Palo Alto Networks

EC-Council EC0-349 Exam Questions
EC0-349 ECCouncil Computer Hacking Forensic Investigator (Page 10 )

Updated On: 9-Apr-2026

Viewing Page 10 of 76 pages.

Download PDF version with 374 Questions

QUESTION: 41

What happens when a file is deleted by a Microsoft operating system using the FAT file system?

a copy of the file is stored and the original file is erased
the file is erased and cannot be recovered
only the reference to the file is removed from the FAT
the file is erased but can be recovered

Answer(s): C

Show Answer Next Question

QUESTION: 42

Jones had been trying to penetrate a remote production system for the past two weeks. This time however, he is able to get into the system. He was able to use the system for a period of three weeks. However law enforcement agencies were recording his every activity and this was later presented as evidence. The organization had used a virtual environment to trap Jones. What is a virtual environment?

A system using Trojaned commands
A honeypot that traps hackers
An environment set up beforean user logs in
An environment set up after the user logs in

Answer(s): B

Show Answer Next Question

QUESTION: 43

You are called by an author who is writing a book and he wants to know how long the copyright for his book will last after he has the book published?

the life of the author
the life of the author plus 70 years
70 years
copyrights last forever

Answer(s): B

Show Answer Next Question

QUESTION: 44

If a suspect's computer is located in an area that may have toxic chemicals, you must

coordinate with the HAZMAT team
determine a way to obtain the suspect computer
do not enter alone
assume the suspect machine is contaminated

Answer(s): A

Show Answer Next Question

QUESTION: 45

When investigating a network that uses DHCP to assign IP addresses, where would you look to determine which system (MAC address) had a specific IP address at a specific time?

in the Web Server log files
in the DHCP Server log files
on the individual computer's ARP cache
there is no way to determine the specific IP address

Answer(s): B

Show Answer Next Question

1
…
8
9
10
11
12
…
20
30

Viewing page 10 of 76
Viewing questions 46 - 50 out of 374 questions

Post your Comments and Discuss EC-Council EC0-349 exam dumps with other Community members:

Comments:

Name:

EC0-349 Exam Discussions & Posts

ovelaguz Commented on April 12, 2026
Question 133:
Question 133 asks how to upgrade an on-premises Oracle DB to the latest version, set up DR, minimize operational overhead, and keep OS access.

Correct answer: C) Migrate to RDS Custom for Oracle. Create a read replica for the database in another AWS Region.

Why:

- RDS Custom for Oracle provides managed DB provisioning with OS access for maintenance/admin tasks, while handling patching/ upgrades and reducing operational overhead. - A cross-region read replica gives DR capability with controlled lag and regional failover, meeting DR requirements while still allowing OS access for maintenance if needed.

Why the other options are less suitable:

- A) EC2 + manual replication: high operational overhead (full OS/db management, failover handling). - B) RDS for Oracle: no OS access; cross-region backups don’t provide OS-level control. - D) Standby in another AZ: not cross-region DR and still limits OS access.
Key concepts:

RDS Custom provides OS access plus managed DB operations.

Cross-region read replicas support DR with lower overhead than full active-active setups.

San Miguel De Allende, Mexico

ovelaguz Commented on April 12, 2026
Question 131:
Question 131 asks how to serve all files via CloudFront while preventing direct access to the S3 URL.

Correct approach: Use an Origin Access Identity (OAI). Create an OAI, assign it to the CloudFront distribution, and configure the S3 bucket so that only the OAI has permission to read objects. This keeps the bucket private and ensures that objects can only be retrieved through CloudFront, not via direct S3 URLs.

Why the other options are incorrect:

- A: Creating per-object IAM users and policies for CloudFront isn't a standard, scalable way to restrict S3 access from CloudFront; CloudFront doesn’t use IAM users for access in this scenario. - B: A bucket policy with the CloudFront distribution ID as the Principal is not a valid pattern; OAIs are the supported mechanism. - C: A bucket policy that uses the distribution ID as Principal is invalid; you should use an OAI to grant S3 access to CloudFront.
Implementation outline:

In CloudFront, create an Origin Access Identity and attach it to the distribution.

