• Home
  • Articles
  • [Dec 24, 2024] EC0-349 Exam Dumps - Try Best EC0-349 Exam Questions - RealVCE [Q163-Q179]

[Dec 24, 2024] EC0-349 Exam Dumps - Try Best EC0-349 Exam Questions - RealVCE [Q163-Q179]

Share

[Dec 24, 2024] EC0-349 Exam Dumps - Try Best EC0-349 Exam Questions - RealVCE

Verified EC0-349 exam dumps Q&As with Correct 490 Questions and Answers

NEW QUESTION # 163
What will the following command accomplish in Linux?
fdisk /dev/hda

  • A. Fill the disk with zeros
  • B. Partition the hard drive
  • C. Delete all files under the /dev/hda folder
  • D. Format the hard drive

Answer: B


NEW QUESTION # 164
Harold is a security analyst who has just run the rdisk /s command to grab the backup SAM files on a computer. Where should Harold navigate on the computer to find the file?

  • A. %systemroot%\LSA
  • B. %systemroot%\system32\LSA
  • C. %systemroot%\system32\drivers\etc
  • D. %systemroot%\repair

Answer: D


NEW QUESTION # 165
Data acquisition system is a combination of tools or processes used to gather, analyze and record Information about some phenomenon. Different data acquisition system are used depends on the location, speed, cost. etc. Serial communication data acquisition system is used when the actual location of the data is at some distance from the computer. Which of the following communication standard is used in serial communication data acquisition system?

  • A. RS422
  • B. RS232
  • C. RS231
  • D. RS423

Answer: B


NEW QUESTION # 166
Computer security logs contain information about the events occurring within an organization's systems and networks. Which of the following security logs contains Logs of network and host- based security software?

  • A. Operating System (OS) logs
  • B. Application logs
  • C. Audit logs
  • D. Security software logs

Answer: D


NEW QUESTION # 167
In the following directory listing,

Which file should be used to restore archived email messages for someone using Microsoft Outlook?

  • A. Outlook pst
  • B. Outlook bak
  • C. Outlook ost
  • D. Outlook NK2

Answer: A


NEW QUESTION # 168
An "idle" system is also referred to as what?

  • A. Zombie
  • B. Bot
  • C. PC not connected to the Internet
  • D. PC not being used

Answer: A


NEW QUESTION # 169
You have completed a forensic investigation case. You would like to destroy the data contained in various disks at the forensics lab due to sensitivity of the case. How would you permanently erase the data on the hard disk?

  • A. Throw the hard disk into the fire
  • B. Run the powerful magnets over the hard disk
  • C. Format the hard disk multiple times using a low level disk utility
  • D. Overwrite the contents of the hard disk with Junk data

Answer: A,C

Explanation:
To be effective with throwing the hard drive into the fire, the fire would have to be hot enough to melt the platters into molten metal, which requires an industrial furnance. This requires special facilities. Running powerful magnets over the disk, such as degaussing the disk, may destroy the data, but may also be ineffective. In some cases, the degaussing process for tape and disk may render the disk unusable for use again. (of course throwing the drives into a furnance also guarantee that as well). Formatting the disk multiple times with a low level disk utility is the best way to go, and still beable to re-use the disk for later projects. The keys are "multiple" and "low level". A low level format is typicall a slow, thorough, format that is a wipe. Multiple ?as opposed to once ?is recommended. There is a theory on "how many times", some schools say at least three times. The problem with this answer is that with newer drives, such as ATA and SCSI, low level formats can destroy the volumes as well, and some BIOS may actually ignore the LLF directives. Overwritting the disk with junk data would perform some form of wipe because the old data is wiped out, but still may be recoverd.
Note:
According to some websites:
Physical Methods that will not work to destroy data on a hard drive include:Throwing it in the water (this does not do much)Setting it on fire (the temperature is not going to be high enough at home)Throwing it out of the window. Hard drives can take quite a bit of G force. They are not heavy so the impact of the hard drive on the ground is not likely to destroy the platters.Drive over the hard drive. A car, or even a tank, driving over a hard drive will do nothing, any more than they would driving over a book. Unless the drive is actually flattened, the platters are not going to be destroyed


NEW QUESTION # 170
Jacob is a computer forensics investigator with over 10 years experience in investigations and has written over 50 articles on computer forensics. He has been called upon as a qualified witness to testify the accuracy and integrity of the technical log files gathered in an investigation into computer fraud. What is the term used for Jacob testimony in this case?computer fraud.
What is the term used for Jacob? testimony in this case?

