[Free] 2018(Jan) EnsurePass Pass4sure ECCouncil EC1-349 Dumps with VCE and PDF 151-160

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released EC1-349
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/EC1-349.html

ECCouncil Computer Hacking Forensic Investigator

Question No: 151 – (Topic 2)

Sectors in hard disks typically contain how many bytes?

A. 256

B. 512

C. 1024

D. 2048

Answer: B

Question No: 152 – (Topic 2)

What is the target host IP in the following command? C:\gt; firewalk -F 80 10.10.150.1 172.16.28.95 -p UDP

A. 10.10.150.1

  1. This command is using FIN packets, which cannot scan target hosts

  2. Firewalk does not scan target hosts

D. 172.16.28.95

Answer: D

Question No: 153 – (Topic 2)

Bill is the accounting manager for Grummon and Sons LLC in Chicago. On a regular basis, he needs to send PDF documents containing sensitive information through E-mail to his customers. Bill protects the PDF documents with a password and sends them to their intended recipients. Why PDF passwords do not offer maximum protection?

  1. PDF passwords are converted to clear text when sent through E-mail

  2. PDF passwords are not considered safe by Sarbanes-Oxley

  3. When sent through E-mail, PDF passwords are stripped from the document completely

  4. PDF passwords can easily be cracked by software brute force tools

Answer: D

Question No: 154 – (Topic 2)

You have completed a forensic investigation case. You would like to destroy the data contained in various disks at the forensics lab due to sensitivity of the case. How would you permanently erase the data on the hard disk?

  1. Throw the hard disk into the fire

  2. Run the powerful magnets over the hard disk

  3. Format the hard disk multiple times using a low level disk utility

  4. Overwrite the contents of the hard disk with Junk data

Answer: A,C

Explanation: To be effective with throwing the hard drive into the fire, the fire would have to be hot enough to melt the platters into molten metal, which requires an industrial furnance. This requires special facilities.

Running powerful magnets over the disk, such as degaussing the disk, may destroy the data, but may also be ineffective. In some cases, the degaussing process for tape and disk may render the disk unusable for use again. (of course throwing the drives into a furnance also guarantee that as well).

Formatting the disk multiple times with a low level disk utility is the best way to go, and still beable to re-use the disk for later projects. The keys are “multiple” and “low level”. A low level format is typicall a slow, thorough, format that is a wipe. Multiple – as opposed to once – is recommended. There is a theory on “how many times”, some schools say at least three times. The problem with this answer is that with newer drives, such as ATA and SCSI, low level formats can destroy the volumes as well, and some BIOS may actually ignore the LLF directives.

Overwritting the disk with junk data would perform some form of wipe because the old data is wiped out, but still may be recoverd.

Note:

According to some websites:

Physical Methods that will not work to destroy data on a hard drive include:Throwing it in the water (this does not do much)Setting it on fire (the temperature is not going to be high enough at home)Throwing it out of the window. Hard drives can take quite a bit of G force. They are not heavy so the impact of the hard drive on the ground is not likely to destroy the platters.Drive over the hard drive. A car, or even a tank, driving over a hard drive will do nothing, any more than they would driving over a book. Unless the drive is actually flattened, the platters are not going to be destroyed

Question No: 155 – (Topic 2)

The objective of this act was to protect consumers personal financial information held by financial institutions and their service providers.

  1. HIPAA

  2. Sarbanes-Oxley 2002

  3. California SB 1386

  4. Gramm-Leach-Bliley Act

Answer: D

Question No: 156 – (Topic 2)

If an attacker#39;s computer sends an IPID of 31400 to a zombie computer on an open port in IDLE scanning, what will be the response?

A. 31402

B. The zombie will not send a response

C. 31401

D. 31399

Answer: C

Question No: 157 – (Topic 2)

In the following email header, where did the email first originate from?

Ensurepass 2018 PDF and VCE

  1. Somedomain.com

  2. Smtp1.somedomain.com

  3. Simon1.state.ok.gov.us

  4. David1.state.ok.gov.us

Answer: C

Question No: 158 – (Topic 2)

When monitoring for both intrusion and security events between multiple computers, it is essential that the computers#39; clocks are synchronized. Synchronized time allows an administrator to reconstruct what took place during an attack against multiple computers. Without synchronized time, it is very difficult to determine exactly when specific events took place, and how events interlace. What is the name of the service used to synchronize time among multiple computers?

  1. Time-Sync Protocol

  2. SyncTime Service

  3. Network Time Protocol

  4. Universal Time Set

Answer: C

Question No: 159 – (Topic 2)

One way to identify the presence of hidden partitions on a suspect hard drive is to:One way to identify the presence of hidden partitions on a suspect? hard drive is to:

  1. Add up the total size of all known partitions and compare it to the total size of the hard drive

  2. Examine the FAT and identify hidden partitions by noting an ?in the artition Type?fieldExamine the FAT and identify hidden partitions by noting an ??in the ?artition Type?field

  3. Examine the LILO and note an ?in the artition Type?fieldExamine the LILO and note an

??in the ?artition Type?field

It is not possible to have hidden partitions on a hard drive

Answer: A

Question No: 160 – (Topic 2)

John is using Firewalk to test the security of his Cisco PIX firewall. He is also utilizing a sniffer located on a subnet that resides deep inside his network. After analyzing the sniffer log files, he does not see any of the traffic produced by Firewalk. Why is that?

  1. Firewalk sets all packets with a TTL of one

  2. Firewalk sets all packets with a TTL of zero

  3. Firewalk cannot pass through Cisco firewalls

  4. Firewalk cannot be detected by network sniffers

Answer: A

100% Ensurepass Free Download!
Download Free Demo:EC1-349 Demo PDF
100% Ensurepass Free Guaranteed!
EC1-349 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No