In the S3 bucket, block public access and grant s3:GetObject to the OAI.

Verify that objects are accessible via the CloudFront URL but not via the S3 URL.

Outcome: S3 remains private; content is served securely and privately through CloudFront.
San Miguel De Allende, Mexico

ovelaguz Commented on April 12, 2026
Question 120:
Question 120 summary:

Scenario: Self-managed DNS with three EC2s behind an NLB in us-west-2, plus another NLB in eu-west-1 with three EC2s. Goal: fast, highly available routing across US/Europe.

Correct answer: Create an Amazon Route 53 Global Accelerator with endpoint groups in us-west-2 and eu-west-1. Add the two NLBs as endpoints.

Why this is correct:

Global Accelerator provides a single fixed set of global IPs and health-aware routing across multiple regions, directing traffic to the closest healthy endpoint (here, the two NLBs). This improves performance and availability for users in both US and Europe with minimal configuration.

Why the other options are less suitable:

A: Geolocation routing + CloudFront is regional or cached and won’t automatically optimize health across regions, adding unnecessary complexity.

C: Attaching Elastic IPs to six instances is impractical and does not provide regional health-aware routing.

D: Latency-based routing to ALBs would require changing infrastructure and does not give centralized, global optimization like Global Accelerator.

Key concepts:

Global Accelerator uses endpoint groups per region and health checks to route traffic to healthy NLBs across regions.

It provides fast failover and consistent performance for multi-region setups.

San Miguel De Allende, Mexico

ovelaguz Commented on April 12, 2026
Question 117:

The requirement: store all application logs in Amazon OpenSearch Service in near real time with the least operational overhead.

Correct answer: A — Configure a CloudWatch Logs subscription to stream the logs to Amazon OpenSearch Service (OpenSearch). This is a fully managed, near-real-time integration with minimal setup and no custom code.

Why this is best:

- It provides near-real-time ingestion directly from CloudWatch Logs to OpenSearch. - It involves minimal configuration and no additional services or agents.

Why the other options are worse for this scenario:

- B: A Lambda function would require writing code, handling retries, scaling, and maintenance. - C: Kinesis Data Firehose adds an extra managed service layer and more configuration for near-real-time ingestion. - D: Installing agents on each server and using Kinesis adds significant operational burden and scaling concerns.
San Miguel De Allende, Mexico

ovelaguz Commented on April 12, 2026
Question 109:
Answer: D
Explanation:

Use an S3 bucket with S3 Object Lock enabled and Versioning. This provides immutability for new uploads so objects can’t be deleted or overwritten during the retention/hold period.

Apply a Legal Hold to the objects. A legal hold prevents deletion or modification until it’s released, giving flexible control without a fixed retention period.

Grant delete capability only to specific users by adding the IAM permission s3:PutObjectLegalHold (and related policies) to those users, limiting who can remove the hold or delete objects.

Why the others don’t fit:

- A) Glacier is archival and not directly integrated with per-object delete permissions in S3. - B) Governance mode with a long retention prevents deletions but doesn’t provide per-user delete control. - C) CloudTrail/recovery does not enforce immutability.
San Miguel De Allende, Mexico

ovelaguz Commented on April 12, 2026
Question 108:
Answer: A
Explanation:

This uses an event-driven pattern: when an RDS update occurs (a listing is sold), a Lambda function is triggered to publish a message to an SQS queue.

A standard (non-FIFO) SQS queue supports multiple consumers to poll and process the deletion data, enabling decoupled, scalable delivery to multiple targets with reliable delivery.

Why not B: A FIFO queue is unnecessary here; it introduces lower throughput and additional deduplication logic, which increases overhead.

Why not C: RDS event notifications are for DB instance-level events, not for per-row data changes like a sold listing; and adding SNS fan-out adds complexity.

Why not D: An SNS fan-out with multiple SQS queues adds extra hops; a direct Lambda-to-SQS flow is simpler and more efficient for this use case.

