bill is the accounting manager for Grummon and Sons LLC in C...
- Question 91: You have been asked to investigate the possibility of comput...
- Question 92: When examining the log files from a Windows IIS Web Server, ...
- Question 93: Why would you need to find out the gateway of a device when ...
- Question 94: When an investigator contacts by telephone the domain admini...
- Question 95: What technique used by Encase makes it virtually impossible ...
- Question 96: As a security analyst, you setup a false survey website that...
- Question 97: You work as a penetration tester for Hammond Security Consul...
- Question 98: What will the following command produce on a website login p...
- Question 99: Harold is finishing up a report on a case of network intrusi...
- Question 100: Why is it a good idea to perform a penetration test from the...
- Question 101: Under which Federal Statutes does FBI investigate for comput...
- Question 102: When should an MD5 hash check be performed when processing e...
- Question 103: What does the superblock in Linux define?...
- Question 104: Office documents (Word, Excel, PowerPoint) contain a code th...
- Question 105: You have been called in to help with an investigation of an ...
- Question 106: Cylie is investigating a network breach at a state organizat...
- Question 107: Sectors in hard disks typically contain how many bytes?...
- Question 108: When investigating a potential e-mail crime, what is your fi...
- Question 109: Harold wants to set up a firewall on his network but is not ...
- Question 110: In the following email header, where did the email first ori...
- Question 111: You are a computer forensics investigator working with local...
- Question 112: Chris has been called upon to investigate a hacking incident...
- Question 113: An employee is attempting to wipe out data stored on a coupl...
- Question 114: In Microsoft file structures, sectors are grouped together t...
- Question 115: In a FAT32 system, a 123 KB file will use how many sectors?...
- Question 116: What will the following command accomplish?...
- Question 117: Which of the following should a computer forensics lab used ...
- Question 118: Item 2If you come across a sheepdip machine at your client s...
- Question 119: Microsoft Outlook maintains email messages in a proprietary ...
- Question 120: Simon is a former employee of Trinitron XML Inc. He feels he...
- Question 121: Jonathan is a network administrator who is currently testing...
- Question 122: Meyer Electronics Systems just recently had a number of lapt...
- Question 123: It takes _____________ mismanaged case/s to ruin your profes...
- Question 124: In conducting a computer abuse investigation you become awar...
- Question 125: You just passed your ECSA exam and are about to start your f...
- Question 126: When investigating a network that uses DHCP to assign IP add...
- Question 127: The rule of thumb when shutting down a system is to pull the...
- Question 128: In the following directory listing, (Exhibit) Which file sho...
- Question 129: Daryl, a computer forensics investigator, has just arrived a...
- Question 130: When examining a hard disk without a write-blocker, you shou...
- Question 131: What layer of the OSI model do TCP and UDP utilize?...
- Question 132: You are trying to locate Microsoft Outlook Web Access Defaul...
- Question 133: If you discover a criminal act while investigating a corpora...
- Question 134: Jim performed a vulnerability analysis on his network and fo...
- Question 135: In a computer forensics investigation, what describes the ro...
- Question 136: Before performing a logical or physical search of a drive in...
- Question 137: While presenting his case to the court, Simon calls many wit...
- Question 138: Which legal document allows law enforcement to search an off...
- Question 139: George is performing security analysis for Hammond and Sons ...
- Question 140: During an investigation, an employee was found to have delet...
- Question 141: Lance wants to place a honeypot on his network. Which of the...
- Question 142: All Blackberry email is eventually sent and received through...
- Question 143: What is the target host IP in the following command?...
- Question 144: You are conducting an investigation of fraudulent claims in ...
- Question 145: What type of attack occurs when an attacker can force a rout...
- Question 146: If you plan to startup a suspect's computer, you must modify...
- Question 147: You are carrying out the last round of testing for your new ...
- Question 148: How many characters long is the fixed-length MD5 algorithm c...
- Question 149: The efforts to obtain information before a trail by demandin...
- Question 150: You should make at least how many bit-stream copies of a sus...
- Question 151: Using Linux to carry out a forensics investigation, what wou...
- Question 152: John is using Firewalk to test the security of his Cisco PIX...
- Question 153: The MD5 program is used to:
- Question 154: Law enforcement officers are conducting a legal search for w...
- Question 155: Where are files temporarily written in Unix when printing?...
- Question 156: When a file is deleted by Windows Explorer or through the MS...
- Question 157: What type of analysis helps to identify the time and sequenc...
