• Home
  • Articles
  • [Dec-2024] EC0-349 Free PDF from PrepPDF [Q204-Q224]

[Dec-2024] EC0-349 Free PDF from PrepPDF [Q204-Q224]

Share

Dec-2024 Latest PrepPDF EC0-349 Exam Dumps with PDF and Exam Engine Free Updated Today!

Following are some new EC0-349 Real Exam Questions!

NEW QUESTION # 204
Frank is working on a vulnerability assessment for a company on the West coast. The company hired Frank to assess its network security through scanning, pen tests, and vulnerability assessments. After discovering numerous known vulnerabilities detected by a temporary IDS he set up, he notices a number of items that show up as unknown but Questionable in the logs. He looks up the behavior on the Internet, but cannot find anything related. What organization should Frank submit the log to find out if it is a new vulnerability or not?

  • A. APIPA
  • B. CVE
  • C. RIPE
  • D. IANA

Answer: B


NEW QUESTION # 205
You have compromised a lower-level administrator account on an Active Directory network of a small company in Dallas, Texas. You discover Domain Controllers through enumeration. You connect to one of the Domain Controllers on port 389 using ldp.exe.
What are you trying to accomplish here?

  • A. Poison the DNS records with false records
  • B. Enumerate domain user accounts and built-in groups
  • C. Enumerate MX and A records from DNS
  • D. Establish a remote connection to the Domain Controller

Answer: B


NEW QUESTION # 206
Which wireless standard has bandwidth up to 54 Mbps and signals in a regulated frequency spectrum around 5 GHz?

  • A. 802.11i
  • B. 802.11a
  • C. 802.11b
  • D. 802.11g

Answer: B


NEW QUESTION # 207
As a CHFI professional, which of the following is the most important to your professional reputation?

  • A. The friendship of local law enforcement officers
  • B. The correct, successful management of each and every case
  • C. The free that you charge
  • D. Your Certifications

Answer: B


NEW QUESTION # 208
If a file (readme.txt) on a hard disk has a size of 2600 bytes, how many sectors are normally allocated to this file?

  • A. 6 Sectors
  • B. 7 Sectors
  • C. 4 Sectors
  • D. 5 Sectors

Answer: A


NEW QUESTION # 209
When examining a file with a Hex Editor, what space does the file header occupy?

  • A. None, file headers are contained in the FAT
  • B. One byte at the beginning of the file
  • C. The first several bytes of the file
  • D. The last several bytes of the file

Answer: C


NEW QUESTION # 210
Jacob is a computer forensics investigator with over 10 years experience in investigations and has written over
50 articles on computer forensics. He has been called upon as a qualified witness to testify the accuracy and integrity of the technical log files gathered in an investigation into computer fraud. What is the term used for Jacob testimony in this case?

  • A. Reiteration
  • B. Justification
  • C. Certification
  • D. Authentication

Answer: D


NEW QUESTION # 211
When investigating a computer forensics case where Microsoft Exchange and Blackberry Enterprise server are used, where would investigator need to search to find email sent from a Blackberry device?

  • A. RIM Messaging center
  • B. Microsoft Exchange server
  • C. Blackberry Enterprise server
  • D. Blackberry desktop redirector

Answer: B


NEW QUESTION # 212
A state department site was recently attacked and all the servers had their disks erased. The incident response team sealed the area and commenced investigation. During evidence collection they came across a zip disks that did not have the standard labeling on it. The incident team ran the disk on an isolated system and found that the system disk was accidentally erased. They decided to call in the FBI for further investigation. Meanwhile, they short listed possible suspects including three summer interns. Where did the incident team go wrong?

  • A. They examined the actual evidence on an unrelated system
  • B. They attempted to implicate personnel without proof
  • C. They tampered with evidence by using it
  • D. They called in the FBI without correlating with the fingerprint data

Answer: C


NEW QUESTION # 213
When you carve an image, recovering the image depends on which of the following skills?

  • A. Recognizing the pattern of a corrupt file
  • B. Recovering the image from a tape backup
  • C. Recognizing the pattern of the header content
  • D. Recovering the image from the tape backup

Answer: C


NEW QUESTION # 214
Office documents (Word, Excel, PowerPoint) contain a code that allows tracking the MAC, or unique identifier, of the machine that created the document. What is that code called?