Key concepts:

Event-driven architecture with AWS Lambda and SQS

Decoupled, scalable delivery to multiple targets

Standard vs FIFO queues trade-offs (throughput vs strict ordering)

San Miguel De Allende, Mexico

ovelaguz Commented on April 12, 2026
Question 98:

Correct answer: C

Why this works:

- Standard SQS queues provide at-least-once delivery, so a message can be delivered again if processing isn’t complete before the visibility timeout. - Increasing the visibility timeout to exceed the sum of the Lambda function timeout and the batch window prevents the message from becoming visible again while still being processed, eliminating duplicate Lambda invocations and duplicate emails.

Why not the others:

- A) Long polling reduces empty receives but doesn’t prevent duplicates. - B) FIFO with deduplication is unnecessary overhead for this issue; Standard QoS already allows duplicates. - D) Deleting messages before processing risks losing messages if processing fails. - E) Not applicable to this scenario.

Key concept: Adjust the SQS visibility timeout in relation to the Lambda runtime and batch window to avoid reprocessing and duplicates.

San Miguel De Allende, Mexico

Anonymous User Commented on April 12, 2026
Question 86:
Question 86 asks for a secure way for web servers to connect to a common RDS MySQL Multi-AZ DB instance while meeting a requirement to rotate user credentials frequently.

Correct answer: A. Store the database user credentials in AWS Secrets Manager and grant the web servers the necessary IAM permissions to access Secrets Manager. Secrets Manager supports automatic rotation for RDS-compatible databases, giving centralized, secure, and frequently rotated credentials without manual effort.

Why this works:

Centralized, automatically rotated credentials reduce the risk of credential leakage.

Web servers fetch credentials securely from Secrets Manager via IAM permissions.

Rotation is built-in and scalable for multiple web servers.

Why the other options are not suitable:

B: AWS Systems Manager OpsCenter is for operational issue management, not credential storage or rotation.

C: Storing credentials in a secure S3 bucket requires manual rotation and lacks integrated rotation/auditability.

D: Per-host files encrypted with KMS do not provide centralized rotation or easy auditability for many servers.

Implementation hint:

Create a secret in Secrets Manager for the DB credentials, enable rotation for the secret, and attach an IAM role to the web servers to allow secretsmanager:GetSecretValue (and related permissions) to retrieve credentials at runtime.

San Miguel De Allende, Mexico

Anonymous User Commented on April 12, 2026
Question 13:
Yes. The correct answer for Q13 is C: Use seq on the loop on line 2.
Reason: for h in {1..254} relies on brace expansion and may not work in all shells. Using for h in $(seq 1 254); do improves portability and compatibility across POSIX-compliant shells, ensuring the script runs reliably in more environments.
Nixa, United States

Anonymous User Commented on April 12, 2026
Question 59:
Question 59 focuses on ingesting and analyzing 30+ TB of clickstream data daily.

Answer: D

Why: Use a managed streaming pipeline: collect with Kinesis Data Streams, deliver with Kinesis Data Firehose to an S3 data lake, then load into Amazon Redshift for analytics. This provides scalable, real-time ingestion and straightforward analytics loading.

Why the others are not suitable:

A) AWS Data Pipeline is deprecated for new workloads.

B) EC2-based ECS requires managing infrastructure and isn’t a managed streaming solution.

C) CloudFront is a CDN, not a data ingestion or streaming mechanism; Lambda alone isn’t scalable for continuous 30 TB/day without orchestration.

San Miguel De Allende, Mexico

Anonymous User Commented on April 12, 2026
Question 11:

Correct answer: A — Use AWS Secrets Manager with automatic rotation.

Why this is correct:

Centralizes database credentials in Secrets Manager instead of local files.

Supports automatic rotation for database credentials, reducing manual maintenance.

Applications can retrieve secrets at runtime without code changes, improving security and reducing ops overhead.

How to implement (high level):

Create a secret in Secrets Manager for the Aurora DB credentials.

Enable automatic rotation (MySQL/Aurora-compatible rotation) with the built-in Lambda function.

Grant your EC2 instances an IAM role that allows secrets:GetSecretValue.

Update the application to fetch credentials from Secrets Manager (or continue using the secret’s value without embedding passwords in the host).

Why the other options are less suitable:

B: Parameter Store can hold secrets but lacks the seamless, native rotation for database credentials you get with Secrets Manager.

