EC0-349無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator」

質問 1

Frank is working on a vulnerability assessment for a company on the West coast. The company hired Frank to assess its network security through scanning, pen tests, and vulnerability assessments. After discovering numerous known vulnerabilities detected by a temporary IDS he set up, he notices a number of items that show up as unknown but Questionable in the logs. He looks up the behavior on the Internet, but cannot find anything related. What organization should Frank submit the log to find out if it is a new vulnerability or not?

（A）RIPE

（B）APIPA

（C）IANA

（D）CVE

正解：D 解答を投票する

質問 2

While presenting his case to the court, Simon calls many witnesses to the stand to testify. Simon decides to call Hillary Taft, a lay witness, to the stand. Since Hillary is a lay witness, what field would she be considered an expert in?

（A）Legal issues

（B）Judging the character of defendants/victims

（C）No particular field

（D）Technical material related to forensics

正解：C 解答を投票する

質問 3

After attending a CEH security seminar, you make a list of changes you would like to perform on your network to increase its security. One of the first things you change is to switch the RestrictAnonymous setting from 0 to 1 on your servers. This, as you were told, would prevent anonymous users from establishing a null session on the server. Using Userinfo tool mentioned at the seminar, you succeed in establishing a null session with one of the servers. Why is that?

（A）RestrictAnonymous must be set to "10" for complete security

（B）RestrictAnonymous must be set to "3" for complete security

（C）RestrictAnonymous must be set to "2" for complete security

（D）There is no way to always prevent an anonymous null session from establishing

正解：C 解答を投票する

質問 4

What is a good security method to prevent unauthorized users from "tailgating"?

（A）Electronic key systems

（B）Electronic combination locks

（C）Man trap

（D）Pick-resistant locks

正解：C 解答を投票する

質問 5

Study the log given below and answer the following question:
Apr 24 14:46:46 [4663]: spp_portscan: portscan detected from
194.222.156.169
Apr 24 14:46:46 [4663]: IDS27/FIN Scan: 194.222.156.169:56693 ->
172.16.1.107:482
Apr 24 18:01:05 [4663]: IDS/DNS-version-query: 212.244.97.121:3485 ->
172.16.1.107:53
Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval:
194.222.156.169:1425 -> 172.16.1.107:21
Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN DETECTED from
24.9.255.53
Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4499 ->
172.16.1.107:53
Apr 25 02:08:07 [5875]: IDS277/DNS-version-query: 63.226.81.13:4630 ->
172.16.1.101:53
Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query: 212.251.1.94:642 ->
172.16.1.107:111
Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard:
198.173.35.164:4221 -> 172.16.1.107:80
Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer: 38.31.107.87:2291 ->
172.16.1.101:53
Apr 26 06:43:05 [6283]: IDS181/nops-x86: 63.226.81.13:1351 ->
172.16.1.107:53
Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session opened for
user simple by (uid=0)
Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session opened for user
simon by simple(uid=506)
Apr 26 06:45:34 [6283]: IDS175/socks-probe: 24.112.167.35:20 ->
172.16.1.107:1080
Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect: 172.16.1.107:23
-> 213.28.22.189:4558
Precautionary measures to prevent this attack would include writing firewall rules. Of these firewall rules, which among the following would be appropriate?

（A）Allow UDP 53 in from DNS server to outside

（B）Disallow UDP 53 in from outside to DNS server

（C）Block all UDP traffic

（D）Disallow TCP 53 in from secondaries or ISP server to DNS server

正解：B 解答を投票する

質問 6

Which of the following Steganography techniques allows you to encode information that ensures creation of cover for secret communication?

（A）Cover generation techniques

（B）Spread spectrum techniques

（C）Transform domain techniques

（D）Substitution techniques

正解：A 解答を投票する

質問 7

Jason is the security administrator of ACMA metal Corporation. One day he notices the company's Oracle database server has been compromised and the customer information along with financial data has been stolen. The financial loss will be in millions of dollars if the database gets into the hands of the competitors. Jason wants to report this crime to the law enforcement agencies immediately. Which organization coordinates computer crimes investigations throughout the United States?

（A）CERT Coordination Center

（B）Internet Fraud Complaint Center

（C）Local or national office of the U.S. Secret Service

（D）National Infrastructure Protection Center

正解：C 解答を投票する

質問 8

Software firewalls work at which layer of the OSI model?

