[Free] 2018(Jan) EnsurePass Pass4sure ECCouncil EC1-349 Dumps with VCE and PDF 161-170

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released EC1-349
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/EC1-349.html

ECCouncil Computer Hacking Forensic Investigator

Question No: 161 – (Topic 2)

Profiling is a forensics technique for analyzing evidence with the goal of identifying the perpetrator from their various activity. After a computer has been compromised by a hacker, which of the following would be most important in forming a profile of the incident?

  1. The manufacturer of the system compromised

  2. The logic, formatting and elegance of the code used in the attack

  3. The nature of the attack

  4. The vulnerability exploited in the incident

Answer: B

Question No: 162 – (Topic 2)

When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS is being used?

  1. Passive IDS

  2. Active IDS

  3. NIPS

  4. Progressive IDS

Answer: B

Question No: 163 – (Topic 2)

On an Active Directory network using NTLM authentication, where on the domain controllers are the passwords stored?

  1. SAM

  2. AMS

  3. Shadow file

  4. Password.conf

Answer: A

Question No: 164 – (Topic 2)

You are conducting an investigation of fraudulent claims in an insurance company that involves complex text searches through large numbers of documents. Which of the following tools would allow you to quickly and efficiently search for a string within a file on the bitmap image of the target computer?

  1. Stringsearch

  2. grep

  3. dir

  4. vim

Answer: B

Question No: 165 – (Topic 2)

Which program is the oot loader?when Windows XP starts up?Which program is the ?oot loader?when Windows XP starts up?

  1. KERNEL.EXE

  2. NTLDR

  3. LOADER

  4. LILO

Answer: B

Question No: 166 – (Topic 2)

How many bits is Source Port Number in TCP Header packet?

  1. 16

  2. 48

  3. 32

  4. 64

Answer: A

Question No: 167 – (Topic 2)

What type of attack sends spoofed UDP packets (instead of ping packets) with a fake source address to the IP broadcast address of a large network?

  1. Fraggle

  2. Smurf scan

  3. SYN flood

  4. Teardrop

Answer: A

Question No: 168 – (Topic 2)

In Linux, what is the smallest possible shellcode?

  1. 8 bytes

  2. 24 bytes

  3. 800 bytes

  4. 80 bytes

Answer: B

Question No: 169 – (Topic 2)

Under which Federal Statutes does FBI investigate for computer crimes involving e-

mail scams and mail fraud?

  1. 18 U.S.C. 1029 Possession of Access Devices

  2. 18 U.S.C. 1030 Fraud and related activity in connection with computers

  3. 18 U.S.C. 1343 Fraud by wire, radio or television

  4. 18 U.S.C. 1361 Injury to Government Property

  5. 18 U.S.C. 1362 Government communication systems

  6. 18 U.S.C. 1831 Economic Espionage Act

  7. 18 U.S.C. 1832 Trade Secrets Act

Answer: B

Question No: 170 – (Topic 2)

You are working as an investigator for a corporation and you have just received instructions from your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation. Your job is to complete the required evidence custody forms to properly document each piece of evidence as other members of your team collect it. Your manager instructs you to complete one multi-evidence form for the entire case and a single-evidence form for each hard drive. How will these forms be stored to help preserve the chain of custody of the case?

  1. All forms should be placed in an approved secure container because they are now primary evidence in the case

  2. The multi-evidence form should be placed in an approved secure container with the hard drives and the single-evidence forms should be

    placed in the report file

  3. All forms should be placed in the report file because they are now primary evidence in the case

  4. The multi-evidence form should be placed in the report file and the single-evidence forms should be kept with each hard drive in an

approved secure container

Answer: D

100% Ensurepass Free Download!
Download Free Demo:EC1-349 Demo PDF
100% Ensurepass Free Guaranteed!
EC1-349 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No