C: Storing credentials in S3 and rotating with Lambda is manual and riskier; no native rotation flow.

D: Rotating via encrypted EBS volumes is complex, manual, and doesn’t provide centralized or automated credential rotation.

San Miguel De Allende, Mexico

Anonymous User Commented on April 12, 2026
Question 3:

Correct answer: A

Why A works:

- The global condition key aws:PrincipalOrgID allows you to grant access only to principals (users/roles) that belong to your AWS Organization. - By adding this condition to the S3 bucket policy, all accounts within the organization gain access without managing per-account permissions or OUs. - This minimizes ongoing admin effort and scales automatically as accounts are added to the org.

Why the others are less suitable:

- B (aws:PrincipalOrgPaths): Requires explicit OU paths and ongoing maintenance as accounts move between OUs; increases complexity. - C (CloudTrail monitoring): It logs events but cannot enforce real-time access control. - D (aws:PrincipalTag): Needs tagging every user and maintaining tag-based policies, adding manual overhead.

Quick example (conceptual):

- Policy with a Condition like "aws:PrincipalOrgID": "o-1234567890" grants access to any principal from your organization, with no per-user updates needed.
San Miguel De Allende, Mexico

Chad Commented on April 12, 2026
Question 6:

Correct answer: Emergency procedures.

Why: An MSDS (Material Safety Data Sheet) provides safety and handling information for hazardous materials. For a battery backup, it includes emergency procedures such as first-aid measures, fire-fighting steps, and spill containment.

Why the others are not correct:

- Installation instructions and Configuration steps are part of manuals or guides, not MSDS. - Voltage specifications are technical specs, not safety-focused data.
United States

Anonymous User Commented on April 12, 2026
Question 27:
Question 27 focuses on distributing connections to App1 across its VM hosts when users connect via different VPN methods.

Correct answers: A (internal load balancer) and E (Azure Application Gateway).

Why:

Internal load balancer: A private (internal) load balancer sits in the front-end subnet and spreads VPN-originated traffic across the VMs hosting App1, without exposing services publicly. This suits home-based P2S and site-to-site VPN traffic.

Azure Application Gateway: A layer-7 load balancer that can distribute HTTP/HTTPS requests across backend VMs, providing application-level routing and features like SSL termination.

Why the others aren’t suitable here:

Public load balancer would expose the app publicly, which isn’t required for VPN-based access.

CDN is for content delivery caching, not load balancing across VMs.

Traffic Manager is a global DNS-based load balancer across regions, not for balancing within a single region/VNet gateway setup.

In short, use an internal load balancer for private, VPN-based distribution, or an Application Gateway for app-level distribution.
Hyderabad, India

Anonymous User Commented on April 12, 2026
Question 153:

Correct answer: Perform a gap analysis to determine needed resources.

Why this is the FIRST action:

The organization already has non-compliance findings from internal audit. You need to understand exactly what is missing to meet regulatory requirements.

A gap analysis identifies the differences between the current controls/processes and the regulatory requirements, and it specifies the resources (people, processes, technologies, budget) needed to close those gaps.

Once gaps and resource needs are known, you can prioritize remediation and then perform a proper risk assessment to determine impact on business operations.

Other options are less appropriate as first steps:

- Create a security exception would bypass remediation and not address regulatory gaps. - Perform a vulnerability assessment targets weaknesses but not regulatory gaps or resource needs. - Assess the risk to business operations is important, but you need the gap/resource context first to accurately assess and prioritize risk.
Key concept: In governance, start with a gap analysis to map current state to regulatory requirements, enabling a actionable remediation plan and informed risk prioritization.
Ahmedabad, India

gw2fjrocha Commented on April 12, 2026
Question 11:

In Question 11, the statements are about three AI ethics principles: transparency, privacy, and inclusiveness.

- Box 1 (Transparency): Yes – transparency helps people understand how the model works. - Box 2 (Privacy): No – data must be protected; privacy is essential. - Box 3 (Inclusiveness): No – inclusiveness means AI should empower all people and remove barriers (e.g., accessibility features), not pricing or
Vagos, Portugal

Anonymous User Commented on April 12, 2026
what are the main topic in esam
Here are the main topics for the AI-900 exam:

Describe AI workloads and considerations — identify common AI workloads and factors like data privacy, security, ethics, fairness, and governance.

