[Free] 2018(Jan) EnsurePass Pass4sure ECCouncil EC1-349 Dumps with VCE and PDF 51-60

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released EC1-349
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/EC1-349.html

ECCouncil Computer Hacking Forensic Investigator

Question No: 51 – (Topic 1)

A picture file is recovered from a computer under investigation. During the investigation process, the file is enlarged 500% to get a better view of its contents. The picture quality is not degraded at all from this process. What kind of picture is this file?its contents. The picture? quality is not degraded at all from this process. What kind of picture is this file?

  1. Raster image

  2. Vector image

  3. Metafile image

  4. Catalog image

Answer: B

Question No: 52 – (Topic 1)

Where is the default location for Apache access logs on a Linux computer?

  1. usr/local/apache/logs/access_log

  2. bin/local/home/apache/logs/access_log

  3. usr/logs/access_log

  4. logs/usr/apache/access_log

Answer: A

Question No: 53 – (Topic 1)

At what layer does a cross site scripting attack occur on?

  1. Presentation

  2. Application

  3. Session

  4. Data Link

Answer: B

Question No: 54 – (Topic 1)

What advantage does the tool Evidor have over the built-in Windows search?

  1. It can find deleted files even after they have been physically removed

  2. It can find bad sectors on the hard drive

  3. It can search slack space

  4. It can find files hidden within ADS

Answer: C

Question No: 55 – (Topic 1)

What type of attack sends SYN requests to a target system with spoofed IP addresses?

  1. SYN flood

  2. Ping of death

  3. Cross site scripting

  4. Land

Answer: A

Question No: 56 – (Topic 1)

In the context of file deletion process, which of the following statement holds true?

  1. When files are deleted, the data is overwritten and the cluster marked as available

  2. The longer a disk is in use, the less likely it is that deleted files will be overwritten

  3. While booting, the machine may create temporary files that can delete evidence

  4. Secure delete programs work by completely overwriting the file in one go

Answer: C

Question No: 57 – (Topic 1)

When should an MD5 hash check be performed when processing evidence?

  1. After the evidence examination has been completed

  2. On an hourly basis during the evidence examination

  3. Before and after evidence examination

  4. Before the evidence examination has been completed

Answer: C

Question No: 58 – (Topic 1)

Given the drive dimensions as follows and assuming a sector has 512 bytes, what is the capacity of the described hard drive?

22,164 cylinders/disk

80 heads/cylinder

63 sectors/track

A. 53.26 GB

B. 57.19 GB

C. 11.17 GB

D. 10 GB

Answer: A

Question No: 59 – (Topic 1)

In conducting a computer abuse investigation you become aware that the suspect of the investigation is using ABC Company as his Internet Service Provider (ISP). You contact the ISP and request that they provide you assistance with your investigation. What assistance can the ISP provide?

  1. The ISP can investigate anyone using their service and can provide you with assistance

  2. The ISP can investigate computer abuse committed by their employees, but must preserve the privacy of their customers and therefore

    cannot assist you without a warrant

  3. The ISP cannot conduct any type of investigations on anyone and therefore cannot assist you

  4. ISPs never maintain log files so they would be of no use to your investigation

Answer: B

Question No: 60 – (Topic 1)

How many times can data be written to a DVD R disk?

  1. Twice

  2. Once

  3. Zero

  4. Infinite

Answer: B

100% Ensurepass Free Download!
Download Free Demo:EC1-349 Demo PDF
100% Ensurepass Free Guaranteed!
EC1-349 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No