- Question 158: Volatile Memory is one of the leading problems for forensics...
- Question 159: What is the slave device connected to the secondary IDE cont...
- Question 160: On an Active Directory network using NTLM authentication, wh...
- Question 161: When performing a forensics analysis, what device is used to...
- Question 162: Why is it still possible to recover files that have been emp...
- Question 163: Profiling is a forensics technique for analyzing evidence wi...
- Question 164: When conducting computer forensic analysis, you must guard a...
- Question 165: In a forensic examination of hard drives for digital evidenc...
- Question 166: The police believe that Melvin Matthew has been obtaining un...
- Question 167: As a CHFI professional, which of the following is the most i...
- Question 168: What must an investigator do before disconnecting an iPod fr...
- Question 169: John and Hillary works at the same department in the company...
- Question 170: From the following spam mail header, identify the host IP th...
- Question 171: Jessica works as systems administrator for a large electroni...
- Question 172: When marking evidence that has been collected with the aa/dd...
- Question 173: What binary coding is used most often for e-mail purposes?...
- Question 174: Where is the default location for Apache access logs on a Li...
- Question 175: If you are concerned about a high level of compression but n...
- Question 176: The following excerpt is taken from a honeypot log. The log ...
- Question 177: Harold is a web designer who has completed a website for ght...
- Question 178: A forensics investigator needs to copy data from a computer ...
- Question 179: What will the following command accomplish? dd if=/dev/xxx o...
- Question 180: What does the acronym POST mean as it relates to a PC?...
- 1 commentQuestion 181: Given the drive dimensions as follows and assuming a sector ...
- Question 182: What type of flash memory card comes in either Type I or Typ...
- Question 183: When investigating a Windows System, it is important to view...
- Question 184: Jason has set up a honeypot environment by creating a DMZ th...
- Question 185: You are assisting a Department of Defense contract company t...
- Question 186: You are working for a local police department that services ...
- Question 187: E-mail logs contain which of the following information to he...
- Question 188: One technique for hiding information is to change the file e...
- Question 189: Where is the startup configuration located on a router?...
- Question 190: Harold is a computer forensics investigator working for a co...
- Question 191: Why are Linux/Unix based computers better to use than Window...
- Question 192: What does ICMP Type 3/Code 13 mean?...
- Question 193: What information do you need to recover when searching a vic...
- Question 194: Kyle is performing the final testing of an application he de...
- Question 195: During the course of a corporate investigation, you find tha...
- Question 196: What method of computer forensics will allow you to trace al...
- Question 197: What encryption technology is used on Blackberry devices Pas...
- Question 198: When is it appropriate to use computer forensics?...
- Question 199: You have compromised a lower-level administrator account on ...
- Question 200: Which is a standard procedure to perform during all computer...
- Question 201: Which of the following refers to the data that might still e...
- Question 202: What is the name of the Standard Linux Command that is also ...
- Question 203: When you are running a vulnerability scan on a network and t...
- Question 204: Your company uses Cisco routers exclusively throughout the n...
- Question 205: A packet is sent to a router that does not have the packet d...
- Question 206: How many characters long is the fixed-length MD5 algorithm c...
- Question 207: What will the following Linux command accomplish? dd if=/dev...
- Question 208: What are the security risks of running a "repair" installati...
- Question 209: The newer Macintosh Operating System is based on:...
- Question 210: A honey pot deployed with the IP 172.16.1.108 was compromise...
- Question 211: Melanie was newly assigned to an investigation and asked to ...
- Question 212: What is the first step taken in an investigation for laborat...
- Question 213: How many possible sequence number combinations are there in ...
- Question 214: Travis, a computer forensics investigator, is finishing up a...
- Question 215: Which program is the bootloader when Windows XP starts up?...
- Question 216: What method of copying should always be performed first befo...
- Question 217: You are employed directly by an attorney to help investigate...
- Question 218: When you carve an image, recovering the image depends on whi...
- Question 219: You are a security analyst performing reconnaissance on a co...
- Question 220: What is the CIDR from the following screenshot? (Exhibit)...
- Question 221: When examining a file with a Hex Editor, what space does the...
- Question 222: What type of attack sends spoofed UDP packets (instead of pi...
- Question 223: What type of attack sends SYN requests to a target system wi...
- Question 224: Sniffers that place NICs in promiscuous mode work at what la...
- Question 225: When making the preliminary investigations in a sexual haras...
- Question 226: Which federal computer crime law specifically refers to frau...