Describe fundamental principles of machine learning on Azure — basics of ML (supervised, unsupervised, reinforcement), model training and evaluation, and Azure ML services and workflows.

Describe fundamental concepts of computer vision workloads — tasks such as image classification, object detection, OCR, and related vision capabilities.

Describe fundamental concepts of NLP workloads and common use cases — topics like text analytics, translation, sentiment analysis, speech understanding.

Describe conversational AI workloads and Azure services — chatbots and virtual assistants, using services like Azure Bot Service, Language and Speech services, QnA.

Describe responsible AI — six principles: fairness, accountability, reliability and safety, privacy and security, inclusiveness, and transparency.

Hyderabad, India

Anonymous User Commented on April 12, 2026
Question 40:

The correct answer cannot be determined from the given information because the symbol rate S (in Gbaud/s) is missing.

Relationship: bits per symbol = 40 / S.

Possible cases:

- If S = 20 Gbaud/s ? 40/20 = 2 bits per symbol ? QPSK / 4QAM. - If S = 10 Gbaud/s ? 40/10 = 4 bits per symbol ? DP-QPSK. - If S = 40 Gbaud/s ? 40/40 = 1 bit per symbol ? BPSK.

Example: with S = 20 Gbaud/s, the modulation is QPSK (4QAM).

Cape Town, South Africa

jijore3700 Commented on April 12, 2026
Question 81:

Correct answer: Purchase Azure Active Directory Premium Plan 2 licenses for all users.

Explanation:

Azure AD Identity Protection features, including configuring a user risk policy and a sign-in risk policy, require Azure Active Directory Premium Plan 2.

Premium Plan 1 does not include Identity Protection, so upgrading to P2 is necessary to access these policies.

The other options don’t grant Identity Protection capabilities: MFA registration (B) isn’t the gating factor, security defaults (C) enable MFA but not risk policies, and Defender for Cloud features (D) are unrelated to Identity Protection.

Pfullingen, Germany

jijore3700 Commented on April 12, 2026
Question 80:

Role1 (manage application security groups): use the resource type Microsoft.Network/applicationSecurityGroups (i.e., the Microsoft.Network resource provider).

Role2 (manage Azure Bastion): use the resource type Microsoft.Network/bastions (i.e., the Microsoft.Network resource provider).

Explanation:

Both resources are network-related and live under the Microsoft.Network provider.

Role1 needs permissions on the Application Security Groups resource type; Role2 needs

Pfullingen, Germany

jijore3700 Commented on April 12, 2026
Question 75:

Correct answer: A

Why this is correct:

- The task is to grant a user the ability to manage the properties of VMs in a specific resource group, using the principle of least privilege. - The appropriate role is Virtual Machine Contributor, which allows managing virtual machines (start/stop, configure, update sizes, manage disks, etc.) but does not grant access to modify IAM or other resources outside the VM scope. - Scope the role to the specific resource group RG1lod12345678 to limit permissions to that group only (least privilege).

How to implement (summary of steps):

- Sign in to the Azure portal. - Go to Resource Groups > select RG1lod12345678. -
Pfullingen, Germany

Njabulo Commented on April 12, 2026
question 7 : B,E
Johannesburg, South Africa

njabulo Commented on April 11, 2026
great for exam preparations
Johannesburg, South Africa

Verifying Commented on April 11, 2026
Q62 is engagement
Paris, France

Anonymous User Commented on April 11, 2026
Question 1:

Correct answer: 3.4 defects per million opportunities (DPMO).

Why: In Six Sigma, process performance is measured as DPMO. A true Six Sigma level corresponds to about 3.4 defects per million opportunities.

Riyadh, Saudi Arabia

Anonymous User Commented on April 11, 2026
Question 18:

Answer: False

Why: In Snowflake Secure Data Sharing, a Reader Account is an external account hosted by Snowflake to let partners access shared data. The Data Provider is billed for compute usage in the reader account (compute credits for the warehouses used to run queries), even though the data is read-only. So there are additional compute costs; it’s not zero-cost for the provider.

