[Free] 2018(Jan) EnsurePass Testking ECCouncil EC1-349 Dumps with VCE and PDF 121-130

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released EC1-349
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/EC1-349.html

ECCouncil Computer Hacking Forensic Investigator

Question No: 121 – (Topic 2)

You are assigned to work in the computer forensics lab of a state police agency. While working on a high profile criminal case, you have followed every applicable procedure, however your boss is still concerned that the defense attorney might question wheather evidence has been changed while at the lab. What can you do to prove that the evidence is the same as it was when it first entered the lab?

  1. Sign a statement attesting that the evidence is the same as it was when it entered the lab

  2. There is no reason to worry about this possible claim because state labs are certified

  3. Make MD5 hashes of the evidence and compare it to the standard database developed by NIST

  4. Make MD5 hashes of the evidence and compare it with the original MD5 hash that was taken when the evidence first entered the lab

Answer: D

Question No: 122 – (Topic 2)

When reviewing web logs, you see an entry for esource not found?in the HTTP status code field. What is the actual error code that you wouldWhen reviewing web logs, you see an entry for ?esource not found?in the HTTP status code field. What is the actual error code that you would see in the log for esource not found?see in the log for ?esource not found?

A. 202

B. 404

C. 606

D. 999

Answer: B

Question No: 123 – (Topic 2)

When using Windows acquisitions tools to acquire digital evidence, it is important to use a well-tested hardware write-blocking device to

  1. Automate collection from image files

  2. Avoiding copying data from the boot partition

  3. Acquire data from the host-protected area on a disk

  4. Prevent contamination to the evidence drive

Answer: D

Question No: 124 – (Topic 2)

What type of analysis helps to identify the time and sequence of events in an investigation?

  1. Time-based

  2. Functional

  3. Relational

  4. Temporal

Answer: D

Question No: 125 – (Topic 2)

You work as a penetration tester for Hammond Security Consultants. You are currently working on a contract for the state government of California. Your next step is to initiate a DoS attack on their network. Why would you want to initiate a DoS attack on a system you are testing?

  1. Demonstrate that no system can be protected againstDoS attacks

  2. List weak points on their network

  3. Show outdatedeQuipment so it can be replaced

  4. Use attack as a launching point to penetrate deeper into the network

Answer: B

Question No: 126 – (Topic 2)

Using Linux to carry out a forensics investigation, what would the following command accomplish? dd if=/usr/home/partition.image of=/dev/sdb2 bs=4096 conv=notrunc,noerror

  1. Search for disk errors within an image file

  2. Backup a disk to an image file

  3. Copy a partition to an image file

  4. Restore a disk from an image file

Answer: D

Question No: 127 – (Topic 2)

When reviewing web logs, you see an entry for resource not found in the HTTP status code filed. What is the actual error code that you would see in the log for resource not found?

A. 202

B. 404

C. 505

D. 909

Answer: B

Question No: 128 – (Topic 2)

When examining the log files from a Windows IIS Web Server, how often is a new log file created?

  1. the same log is used at all times

  2. a new log file is created everyday

  3. a new log file is created each week

  4. a new log is created each time the Web Server is started

Answer: B Explanation:

Wecannot tell if the question is referring to the httperr.log file (IIS 6.0) or is it referring to the logfiles for the website.

If IIS is the case, “a new log file is created every day” should be the correct answer. Microsoft creates the log files in the following format: exYYMMdd.log format and rotates them daily.

Question No: 129 – (Topic 2)

When cataloging digital evidence, the primary goal is to

  1. Make bit-stream images of all hard drives

  2. Preserve evidence integrity

  3. Not remove the evidence from the scene

  4. Not allow the computer to be turned off

Answer: B

Question No: 130 – (Topic 2)

In a virtual test environment, Michael is testing the strength and security of BGP using multiple routers to mimic the backbone of the Internet. This project will help him write his doctoral thesis on quot;bringing down the Internetquot;. Without sniffing the traffic between the routers, Michael sends millions of RESET packets to the routers in an attempt to shut one or all of them down. After a few hours, one of the routers finally shuts itself down. What will the other routers communicate between themselves?

  1. The change in the routing fabric to bypass the affected router

  2. More RESET packets to the affected router to get it to power back up

  3. STOP packets to all other routers warning of where the attack originated

  4. RESTART packets to the affected router to get it to power back up

Answer: A

100% Ensurepass Free Download!
Download Free Demo:EC1-349 Demo PDF
100% Ensurepass Free Guaranteed!
EC1-349 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No