Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. EC0-349

EC-Council EC0-349 Exam Questions
EC0-349 ECCouncil Computer Hacking Forensic Investigator (Page 7 )

Updated On: 24-Feb-2026
Page 7 of 76
PDF with 374 Questions

From the following spam mail header, identify the host IP that sent this spam?

From jie02@netvigator.com jie02@netvigator.com Tue Nov 27 17:27:11 2001
Received: from viruswall.ie.cuhk.edu.hk (viruswall [137.189.96.52]) by eng.ie.cuhk.edu.hk (8.11.6/8.11.6) with ESMTP id
fAR9RAP23061 for ; Tue, 27 Nov 2001 17:27:10 +0800 (HKT)
Received: from mydomain.com (pcd249020.netvigator.com [203.218.39.20]) by viruswall.ie.cuhk.edu.hk (8.12.1/8.12.1)

with SMTP id fAR9QXwZ018431 for ; Tue, 27 Nov 2001 17:26:36 +0800 (HKT)
Message-Id: >200111270926.fAR9QXwZ018431@viruswall.ie.cuhk.edu.hk From: "china hotel web"
To: "Shlam"
Subject: SHANGHAI (HILTON HOTEL) PACKAGE
Date: Tue, 27 Nov 2001 17:25:58 +0800 MIME-Version: 1.0
X-Priority: 3 X-MSMail- Priority: Normal
Reply-To: "china hotel web"

  1. 203.218.39.50
  2. 203.218.39.20
  3. 137.189.96.52
  4. 8.12.1.0

Answer(s): B



You have used a newly released forensic investigation tool, which doesnt meet the Daubert Test, during a case. The case has ended-up in court. What argument could the defense make to weaken your case?

  1. Only the local law enforcement should use the tool
  2. You are not certified for using the tool
  3. The tool has not been tested by the International Standards Organization (ISO)
  4. The tool has not been reviewed and accepted by your peers

Answer(s): D



When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?

  1. a disk editor
  2. a write-blocker
  3. a protocol analyzer
  4. a firewall

Answer(s): B



If you plan to startup a suspect's computer, you must modify the _____________to ensure that you do not contaminate or alter data on the suspect's hard drive by booting to the hard drive.

  1. Scandisk utility
  2. deltree command
  3. CMOS
  4. Boot.sys

Answer(s): C



Jones had been trying to penetrate a remote production system for the past two weeks. This time however, he is able to get into the system. He was able to use the system for a period of three weeks. However law enforcement agencies were recording his every activity and this was later presented as evidence. The organization had used a virtual environment to trap Jones. What is a virtual environment?

  1. An environment set up after the user logs in
  2. A system using Trojaned commands
  3. A honeypot that traps hackers
  4. An environment set up before a user logs in

Answer(s): C






Post your Comments and Discuss EC-Council EC0-349 exam dumps with other Community members:

Join the EC0-349 Discussion