How to manage: size or pause the reader account’s warehouses to control costs, since query compute in the reader account drives the charges.

Chennai, India

Anonymous User Commented on April 11, 2026
Question 5:

Answer: True

Why: Bulk unloading in Snowflake is done with the COPY INTO command. It supports unloading from a table or from the result of a SELECT statement. Using a SELECT lets you specify exactly which columns and rows to unload (and even compute expressions) before writing to an external stage. For example:

- COPY INTO @stage/path/file.csv FROM (SELECT col1, col2 FROM my_table WHERE date >= '2024-01-01') FILE_FORMAT=(TYPE=CSV);
Chennai, India

Anonymous User Commented on April 11, 2026
Question 40:

Correct answers: B and C.

Why: In Azure AD, deleted objects go into a "Deleted items" state and can be restored within 30 days. The types you can restore are:

- Deleted users - Deleted Office 365 (Microsoft 365) groups - You cannot restore deleted security groups.

So among the listed objects, you can restore the deleted user (User2) and the deleted Office 365 group (Group2).

Pfullingen, Germany

Anonymous User Commented on April 11, 2026
Question 39:

Correct answer: D

Why: The error occurs because guest invitations are blocked by the External collaboration settings. To invite an external partner, you need to allow guest invitations in the Users blade under External collaboration settings (e.g., enable “Users can invite guest users”). The other options do not address guest invitation permissions.

Pfullingen, Germany

Anonymous User Commented on April 11, 2026
Question 35:

Correct answer: B

Why: SAS tokens that are issued against a stored access policy can be revoked by deleting or renaming that policy (changing its signed identifier). Generating new SAS tokens does not invalidate existing ones—the old tokens remain valid until they expire. By deleting/renaming the stored access policy, all SASs tied to that policy are immediately revoked, meeting the goal.

Pfullingen, Germany

malvie2@gmail.com Commented on April 10, 2026
Question 367:
Correct answer: A) Social engineering training

Why: It educates employees to recognize phishing indicators and handle suspicious emails safely, directly reducing accidental malware introduction from user actions.

SPF configuration: Helps prevent email spoofing at DNS level but doesn’t train users or reduce click risk.

Simulated phishing campaign: Useful for testing and reinforcing training, but the question asks for the best overall posture; foundational training is more impactful.

Insider threat awareness: Focuses on misuse by trusted insiders, not broadly on malware introduced via phishing.

Recommendation: implement ongoing security awareness training and consider periodic phishing simulations to reinforce the lessons.
Cape Town, South Africa

Anonymous User Commented on April 10, 2026
Question 2:

Correct answer: Memory and Heartbeat.

Why these fit:

- Memory: Shows current RAM usage and pressure. Helps you optimize utilization by indicating how much memory is free, available, and how often the system is paging. - Heartbeat: A liveness indicator that the server or monitoring agent is alive. If the heartbeat fails, you know the host/service is down or unresponsive, which is essential for ensuring overall utilization and availability.

Why not the others:

- Page file: part of virtual memory, but not a direct performance metric by itself in this context. - Services / Application: are things you monitor, not metrics themselves. - CPU: a common utilization metric, but the question’s provided answer uses Memory and Heartbeat.
Innisfil, Canada

Anonymous User Commented on April 10, 2026
Question 4:

Correct answer: one.

Why: An interface is assigned to a single security zone to define its security boundary. Traffic is evaluated based on that zone’s policies, so an interface cannot belong to multiple zones simultaneously.

How to segment on one physical port: use subinterfaces (VLANs). Each subinterface can be assigned to a different zone, allowing multiple security boundaries on the same physical link.

Spain

Anonymous User Commented on April 10, 2026
Question 2:

Correct answer: management plane.

Why: The management (control) plane is responsible for configuration, logging, and reporting. It runs on a separate processor to keep admin tasks isolated from traffic processing, ensuring the firewall remains manageable even under load.