  • A. Certification
  • B. Justification
  • C. Authentication
  • D. Reiteration

Answer: C


NEW QUESTION # 171
What will the following Linux command accomplish? dd if=/dev/mem of=/home/sam/mem.bin bs=1024

  • A. Copy the memory dump file to an image file
  • B. Copy the contents of the system folder em?to a fileCopy the contents of the system folder ?em?to a file
  • C. Copy the master boot record to a file
  • D. Copy the running memory to a file

Answer: D


NEW QUESTION # 172
A picture file is recovered from a computer under investigation. During the investigation process, the file is enlarged 500% to get a better view of its contents. The picture quality is not degraded at all from this process.
What kind of picture is this file. What kind of picture is this file?

  • A. Raster image
  • B. Vector image
  • C. Metafile image
  • D. Catalog image

Answer: B


NEW QUESTION # 173
The MD5 program is used to:

  • A. view graphics files on an evidence drive
  • B. wipe magnetic media before recycling it
  • C. make directories on a evidence disk
  • D. verify that a disk is not altered when you examine it

Answer: D


NEW QUESTION # 174
One technique for hiding information is to change the file extension from the correct one to one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?

  • A. the File Allocation Table
  • B. the sector map
  • C. the file footer
  • D. the file header

Answer: D


NEW QUESTION # 175
First responder is a person who arrives first at the crime scene and accesses the victim's computer system after the incident. He or She is responsible for protecting, integrating, and preserving the evidence obtained from the crime scene. Which of the following is not a role of first responder?

  • A. Identify and analyze the crime scene
  • B. Prosecute the suspect in court of law
  • C. Package and transport the electronic evidence to forensics lab
  • D. Protect and secure the crime scene

Answer: B


NEW QUESTION # 176
Chris has been called upon to investigate a hacking incident reported by one of his clients. The company suspects the involvement of an insider accomplice in the attack. Upon reaching the incident scene, Chris secures the physical area, records the scene using visual media. He shuts the system down by pulling the power plug so that he does not disturb the system in any way. He labels all cables and connectors prior to disconnecting any. What do you think would be the next sequence of events?

  • A. Connect the target media; Prepare the system for acquisition; Secure the evidence; Copy the media
  • B. Prepare the system for acquisition; Connect the target media; copy the media; Secure the evidence
  • C. Secure the evidence; prepare the system for acquisition; Connect the target media; copy the media
  • D. Connect the target media; prepare the system for acquisition; Secure the evidence; Copy the media

Answer: B


NEW QUESTION # 177
An on-site incident response team is called to investigate an alleged case of computer tampering within their company. Before proceeding with the investigation, the CEO informs them that the incident will be classified as low level. How long will the team have to respond to the incident?

  • A. Immediately
  • B. Four hours
  • C. Two working days
  • D. One working day

Answer: D


NEW QUESTION # 178
When obtaining a warrant, it is important to:

  • A. particularlydescribe the place to be searched and particularly describe the items to be seized
  • B. particularlydescribe the place to be searched and generally describe the items to be seized
  • C. generallydescribe the place to be searched and generally describe the items to be seized
  • D. generallydescribe the place to be searched and particularly describe the items to be seized

Answer: A


NEW QUESTION # 179
......

EC-COUNCIL EC0-349 Test Engine PDF - All Free Dumps: https://testking.realvce.com/EC0-349-VCE-file.html

Related Articles

more
EC-COUNCIL EC0-349 Certification Practice Exam

Choosing our valid dumps VCE will help you surely pass exams and gain success. RealVCE not only provides professional real exam dumps VCE and Testking practice test VCE but also golden customer service.

Latest Real Exam VCE

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 RealVCE NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy