Computer Hacking Forensic Investigator - EC0-349 Exam Practice Test

Question 1

At what layer of the OSI model do routers function on?

A. 1

B. 5

C. 3

D. 4

Correct Answer: C

Question 2

Lance wants to place a honeypot on his network. Which of the following would be your recommendations?

A. It doesn't matter as all replies are faked

B. Use it on a system in an external DMZ in front of the firewall

C. Use a system that is not directly interacing with the router

D. Use a system that has a dynamic addressing on the network

Correct Answer: A

Question 3

You are a security analyst performing a penetration tests for a company in the Midwest. After some initial reconnaissance, you discover the IP addresses of some Cisco routers used by the company. You type in the following URL that includes the IP address of one of the routers:
http://172.168.4.131/level/99/exec/show/config
After typing in this URL, you are presented with the entire configuration file for that router.
What have you discovered?

A. HTTP Configuration Arbitrary Administrative Access Vulnerability

B. Cisco IOS Arbitrary Administrative Access Online Vulnerability

C. URL Obfuscation Arbitrary Administrative Access Vulnerability

D. HTML Configuration Arbitrary Administrative Access Vulnerability

Correct Answer: A

Question 4

Using Linux to carry out a forensics investigation, what would the following command accomplish? dd if=/usr/home/partition.image of=/dev/sdb2 bs=4096 conv=notrunc,noerror

A. Copy a partition to an image file

B. Search for disk errors within an image file

C. Restore a disk from an image file

D. Backup a disk to an image file

Correct Answer: C

Question 5

FAT32 is a 32-bit version of FAT file system using smaller clusters and results in efficient storage capacity. What is the maximum drive size supported?

A. 1 terabytes

B. 2 terabytes

C. 4 terabytes

D. 3 terabytes

Correct Answer: B

Question 6

In Windows 7 system files, which file reads the Boot.ini file and loads Ntoskrnl.exe. Bootvid.dll.
Hal.dll, and boot-start device drivers?

A. Gdi32.dll

B. Ntldr

C. Boot.in

D. Kernel32.dll

Correct Answer: B

Question 7

You are trying to locate Microsoft Outlook Web Access Default Portal using Google search on the Internet. What search string will you use to locate them?

A. outlook:"search"

B. allinurl:"exchange/logon.asp"

C. locate:"logon page"

D. intitle:"exchange server"

Correct Answer: B

Question 8

Which of the following Wi-Fi chalking methods refers to drawing symbols in public places to advertise open Wi-Fi networks?

A. WarDhving

B. WarFlying

C. WarWalking

D. WarChalking

Correct Answer: D

Question 9

____________________ is simply the application of Computer Investigation and analysis techniques in the interests of determining potential legal evidence.

A. Event Reaction

B. Network Forensics

C. Computer Forensics

D. Incident Response

Correct Answer: C

Question 10

If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?

A. The system has been compromised using a t0rnrootkit

B. The system administrator has created an incremental backup

C. Nothing in particular as these can be operational files

D. The system files have been copied by a remote attacker

Correct Answer: C

Question 11

A computer forensic report is a report which provides detailed information on the complete forensics investigation process.

A. True

B. False

Correct Answer: A

Question 12

Under which Federal Statutes does FBI investigate for computer crimes involving e- mail scams and mail fraud?

A. 18 U.S.C. 1343 Fraud by wire, radio or television

B. 18 U.S.C. 1030 Fraud and related activity in connection with computers

C. 18 U.S.C. 1362 Government communication systems

D. 18 U.S.C. 1029 Possession of Access Devices

E. 18 U.S.C. 1831 Economic Espionage Act

F. 18 U.S.C. 1361 Injury to Government Property

G. 18 U.S.C. 1832 Trade Secrets Act

Correct Answer: B

Question 13

What advantage does the tool Evidor have over the built-in Windows search?

A. It can search slack space

B. It can find bad sectors on the hard drive

C. It can find deleted files even after they have been physically removed

D. It can find files hidden within ADS

Correct Answer: A

Question 14

A forensics investigator needs to copy data from a computer to some type of removable media so he can examine the information at another location. The problem is that the data is around 42GB in size. What type of removable media could the investigator use?

A. Blu-Ray dual-layer

B. HD-DVD

C. DVD-18

D. Blu-Ray single-layer

Correct Answer: A

Question 15

You should always work with original evidence

A. True

B. False

Correct Answer: B

EC-COUNCIL Computer Hacking Forensic Investigator - EC0-349 Exam Practice Test

Latest Update

Useful Links

Contact Us