Quick contrast:

- Data plane: forwards user traffic. - Security processing plane: handles security tasks like App-ID, threat prevention.
Netherlands

Anonymous User Commented on April 10, 2026
Question 29:

Correct answer: A) Hashing

Why: Hashing creates a unique digest of the final software version. If the code is tampered with, the hash will change, so you can detect tampering by recomputing and comparing the hash to the original.

What the other options do (and why they’re not correct for tamper detection):

- Encryption: protects confidentiality, not integrity or tamper detection. - Baselines: describe standard configurations to detect deviations, but don’t provide a tamper-evident check on the final artifact itself. - Tokenization: replaces data with tokens for privacy, not for verifying software integrity.

Practical idea: generate a hash (e.g., SHA-256) of the final build, store it securely or
Netherlands

Anonymous User Commented on April 10, 2026
Question 71:
Here’s the mapping for Question 71, which asks to place TCP/IP protocols onto their primary transmission (TCP/IP) layer:

TCP ? Transport layer

- Connection-oriented, reliable delivery.

UDP ? Transport layer

- Connectionless, best-effort delivery.

IP ? Internet layer

- Addressing and routing of packets.

ICMP ? Internet layer

- Control messages used by IP (e.g., echo, unreachable).

ARP ? Link (Data Link) layer

- Resolves IP addresses to MAC addresses on a local network.
Key idea: In TCP/IP, the layers ar
United Kingdom

Anonymous User Commented on April 10, 2026
Question 1:
You’re right to double-check. The correct answer is B.

A reporting snapshot captures data from a report on a scheduled basis and stores it in a custom object for historical analysis.

To meet the requirement “store the details of open opportunities weekly,” schedule a reporting snapshot weekly and store results in a custom object.

For “forecasts and closes monthly,” you can create a separate snapshot that runs monthly (or design the source report to include monthly data). Salesforce supports multiple snapshots, so you can cover both weekly open opportunities and monthly forecast/close data, even though the option here highlights the weekly snapshot approach.

Why the other options aren’t as suitable:

A and D rely on a forecast report and store in a folder, which doesn’t pres
United Kingdom

Anonymous User Commented on April 10, 2026
Question 4:

Correct answer: A. Merge the Customer and Address tables.

Why: You want one row per customer and include the city, state/region, and country. The data is in two tables that relate via Address ID. Merging (joining) the tables on Address ID brings in the address fields for each customer. Other options are not suitable:

- Group by would summarize data, not join. - Transpose would flip rows/columns. - Append would stack tables, not relate them by a key.

How to do it (Power Query Editor):

- Select the Customer table. - Use Merge Queries (or Merge Queries as New). - Choose the Address table and join on Address ID (use Left Outer
United Kingdom

Anonymous User Commented on April 10, 2026
Question 1:

Correct answer: C — test (e.g., test security-policy-match).

Explanation: The test CLI command simulates traffic through the firewall and reveals exactly which elements would be triggered—Security policy rule, NAT translation, static route, or PBF rule—for a given source/destination/service. It’s a troubleshooting tool to validate how traffic would be handled by the policies without sending real traffic.

India

Anonymous User Commented on April 10, 2026
Question 6:
Question 6 asks which agreement type defines the time frame in which a vendor needs to respond. The correct answer is:

Answer: B — SLA (Service Level Agreement)

Key concepts:

An SLA specifies the service levels, including expected response and resolution times for incidents, uptime, and support hours in a vendor relationship.

It creates enforceable metrics (e.g., response within X hours, problem solved within Y hours) and may include service credits if not met.

Why the others don’t fit:

A) SOW (Statement of Work): defines project scope, deliverables, and timelines for a specific project, not ongoing response windows.

C) MOA (Memorandum of Agreement): outlines mutual aims; not typically enforceable performance metrics.<
India

Anonymous User Commented on April 10, 2026
Question 4:

The task is an image classification problem (predicting plant diseases). The metric to evaluate “how many images were classified correctly” is Accuracy.

Why this is correct:

- Accuracy = (number of correctly predicted images) / (total number of images). It directly measures overall correctness for classification tasks (binary or multi-class).

