최신 EC0-349 무료덤프 - EC-COUNCIL Computer Hacking Forensic Investigator
Windows Security Event Log contains records of login/logout activity or other security- related events specified by the system's audit policy. What does event ID 531 in Windows Security Event Log indicates?
정답: C
An intrusion detection system (IDS) gathers and analyzes information from within a computer or a network to identify any possible violations of security policy, including unauthorized access, as well as misuse.
Which of the following intrusion detection systems audit events that occur on a specific host?
Which of the following intrusion detection systems audit events that occur on a specific host?
정답: D
Cylie is investigating a network breach at a state organization in Florida. She discovers that the intruders were able to gain access into the company firewalls by overloading them with IP packets. Cylie then discovers through her investigation that the intruders hacked into thecompany? firewalls by overloading them with IP packets. Cylie then discovers through her investigation that the intruders hacked into the company phone system and used the hard drives on their PBX system to store shared music files. What would this attack on the companycompany? phone system and used the hard drives on their PBX system to store shared music files. What would this attack on the company? PBX system be called?
정답: D
When carrying out a forensics investigation, why should you never delete a partition on a dynamic disk?
정답: D
When investigating a computer forensics case where Microsoft Exchange and Blackberry Enterprise server are used, where would investigator need to search to find email sent from a Blackberry device?
정답: D
Where does Encase search to recover NTFS files and folders?
정답: C
Buffer Overflow occurs when an application writes more data to a block of memory, or buffer, than the buffer is allocated to hold. Buffer overflow attacks allow an attacker to modify the
_______________in order to control the process execution, crash the process and modify internal variables.
_______________in order to control the process execution, crash the process and modify internal variables.
정답: A
The objective of this act was to protect consumers personal financial information held by financial institutions and their service providers.
정답: B
Which of the following commands shows you the names of all open shared files on a server and number of file locks on each file?
정답: C
At the time of evidence transfer, both sender and receiver need to give the information about date and time of transfer in the chain of custody record.
정답: A
You are a security analyst performing a penetration tests for a company in the Midwest. After some initial reconnaissance, you discover the IP addresses of some Cisco routers used by the company. You type in the following URL that includes the IP address of one of the routers:
http://172.168.4.131/level/99/exec/show/config
After typing in this URL, you are presented with the entire configuration file for that router.
What have you discovered?
http://172.168.4.131/level/99/exec/show/config
After typing in this URL, you are presented with the entire configuration file for that router.
What have you discovered?
정답: A
You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company clients. You have rummaged through their trash and found very little information. You do not want to set off any alarms on their network, so you plan on performing passive footprinting against their Web servers.
What tool should you use?
What tool should you use?
정답: D
In handling computer-related incidents, which IT role should be responsible for recovery, containment, and prevention to constituents?
정답: A
While searching through a computer under investigation, you discover numerous files that appear to have had the first letter of the file name replaced by the hex code byte 5h.?What does this indicate on the computer?replaced by the hex code byte ?5h.?What does this indicate on the computer?
정답: D
What will the following Linux command accomplish? dd if=/dev/mem of=/home/sam/mem.bin bs=1024
정답: D
It takes _____________ mismanaged case/s to ruin your professional reputation as a computer forensics examiner?
정답: A
Which of the following commands shows you the username and IP address used to access the system via a remote login session and the Type of client from which they are accessing the system?
정답: C