CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. EC0-349

Free EC0-349 Exam Braindumps (page: 11)

Page 9 of 94
PDF with 374 Questions

If you plan to startup a suspect's computer, you must modify the _____________to ensure that you do not contaminate or alter data on the suspect's hard drive by booting to the hard drive.

  1. Scandisk utility
  2. deltree command
  3. CMOS
  4. Boot.sys

Answer(s): C



Jones had been trying to penetrate a remote production system for the past two weeks. This time however, he is able to get into the system. He was able to use the system for a period of three weeks. However law enforcement agencies were recording his every activity and this was later presented as evidence. The organization had used a virtual environment to trap Jones. What is a virtual environment?

  1. An environment set up after the user logs in
  2. A system using Trojaned commands
  3. A honeypot that traps hackers
  4. An environment set up before a user logs in

Answer(s): C



You are working as an independent computer forensics investigator and receive a call from a systems administrator for a local school system requesting your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer Lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a simple backup copy of the hard drive in the PC and put it on this drive and requests that you examine the drive for evidence of the suspected images. You inform him that a simple backup copy will not provide deleted files or recover file fragments. What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceedings?

  1. incremental backup copy
  2. bit-stream copy
  3. robust copy
  4. full backup copy

Answer(s): B



The offset in a hexadecimal code is:

  1. The 0x at the beginning of the code
  2. The first byte after the colon
  3. The last byte after the colon
  4. The 0x at the end of the code

Answer(s): A






Post your Comments and Discuss EC-Council EC0-349 exam with other Community members:

EC0-349 Exam Discussions & Posts