  • A. the Microsoft Virtual Machine Identifier
  • B. the Globally Unique ID
  • C. the Personal Application Protocol
  • D. the Individual ASCII String

Answer: B


NEW QUESTION # 215
Heather, a computer forensics investigator, is assisting a group of investigators working on a large computer fraud case involving over 20 people. These 20 people, working in different offices, allegedly siphoned off money from many different client accounts. Heather responsibility is to findThese 20 people, working in different offices, allegedly siphoned off money from many different client accounts. Heather? responsibility is to find out how the accused people communicated between each other. She has searched their email and their computers and has not found any useful evidence. Heather then finds some possibly useful evidence under the desk of one of the accused. In an envelope she finds a piece of plastic with numerous holes cut out of it. Heather then finds the same exact piece of plastic with holes at many of the other accused peoples?desks. Heather believes that the 20 people involved in the case were using a cipher to send secret messages in between each other. What type of cipher was used by the accused in this case?

  • A. Text semagram
  • B. Null cipher
  • C. Grill cipher
  • D. Visual semagram

Answer: C


NEW QUESTION # 216
You are running through a series of tests on your network to check for any security vulnerabilities.
After normal working hours, you initiate a DoS attack against your external firewall. The firewall Quickly freezes up and becomes unusable. You then initiate an FTP connection from an external IP into your internal network. The connection is successful even though you have FTP blocked at the external firewall. What has happened?

  • A. The firewall failed-open
  • B. The firewall ACL has been purged
  • C. The firewall failed-bypass
  • D. The firewall failed-closed

Answer: A


NEW QUESTION # 217
What will the following command produce on a website login page?
SELECT email, passwd, login_id, full_name FROM members
WHERE email = '[email protected]';
DROP TABLE members; --'

  • A. Inserts the Error! Reference source not found. email address into the members table
  • B. Deletes the entire members table
  • C. Retrieves the password for the first user in the members table
  • D. This command will not produce anything since the syntax is incorrect

Answer: B

Explanation:
The third line deletes the table named members.


NEW QUESTION # 218
Which of the following standard is based on a legal precedent regarding the admissibility of scientific examinations or experiments in legal cases?

  • A. Frye Standard
  • B. Schneiderman Standard
  • C. FERPA standard
  • D. Daubert Standard

Answer: A


NEW QUESTION # 219
If you come across a sheepdip machine at your client site, what would you infer?

  • A. A sheepdip computer defers a denial of service attack
  • B. A sheepdip computer is another name for a honeypot
  • C. A sheepdip computer is used only for virus-checking.
  • D. A sheepdip coordinates several honeypots

Answer: C


NEW QUESTION # 220
If an attacker's computer sends an IPID of 31400 to a zombie computer on an open port in IDLE scanning, what will be the response?

  • A. 0
  • B. 1
  • C. 2
  • D. The zombie will not send a response

Answer: A


NEW QUESTION # 221
When using Windows acquisitions tools to acquire digital evidence, it is important to use a well-tested hardware write-blocking device to _________

  • A. Automate collection from image files
  • B. Prevent contamination to the evidence drive
  • C. Acquire data from the host-protected area on a disk
  • D. Avoiding copying data from the boot partition

Answer: B


NEW QUESTION # 222
You are running known exploits against your network to test for possible vulnerabilities. To test the strength of your virus software, you load a test network to mimic your production network. Your software successfully blocks some simple macro and encrypted viruses. You decide to really test the software by using virus code where the code rewrites itself entirely and the signatures change from child to child, but the functionality stays the same. What type of virus is this that you are testing?

  • A. Polymorphic
  • B. Oligomorhic
  • C. Transmorphic
  • D. Metamorphic

Answer: D


NEW QUESTION # 223
What TCP/UDP port does the toolkit program netstat use?

  • A. Port 15
  • B. Port 23
  • C. Port 69
  • D. Port 7

Answer: A


NEW QUESTION # 224
......

Resources From:

  1. 2024 Latest PrepPDF EC0-349 Exam Dumps (PDF & Exam Engine) Free Share: https://certkingdom.preppdf.com/EC-COUNCIL/EC0-349-prepaway-exam-dumps.html

Free Resources from PrepPDF, We Devoted to Helping You 100% Pass All Exams!

Related Articles

more
EC-COUNCIL EC0-349 Certification Practice Exam