• Home
  • Blogs
  • Authentic Best resources for EC0-349 Test Engine Practice Exam [Q275-Q296]

Authentic Best resources for EC0-349 Test Engine Practice Exam [Q275-Q296]

Share

Authentic Best resources for EC0-349 Test Engine Practice Exam

[2025] EC0-349 PDF Questions - Perfect Prospect To Go With Prep4away Practice Exam

NEW QUESTION # 275
During the course of a corporate investigation, you find that an Employee is committing a crime.
Can the Employer file a criminal complaint with Police?

  • A. Yes, but only if you turn the evidence over to a federal law enforcement agency
  • B. No, because the investigation was conducted without following standard police procedures
  • C. No, because the investigation was conducted without warrant
  • D. Yes, and all evidence can be turned over to the police

Answer: D


NEW QUESTION # 276
Which program is the oot loader?when Windows XP starts up?Which program is the ?oot loader?when Windows XP starts up?

  • A. NTLDR
  • B. KERNEL.EXE
  • C. LOADER
  • D. LILO

Answer: A


NEW QUESTION # 277
You are the network administrator for a small bank in Dallas, Texas. To ensure network security, you enact a security policy that requires all users to have 14 character passwords. After giving your users 2 weeks notice, you change the Group Policy to force 14 character passwords. A week later you dump the SAM database from the standalone server and run a password-cracking tool against it. Over 99% of the passwords are broken within an hour. Why were these passwords cracked so Quickly?

  • A. The passwords that were cracked are local accounts on the Domain Controller
  • B. Networks using Active Directory never use SAM databases so the SAM database pulled was empty
  • C. Passwords of 14 characters or less are broken up into two 7-character hashes
  • D. A password Group Policy change takes at least 3 weeks to completely replicate throughout a network

Answer: C


NEW QUESTION # 278
An Employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the Employees Computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekend. You detain the Employee before he leaves the building and recover the floppy disks and secure his computer. Will you be able to break the encryption so that you can verify that that the employee was in possession of the proprietary information?

  • A. The EFS Revoked Key Agent can be used on the Computer to recover the information
  • B. When the Encrypted file was copied to the floppy disk, the EFS private key was also copied to the floppy disk, so you can recover the information.
  • C. When the encrypted file was copied to the floppy disk, it was automatically unencrypted, so you can recover the information.
  • D. EFS uses a 128-bit key that can't be cracked, so you will not be able to recover the information

Answer: C


NEW QUESTION # 279
When carrying out a forensics investigation, why should you never delete a partition on a dynamic disk?

  • A. The wrong partition may be set to active
  • B. All virtual memory will be deleted
  • C. This action can corrupt the disk
  • D. The computer will be set in a constant reboot state

Answer: C


NEW QUESTION # 280
When collecting electronic evidence at the crime scene, the collection should proceed from the most volatile to the least volatile

  • A. True
  • B. False

Answer: A


NEW QUESTION # 281
Data files from original evidence should be used for forensics analysis

  • A. True
  • B. False

Answer: B


NEW QUESTION # 282
What type of file is represented by a colon (:) with a name following it in the Master File Table (MFT) of an NTFS disk?

  • A. Encrypted file
  • B. Reserved file
  • C. Compressed file
  • D. Data stream file

Answer: D


NEW QUESTION # 283
What file structure database would you expect to find on floppy disks?

  • A. FAT32
  • B. NTFS
  • C. FAT12
  • D. FAT16

Answer: C

Explanation:
Explanation: NTFS is not designed for removable media, although used on some removable media that is very large, never for floppy disks. FAT32 has a minimum space requirement which is larger than floppy disks FAT16 would seem like a logical choice, but is not usually used on floppies FAT12 would be on floppy disks, and probably not seen on anything else. Since floppy disk media is small in size (less than 2 MB), a FAT12 file system has lower overhead and is more efficient.


NEW QUESTION # 284
In handling computer-related incidents, which IT role should be responsible for recovery, containment, and prevention to constituents?

  • A. Security Administrator
  • B. Director of Administration
  • C. Network Administrator
  • D. Director of Information Technology

Answer: C


NEW QUESTION # 285
When marking evidence that has been collected with the aa/ddmmyy/nnnn/zz?format, what does the nnn?denote?When marking evidence that has been collected with the ?aa/ddmmyy/nnnn/zz?format, what does the ?nnn?denote?

