Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
MuleSoft
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. EC0-349

Free EC0-349 Exam Braindumps (page: 2)

Page 2 of 94
PDF with 374 Questions

In what way do the procedures for dealing with evidence in a criminal case differ from the procedures for dealing with evidence in a civil case?

  1. evidence procedures are not important unless you work for a law enforcement agency
  2. evidence must be handled in the same way regardless of the type of case
  3. evidence in a civil case must be secured more tightly than in a criminal case
  4. evidence in a criminal case must be secured more tightly than in a civil case

Answer(s): B



Which part of the Windows Registry contains the user's password file?

  1. HKEY_LOCAL_MACHINE
  2. HKEY_CURRENT_CONFIGURATION
  3. HKEY_USER
  4. HKEY_CURRENT_USER

Answer(s): C



If a suspect's computer is located in an area that may have toxic chemicals, you must

  1. coordinate with the HAZMAT team
  2. do not enter alone
  3. assume the suspect machine is contaminated
  4. determine a way to obtain the suspect computer

Answer(s): A



Profiling is a forensics technique for analyzing evidence with the goal of identifying the perpetrator from their pervious activity. After a computer has been compromised by a hacker, which of the following would be most important in forming a profile of the incident?

  1. The vulnerability exploited in the incident
  2. The manufacture of the system compromised
  3. The nature of the attack
  4. The logic, formatting and elegance of the code used in the attack

Answer(s): D






Post your Comments and Discuss EC-Council EC0-349 exam prep with other Community members: