[Free] 2018(Jan) EnsurePass Testking ECCouncil EC1-349 Dumps with VCE and PDF 11-20

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released EC1-349
100% Free Download! 100% Pass Guaranteed!

ECCouncil Computer Hacking Forensic Investigator

Question No: 11 – (Topic 1)

A small law firm located in the Midwest has possibly been breached by a computer hacker looking to obtain information on their clientele. The law firm does not have any on-site IT employees, but wants to search for evidence of the breach themselves to prevent any possible media attention. Why would this not be recommended?

  1. Searching for evidence themselves would not have any ill effects

  2. Searching could possibly crash the machine or device

  3. Searching creates cache files, which would hinder the investigation

  4. Searching can change date/time stamps

Answer: D

Question No: 12 – (Topic 1)

What will the following command accomplish?

dd if=/dev/xxx of=mbr.backup bs=512 count=1

  1. Back up the master boot record

  2. Restore the master boot record

  3. Mount the master boot record on the first partition of the hard drive

  4. Restore the first 512 bytes of the first partition of the hard drive

Answer: A

Question No: 13 – (Topic 1)

A forensics investigator is searching the hard drive of a computer for files that were recently moved to the Recycle Bin. He searches for files in C:\RECYCLED using a command line tool but does not find anything. What is the reason for this?

  1. He should search in C:\Windows\System32\RECYCLED folder

  2. The Recycle Bin does not exist on the hard drive

  3. The files are hidden and he must use switch to view themThe files are hidden and he must use ? switch to view them

  4. Only FAT system contains RECYCLED folder and not NTFS

Answer: C

Question No: 14 – (Topic 1)

When using an iPod and the host computer is running Windows, what file system will be used?

  1. iPod

  2. HFS

  3. FAT16

  4. FAT32

Answer: D

Question No: 15 – (Topic 1)

In the following directory listing,

Ensurepass 2018 PDF and VCE

which file should be used to restore archived email messages for someone using Microsoft Outlook?

  1. Outlook bak

  2. Outlook ost

  3. Outlook NK2

  4. Outlook pst

Answer: D

Question No: 16 – (Topic 1)

What must an investigator do before disconnecting an iPod from any type of computer?

  1. Unmount the iPod

  2. Mount the iPod

  3. Disjoin the iPod

  4. Join the iPod

Answer: A

Question No: 17 – (Topic 1)

You are called by an author who is writing a book and he wants to know how long the copyright for his book will last after he has the book published?

  1. 70 years

  2. The life of the author

  3. The life of the author plus 70 years

  4. Copyrights last forever

Answer: C

Question No: 18 – (Topic 1)

When making the preliminary investigations in a sexual harassment case, how many investigators are you recommended having?

  1. One

  2. Two

  3. Three

  4. Four

Answer: B

Question No: 19 – (Topic 1)

What layer of the OSI model do TCP and UDP utilize?

  1. Data Link

  2. Network

  3. Transport

  4. Session

Answer: C

Question No: 20 – (Topic 1)

John is working as a computer forensics investigator for a consulting firm in Canada. He is called to seize a computer at a local web caf?John is working as a computer forensics investigator for a consulting firm in Canada. He is called to seize a computer at a local web caf purportedly used as a botnet server. John thoroughly scans the computer and finds nothing that would lead him to think the computer was a botnet server. John decides to scan the virtual memory of the computer to possibly find something he had missed. What information will the virtual memory scan produce?

  1. It contains the times and dates of when the system was last patched

  2. It is not necessary to scan the virtual memory of a computer

  3. It contains the times and dates of all the system files

  4. Hidden running processes

Answer: D

100% Ensurepass Free Download!
Download Free Demo:EC1-349 Demo PDF
100% Ensurepass Free Guaranteed!
EC1-349 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No