（A）Application

（B）Network

（C）Data Link

（D）Transport

正解：C 解答を投票する

質問 9

If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?

（A）Nothing in particular as these can be operational files

（B）The system files have been copied by a remote attacker

（C）The system has been compromised using a t0rnrootkit

（D）The system administrator has created an incremental backup

正解：A 解答を投票する

質問 10

Which root folder (hive) of registry editor contains a vast array of configuration information for the system, including hardware settings and software settings?

（A）HKEY_USERS

（B）HKEY_CURRENT_USER

（C）HKEY_LOCAL_MACHINE

（D）HKEY-CURRENT_CONFIG

正解：C 解答を投票する

質問 11

Windows identifies which application to open a file with by examining which of the following?

（A）The File extension

（B）The file signature at the beginning of the file

（C）The file attributes

（D）The file Signature at the end of the file

正解：A 解答を投票する

質問 12

You are called by an author who is writing a book and he wants to know how long the copyright for his book will last after he has the book published?

（A）Copyrights last forever

（B）70 years

（C）The life of the author plus 70 years

（D）The life of the author

正解：C 解答を投票する

質問 13

Harold is a computer forensics investigator working for a consulting firm out of Atlanta Georgia.
Harold is called upon to help with a corporate espionage case in Miami Florida. Harold assists in the investigation by pulling all the data from the computers allegedly used in the illegal activities.
He finds that two suspects in the company where stealing sensitive corporate information and selling it to competing companies. From the email and instant messenger logs recovered, Harold has discovered that the two employees notified the buyers by writing symbols on the back of specific stop signs. This way, the buyers knew when and where to meet with the alleged suspects to buy the stolen material. What type of steganography did these two suspects use?

（A）Visual semagram

（B）Grill cipher

（C）Visual cipher

（D）Text semagram

正解：A 解答を投票する

質問 14

Network forensics can be defined as the sniffing, recording, acquisition and analysis of the network traffic and event logs in order to investigate a network security incident.

（A）False

（B）True

正解：B 解答を投票する

質問 15

You have used a newly released forensic investigation tool, which doesn't meet the Daubert Test, during a case. The case has ended-up in court. What argument could the defense make to weaken your case?

（A）The total has not been reviewed and accepted by your peers

（B）The tool hasn't been tested by the International Standards Organization (ISO)

（C）Only the local law enforcement should use the tool

（D）You are not certified for using the tool

正解：A 解答を投票する

質問 16

An employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the employee computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to astored on the employee? computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekend. You detain the employee before he leaves the building and recover the floppy disk and secure his computer. Will you be able to break the encryption so that you can verify that the employee was in possession of the proprietary information?

（A）EFS uses a 128-bit key that cannot be cracked, so you will not be able to recover the information

（B）When the encrypted file was copied to the floppy disk, it was automatically unencrypted, so you can recover the information

（C）The EFS Revoked Key Agent can be used on the computer to recover the information

（D）When the encrypted file was copied to the floppy disk, the EFS private key was also copied to the floppy disk, so you can recover the information

正解：B 解答を投票する

質問 17

Paul is a computer forensics investigator working for Tyler & Company Consultants. Paul has been called upon to help investigate a computer hacking ring broken up by the local police. Paul begins to inventory the PCs found in the hackers?hideout. Paul then comes across a PDA left by them that is attached to a number of different peripheral devices. What is the first step that Paul must take with the PDA to ensure the integrity of the investigation?

（A）Unplug all connected devices

（B）Photograph and document the peripheral devices

（C）Power off all devices if currently on

（D）Place PDA, including all devices, in an antistatic bag

正解：B 解答を投票する

質問 18

What encryption technology is used on Blackberry devices?Password Keeper?

（A）AES

（B）3DES

（C）Blowfish

（D）RC5

正解：A 解答を投票する

質問 19

TCP/IP (Transmission Control Protocol/Internet Protocol) is a communication protocol used to connect different hosts in the Internet. It contains four layers, namely the network interface layer.
Internet layer, transport layer, and application layer.
Which of the following protocols works under the transport layer of TCP/IP?

（A）UDP

（B）HTTP

（C）FTP

（D）SNMP

正解：A 解答を投票する

質問 20

In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?

（A）Chain of custody

（B）Rules of evidence

（C）Law of probability

（D）Policy of separation

正解：A 解答を投票する

EC0-349 無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator」

弊社を連絡する

関連リンク

トップ試験