최신 EC0-349 무료덤프 - EC-COUNCIL Computer Hacking Forensic Investigator
What method of copying should always be performed first before carrying out an investigation?
정답: A
During an investigation, an employee was found to have deleted harassing emails that were sent to someone else. The company was using Microsoft Exchange and had message tracking enabled. Where could the investigator search to find the message tracking log file on the Exchange server?
정답: C
The evolution of web services and their increasing use in business offers new attack vectors in an application framework. Web services are based on XML protocols such as web Services Definition Language (WSDL) for describing the connection points, Universal Description, Discovery, and Integration (UDDI) for the description and discovery of Web services and Simple Object Access Protocol (SOAP) for communication between Web services that are vulnerable to various web application threats. Which of the following layer in web services stack is vulnerable to fault code leaks?
정답: B
The ____________________ refers to handing over the results of private investigations to the authorities because of indications of criminal activity.
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
Office documents (Word, Excel, PowerPoint) contain a code that allows tracking the MAC, or unique identifier, of the machine that created the document.
What is that code called?
What is that code called?
정답: B
After undergoing an external IT audit, George realizes his network is vulnerable to DDoS attacks.
What countermeasures could he take to prevent DDoS attacks?
What countermeasures could he take to prevent DDoS attacks?
정답: A
Which of the following commands shows you the names of all open shared files on a server and number of file locks on each file?
정답: C
In what way do the procedures for dealing with evidence in a criminal case differ from the procedures for dealing with evidence in a civil case?
정답: C
Consistency in the investigative report is more important than the exact format in the report to eliminate uncertainty and confusion.
정답: A
The following is a log file screenshot from a default installation of IIS 6.0.

What time standard is used by IIS as seen in the screenshot?

What time standard is used by IIS as seen in the screenshot?
정답: B
Which of the following statements is incorrect when preserving digital evidence?
정답: D
You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is
1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?
1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
A law enforcement officer may only search for and seize criminal evidence with
_______________________, which are facts or circumstances that would lead a reasonable person to believe a crime has been committed or is about to be committed, evidence of the specific crime exists and the evidence of the specific crime exists at the place to be searched.
_______________________, which are facts or circumstances that would lead a reasonable person to believe a crime has been committed or is about to be committed, evidence of the specific crime exists and the evidence of the specific crime exists at the place to be searched.
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
Why should you never power on a computer that you need to acquire digital evidence from?
정답: B
Task list command displays a list of applications and services with their Process ID (PID) for all tasks running on either a local or a remote computer. Which of the following task list commands provides information about the listed processes, including the image name, PID, name, and number of the session for the process?
정답: B