EC0-349無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator」

質問 1

What file is processed at the end of a Windows XP boot to initialize the logon dialog box?

（A）NTLDR

（B）LSASS.EXE

（C）NTOSKRNL.EXE

（D）NTDETECT.COM

正解：B 解答を投票する

質問 2

A mobile operating system is the operating system that operates a mobile device like a mobile phone, smartphone, PDA, etc. It determines the functions and features available on mobile devices such as keyboards, applications, email, text messaging, etc. Which of the following mobile operating systems is free and open source?

（A）Web OS

（B）Android

（C）Apple IOS

（D）Symbian OS

正解：B 解答を投票する

質問 3

When a router receives an update for its routing table, what is the metric value change to that path?

（A）Decreased by 1

（B）Increased by 2

（C）Decreased by 2

（D）Increased by 1

正解：D 解答を投票する

質問 4

A forensics investigator needs to copy data from a computer to some type of removable media so he can examine the information at another location. The problem is that the data is around 42GB in size. What type of removable media could the investigator use?

（A）DVD-18

（B）Blu-Ray single-layer

（C）Blu-Ray dual-layer

（D）HD-DVD

正解：C 解答を投票する

質問 5

A state department site was recently attacked and all the servers had their disks erased. The incident response team sealed the area and commenced investigation. During evidence collection they came across a zip disks that did not have the standard labeling on it. The incident team ran the disk on an isolated system and found that the system disk was accidentally erased.
They decided to call in the FBI for further investigation. Meanwhile, they short listed possible suspects including three summer interns. Where did the incident team go wrong?

（A）They attempted to implicate personnel without proof

（B）They examined the actual evidence on an unrelated system

（C）They tampered with evidence by using it

（D）They called in the FBI without correlating with the fingerprint data

正解：C 解答を投票する

質問 6

What does the acronym POST mean as it relates to a PC?

（A）Primary Operations Short Test

（B）Pre Operational Situation Test

（C）Primary Operating System Test

（D）Power On Self Test

正解：D 解答を投票する

質問 7

What is the slave device connected to the secondary IDE controller on a Linux OS referred to?

（A）hdb

（B）hdc

（C）hda

（D）hdd

正解：D 解答を投票する

質問 8

Why are Linux/Unix based computers better to use than Windows computers for idle scanning?

（A）Windows computers are constantly talking

（B）Linux/Unix computers are easier to compromise

（C）Windows computers will not respond to idle scans

（D）Linux/Unix computers are constantly talking

正解：A 解答を投票する

質問 9

You have been given the task to investigate web attacks on a Windows-based server.
Which of the following commands will you use to look at which sessions the machine has opened with other systems?

（A）Net use

（B）Net sessions

（C）Net config

（D）Net share

正解：A 解答を投票する

質問 10

During an investigation, an employee was found to have deleted harassing emails that were sent to someone else. The company was using Microsoft Exchange and had message tracking enabled. Where could the investigator search to find the message tracking log file on the Exchange server?

（A）D:\Exchsrvr\Message Tracking\servername.log

（B）C:\Exchsrvr\Message Tracking\servername.log

（C）C:\Program Files\Microsoft Exchange\srvr\servername.log

（D）C:\Program Files\Exchsrvr\servername.log

正解：D 解答を投票する

質問 11

When searching through file headers for picture file formats, what should be searched to find a JPEG file in hexadecimal format?

（A）FF D8 FF E0 00 10

（B）FF FF FF FF FF FF

（C）EF 00 EF 00 EF 00

（D）FF 00 FF 00 FF 00

正解：A 解答を投票する

質問 12

Graphics Interchange Format (GIF) is a ___________RGB bitmap Image format for Images with up to 256 distinct colors per frame.

（A）32-bit

（B）8-bit

（C）16-bit

（D）24-bit

正解：B 解答を投票する

質問 13

Frank is working on a vulnerability assessment for a company on the West coast. The company hired Frank to assess its network security through scanning, pen tests, and vulnerability assessments. After discovering numerous known vulnerabilities detected by a temporary IDS he set up, he notices a number of items that show up as unknown but Questionable in the logs. He looks up the behavior on the Internet, but cannot find anything related. What organization should Frank submit the log to find out if it is a new vulnerability or not?

（A）RIPE

（B）APIPA

（C）IANA

（D）CVE

正解：D 解答を投票する

質問 14

What type of analysis helps to identify the time and sequence of events in an investigation?

（A）Functional

（B）Temporal

（C）Relational

（D）Time-based

正解：B 解答を投票する

質問 15

Why is it Important to consider health and safety factors in the work carried out at all stages of the forensic process conducted by the forensic analysts?

（A）Local law enforcement agencies compel them to wear latest gloves

（B）This is to protect the staff and preserve any fingerprints that may need to be recovered at a later date

（C）It is a part of ANSI 346 forensics standard

（D）All forensic teams should wear protective latex gloves which makes them look professional and cool

正解：B 解答を投票する

質問 16

When collecting evidence from the RAM, where do you look for data?

（A）Log file

（B）Swap file

（C）SAM file

（D）Data file

正解：B 解答を投票する

EC0-349 無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator」

弊社を連絡する

関連リンク

トップ試験