Why the other options are not appropriate here:

- R-squared score and RMSE are metrics for regression, not classification. - Learning rate is a training hyperparameter, not a measure of model performance.

Quick tip: In cases with class imbalance, you might also look at precision, recall, or F1-score, but for this question, accuracy is the i
United States

Anonymous User Commented on April 10, 2026

Answer: C — linkage to business area objectives.

Why this is the most important:

Senior management cares about how security supports business goals. Linking the governance process to business objectives shows how security enables value, not just protects assets.

It aligns risk management with business priorities (revenue, availability, regulatory requirements), helping secure funding and sponsorship.

Why the other options are less critical as the sole focus:

Knowledge required to analyze each issue: important for depth, but not what senior management needs to judge governance effectiveness.

Information security metrics: useful, but only meaningful when tied to business objectives; metrics without context may misrepresent value.

Baseline against which metrics are evalua
United States

Anonymous User Commented on April 10, 2026

Correct answer: Role-based access control (RBAC).

Why: RBAC assigns permissions to roles rather than to individual users. Users are granted access by being placed into roles that match their job responsibilities. This greatly simplifies management when many users share similar duties, reducing administrative overhead and the chance of granting excess rights. It also supports consistent application of the principle of least privilege and easier auditing.

How it compares to other options:

- DAC: Access is granted by individual owners, which can lead to permission sprawl and harder administration for many users. - Content-dependent Access Control: Access decisions depend on the content being accessed, not on user roles. - Rule-based Access Control: Focuses on policie
United States

Anonymous User Commented on April 10, 2026
Question 2 asks which technique best identifies a broad range of strategic risks. The correct answer is PESTLE.

PESTLE analyzes external macro-environmental factors: Political, Economic, Social, Technological, Legal, and Environmental. This approach helps identify risks and opportunities that could impact strategy across markets and regulations.

Why not the others:

- OKR focuses on setting and measuring objectives, not risk identification. - Customer analytics looks at customer data, not the full external risk landscape. - Portfolio optimization prioritizes initiatives but isn’t primarily a tool for broad risk identification.
United States

Anonymous User Commented on April 10, 2026

Correct answer: Transfer

Why: Using cyber insurance is a risk transfer strategy. It shifts potential financial losses from the organization to a third party (the insurer) for risks listed in the risk register.

What other options mean:

- Accept: Acknowledge the risk without taking action. - Mitigate: Implement controls to reduce likelihood/impact, not to transfer costs. - Avoid: Change plans to eliminate the risk entirely.

Quick context: In risk management, after identifying risks (in the risk register), you choose treatments. Insurance is a classic transfer method, moving financial exposure to an external party.

United States

Steven Commented on April 03, 2026
I passed my certification with the help of this website. The AI Teaching assistance is very very helpful.
New York, United States

Cooper Commented on April 02, 2026
This free version is great but does not cover all the questions. The paid version has way more questions and explanation plus an unlimited AI Tutor that is really optimized towards this exam.
United States

John Parker Commented on March 31, 2026
Perfect, it helps to understand the exam style
Kusadasi, Türkiye

Mann Bahn Commented on March 28, 2026
perfect guidelines for examination
Kusadasi, Türkiye

Mann Bahn Commented on March 26, 2026
Let us review first
Kusadasi, Türkiye

AI Tutor 👋 I’m here to help!

AI Tutor — EC0-349

Hay!
I’m your AI study assistant for the EC0-349 exam. Ask me anything about the exam or the questions on this page, and I’ll break it down so it actually makes sense.
You want it in a different language? Just say it.

Contact Us

Exam Vendors

Customer Reviews

DMCA

Terms of Service

Privacy Policy

© 2026 Free-Braindumps.com - A Community of Learners.

Disclaimer:
The resources, practice tests, and study guides on Free-Braindumps.com are strictly for educational and research purposes. We are an independent community platform and are not affiliated with, endorsed by, or sponsored by any official certification vendors, including Microsoft, Cisco, Amazon, CompTIA, or others. All certification names, trademarks, and logos are the property of their respective owners. Our content is user-contributed or independently developed to assist with exam preparation and skill assessment; we do not host or provide access to proprietary, confidential, or live exam questions.