Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
MuleSoft
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. EC0-349

Free EC0-349 Exam Braindumps (page: 5)

Page 5 of 94
PDF with 374 Questions

When investigating a Windows system, it is important to view the contents of the "page" or "swap" file because:

  1. Windows stores all of the systems configuration information in this file
  2. a large volume of data can exist within the swap file of which the computer user has no knowledge
  3. this is the file that Windows uses to store the history of the last 100 commands that were run from the command line
  4. this is the file that Windows uses to communicate directly with the Registry

Answer(s): B



Profiling is a forensics technique for analyzing evidence with the goal of identifying the perpetrator from their pervious activity. After a computer has been compromised by a hacker, which of the following would be most important in forming a profile of the incident?

  1. The nature of the attack
  2. The vulnerability exploited in the incident
  3. The manufacture of the system compromised
  4. The logic, formatting and elegance of the code used in the attack

Answer(s): D



When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?

  1. a disk editor
  2. a firewall
  3. a write-blocker
  4. a protocol analyzer

Answer(s): C



If you plan to startup a suspect's computer, you must modify the _____________to ensure that you do not contaminate or alter data on the suspect's hard drive by booting to the hard drive.

  1. CMOS
  2. Boot.sys
  3. deltree command
  4. Scandisk utility

Answer(s): A






Post your Comments and Discuss EC-Council EC0-349 exam prep with other Community members: