EC0-349無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator」

質問 1

If you are concerned about a high level of compression but not concerned about any possible data loss, what type of compression would you use?

（A）Lossless compression

（B）Lossful compression

（C）Lossy compression

（D）Time-loss compression

正解：C 解答を投票する

質問 2

Event correlation is a procedure that is assigned with a new meaning for a set of events that occur in a predefined interval of time.
Which type of correlation will you use if your organization wants to use different OS and network hardware platforms throughout the network?

（A）Same-platform correlation

（B）Cross-platform correlation

（C）Network-platform correlation

（D）Multiple-platform correlation

正解：B 解答を投票する

質問 3

FAT32 is a 32-bit version of FAT file system using smaller clusters and results in efficient storage capacity. What is the maximum drive size supported?

（A）3 terabytes

（B）2 terabytes

（C）4 terabytes

（D）1 terabytes

正解：B 解答を投票する

質問 4

When is it appropriate to use computer forensics?

（A）If employees do not care for their boss?management techniques

（B）If copyright and intellectual property theft/misuse has occurred

（C）If sales drop off for no apparent reason for an extended period of time

（D）If a financial institution is burglarized by robbers

正解：B 解答を投票する

質問 5

What type of attack sends SYN requests to a target system with spoofed IP addresses?

（A）Land

（B）Cross site scripting

（C）Ping of death

（D）SYN flood

正解：D 解答を投票する

質問 6

When should an MD5 hash check be performed when processing evidence?

（A）Before and after evidence examination

（B）Before the evidence examination has been completed

（C）After the evidence examination has been completed

（D）On an hourly basis during the evidence examination

正解：A 解答を投票する

質問 7

How many possible sequence number combinations are there in TCP/IP protocol?

（A）1 billion

（B）32 million

（C）320 billion

（D）4 billion

正解：D 解答を投票する

質問 8

Jones had been trying to penetrate a remote production system for the past two weeks. This time however, he is able to get into the system. He was able to use the system for a period of three weeks. However law enforcement agencies were recording his every activity and this was later presented as evidence. The organization had used a virtual environment to trap Jones. What is a virtual environment?

（A）A system using Trojaned commands

（B）An environment set up after the user logs in

（C）A honeypot that traps hackers

（D）An environment set up before an user logs in

正解：C 解答を投票する

質問 9

When cataloging digital evidence, the primary goal is to

（A）Make bit-stream images of all hard drives

（B）Not remove the evidence from the scene

（C）Preserve evidence integrity

（D）Not allow the computer to be turned off

正解：C 解答を投票する

質問 10

Michael works for Kimball Construction Company as senior security analyst. As part of yearly security audit, Michael scans his network for vulnerabilities. Using Nmap, Michael conducts XMAS scan and most of the ports scanned do not give a response. In what state are these ports?

（A）Filtered

（B）Stealth

（C）Open

（D）Closed

正解：C 解答を投票する

質問 11

Jonathan is a network administrator who is currently testing the internal security of his network.
He is attempting to hijack a session, using Ettercap, of a user connected to his Web server. Why will Jonathan not succeed?

（A）Only an HTTPS session can be hijacked

（B）Only FTP traffic can be hijacked

（C）Only DNS traffic can be hijacked

（D）HTTP protocol does not maintain session

正解：D 解答を投票する

質問 12

While searching through a computer under investigation, you discover numerous files that appear to have had the first letter of the file name replaced by the hex code byte 5h.?What does this indicate on the computer?replaced by the hex code byte ?5h.?What does this indicate on the computer?

（A）The files have been marked as hidden

（B）The files have been marked as read-only

（C）The files have been marked for deletion

（D）The files are corrupt and cannot be recovered

正解：C 解答を投票する

質問 13

A law enforcement officer may only search for and seize criminal evidence with
_______________________, which are facts or circumstances that would lead a reasonable person to believe a crime has been committed or is about to be committed, evidence of the specific crime exists and the evidence of the specific crime exists at the place to be searched.

（A）Mere Suspicion

（B）A preponderance of the evidence

（C）Probable cause

（D）Beyond a reasonable doubt

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

EC0-349 無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator」

弊社を連絡する

関連リンク

トップ試験