- Question 227: Why should you never power on a computer that you need to ac...
- Question 228: When reviewing web logs, you see an entry for resource not f...
- Question 229: You are the security analyst working for a private company o...
- Question 230: On Linux/Unix based Web servers, what privilege should the d...
- Question 231: How many times can data be written to a DVD+R disk?...
- Question 232: What header field in the TCP/IP protocol stack involves the ...
- Question 233: When setting up a wireless network with multiple access poin...
- Question 234: The objective of this act was to protect consumers' personal...
- Question 235: An investigator is searching through the firewall logs of a ...
- Question 236: Where does Encase search to recover NTFS files and folders?...
- Question 237: Jason is the security administrator of ACMA metal Corporatio...
- Question 238: At what layer does a cross site scripting attack occur on?...
- Question 239: In a virtual test environment, Michael is testing the streng...
- Question 240: What TCP/UDP port does the toolkit program netstat use?...
- Question 241: When needing to search for a website that is no longer prese...
- Question 242: When carrying out a forensics investigation, why should you ...
- Question 243: When using Windows acquisitions tools to acquire digital evi...
- Question 244: An "idle" system is also referred to as what?...
- Question 245: If you see the files Zer0.tar.gz and copy.tar.gz on a Linux ...
- Question 246: Madison is on trial for allegedly breaking into her universi...
- Question 247: John is working as a computer forensics investigator for a c...
- Question 248: James is testing the ability of his routers to withstand DoS...
- Question 249: While searching through a computer under investigation, you ...
- Question 250: Which forensic investigating concept trails the whole incide...
- Question 251: You are a security analyst performing a penetration tests fo...
- Question 252: To check for POP3 traffic using Ethereal, what port should a...
- Question 253: A law enforcement officer may only search for and seize crim...
- Question 254: In General, __________________ Involves the investigation of...
- Question 255: What technique is used by JPEGs for compression?...
- Question 256: You are assigned to work in the computer forensics lab of a ...
- Question 257: Study the log given below and answer the following question:...
- Question 258: What happens when a file is deleted by a Microsoft operating...
- Question 259: Kimberly is studying to be an IT security analyst at a vocat...
- Question 260: When investigating a wireless attack, what information can b...
- Question 261: This organization maintains a database of hash signatures fo...
- Question 262: George is the network administrator of a large Internet comp...
- Question 263: One way to identify the presence of hidden partitions on a s...
- Question 264: Printing under a Windows Computer normally requires which on...
- Question 265: You are assisting in the investigation of a possible Web Ser...
- Question 266: Before you are called to testify as an expert, what must an ...
- Question 267: What hashing method is used to password protect Blackberry d...
- Question 268: Using Internet logging software to investigate a case of mal...
- Question 269: Why should you note all cable connections for a computer you...
- Question 270: What should you do when approached by a reporter about a cas...
- Question 271: A computer forensics investigator is inspecting the firewall...
- Question 272: Office Documents (Word, Excel and PowerPoint) contain a code...
- Question 273: When operating systems mark a cluster as used but not alloca...
- Question 274: Preparing an image drive to copy files to is the first step ...
- Question 275: How often must a company keep log files for them to be admis...
- Question 276: Under confession, an accused criminal admitted to encrypting...
- Question 277: What type of equipment would a forensics investigator store ...
- Question 278: The ____________________ refers to handing over the results ...
- Question 279: In Linux, what is the smallest possible shellcode?...
- Question 280: With the standard Linux second extended file system (Ext2fs)...
- Question 281: While working for a prosecutor, what do you think you should...
- Question 282: What will the following command accomplish in Linux? fdisk /...
- Question 283: Which of the following file system is used by Mac OS X?...
- Question 284: Harold is a security analyst who has just run the rdisk /s c...
- Question 285: You are working in the security Department of law firm. One ...
- Question 286: Terri works for a security consulting firm that is currently...
- Question 287: If an attacker's computer sends an IPID of 31400 to a zombie...
- Question 288: You are working on a thesis for your doctorate degree in Com...
- Question 289: In what way do the procedures for dealing with evidence in a...
- Question 290: John is working on his company policies and guidelines. The ...
- Question 291: Which response organization tracks hoaxes as well as viruses...
- Question 292: What term is used to describe a cryptographic technique for ...
- Question 293: How many sectors will a 125 KB file use in a FAT32 file syst...
- Question 294: A(n) _____________________ is one that's performed by a comp...