  • A. The sequence number for the parts of the same exhibit
  • B. The year the evidence was taken
  • C. The initials of the forensics analyst
  • D. The sequential number of the exhibits seized

Answer: D


NEW QUESTION # 286
Jack Smith is a forensics investigator who works for Mason Computer Investigation Services. He is investigating a computer that was infected by Ramen Virus.

He runs the netstat command on the machine to see its current connections. In the following screenshot, what do the 0.0.0.0 IP addresses signify?

  • A. Those connections are established
  • B. Those connections are in timed out/waiting mode
  • C. Those connections are in listening mode
  • D. Those connections are in closed/waiting mode

Answer: C


NEW QUESTION # 287
A forensics investigator is searching the hard drive of a computer for files that were recently moved to the Recycle Bin. He searches for files in C:\RECYCLED using a command line tool but does not find anything.
What is the reason for this?

  • A. He should search in C:\Windows\System32\RECYCLED folder
  • B. Only FAT system contains RECYCLED folder and not NTFS
  • C. The Recycle Bin does not exist on the hard drive
  • D. The files are hidden and he must use switch to view them

Answer: D


NEW QUESTION # 288
John is working on his company policies and guidelines. The section he is currently working on covers company documents; how they should be handled, stored, and eventually destroyed. John is concerned about the process whereby outdated documents are destroyed. What type of shredder should John write in the guidelines to be used when destroying documents?

  • A. Cross-cut shredder
  • B. Cross-hatch shredder
  • C. Strip-cut shredder
  • D. Cris-cross shredder

Answer: A


NEW QUESTION # 289
John and Hillary works at the same department in the company. John wants to find out Hillary's network password so he can take a look at her documents on the file server. He enables Lophtcrack program to sniffing mode. John sends Hillary an email with a link to Error! Reference source not found. What information will he be able to gather from this?

  • A. The SID of Hillary network account
  • B. The network shares that Hillary has permissions
  • C. Hillary network username and password hash
  • D. The SAM file from Hillary computer

Answer: C


NEW QUESTION # 290
What should you do when approached by a reporter about a case that you are working on or have worked on?

  • A. Say, "no comment"
  • B. Answer only the questions that help your case
  • C. Answer all the reporter's questions as completely as possible
  • D. Refer the reporter to the attorney that retained you

Answer: D


NEW QUESTION # 291
What is the following command trying to accomplish?

  • A. Verify that UDP port 445 is closed for the 192.168.0.0 network
  • B. Verify that UDP port 445 is open for the 192.168.0.0 network
  • C. Verify that TCP port 445 is open for the 192.168.0.0 network
  • D. Verify that NETBIOS is running for the 192.168.0.0 network

Answer: B


NEW QUESTION # 292
Corporate investigations are typically easier than public investigations because:

  • A. the users have standard corporate equipment and software
  • B. the investigator does not have to get a warrant
  • C. the users can load whatever they want on their machines
  • D. the investigator has to get a warrant

Answer: B


NEW QUESTION # 293
In a FAT32 system, a 123 KB file will use how many sectors?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: D

Explanation:
Explanation/Reference:


NEW QUESTION # 294
At what layer does a cross site scripting attack occur on?

  • A. Data Link
  • B. Presentation
  • C. Session
  • D. Application

Answer: D


NEW QUESTION # 295
Daryl, a computer forensics investigator, has just arrived at the house of an alleged computer hacker. Daryl takes pictures and tags all computer and peripheral equipment found in the house. Daryl packs all the items found in his van and takes them back to his lab for further examination. At his lab, Michael his assistant helps him with the investigation. Since Michael is still in training, Daryl supervises all of his work very carefully. Michael is not quite sure about the procedures to copy all the data off the computer and peripheral devices. How many data acquisition tools should Michael use when creating copies of the evidence for the investigation?

  • A. Two
  • B. One
  • C. Four
  • D. Three

Answer: A


NEW QUESTION # 296
......

Best updated resource for EC0-349 Online Practice Exam: https://certblaster.prep4away.com/EC-COUNCIL-certification/braindumps.EC0-349.ete.file.html

Related Blogs

more
EC-COUNCIL EC0-349 Certification Practice Exam