EC0-349 Online Practice Questions and Answers

After undergoing an external IT audit, George realizes his network is vulnerable to DDoS attacks. What countermeasures could he take to prevent DDoS attacks?

A. Enable direct broadcasts

B. Disable direct broadcasts

C. Disable BGP

D. Enable BGP

You work as a penetration tester for Hammond Security Consultants. You are currently working on a contract for the state government of California. Your next step is to initiate a DoS attack on their network. Why would you want to initiate a DoS attack on a system you are testing?

A. Show outdated equipment so it can be replaced

B. List weak points on their network

C. Use attack as a launching point to penetrate deeper into the network

D. Demonstrate that no system can be protected against DoS attacks

What are the security risks of running a "repair" installation for Windows XP?

A. Pressing Shift+F10gives the user administrative rights

B. Pressing Shift+F1gives the user administrative rights

C. Pressing Ctrl+F10 gives the user administrative rights

D. There are no security risks when running the "repair" installation for Windows XP

A picture file is recovered from a computer under investigation. During the investigation process, the file is enlarged 500% to get a better view of its contents. The picture quality is not degraded at all from this process. What kind of picture is this file. What kind of picture is this file?

A. Raster image

B. Vector image

C. Metafile image

D. Catalog image

Jacob is a computer forensics investigator with over 10 years experience in investigations and has written over 50 articles on computer forensics. He has been called upon as a qualified witness to testify the accuracy and integrity of the technical log files gathered in an investigation into computer fraud. What is the term used for Jacob testimony in this case?

A. Justification

B. Authentication

C. Reiteration D. Certification

John is working on his company policies and guidelines. The section he is currently working on covers company documents; how they should be handled, stored, and eventually destroyed. John is concerned about the process whereby outdated documents are destroyed. What type of shredder should John write in the guidelines to be used when destroying documents?

A. Strip-cut shredder

B. Cross-cut shredder

C. Cross-hatch shredder

D. Cris-cross shredder

How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?

A. 16

B. 32

C. 64

D. 48

Which Intrusion Detection System (IDS) usually produces the most false alarms due to the unpredictable behaviors of users and networks?

A. network-based IDS systems (NIDS)

B. host-based IDS systems (HIDS)

C. anomaly detection

D. signature recognition

You should make at least how many bit-stream copies of a suspect drive?

A. 1

B. 2

C. 3

D. 4

What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever the course of its lifetime?

A. forensic duplication of hard drive

B. analysis of volatile data

C. comparison of MD5 checksums

D. review of SIDs in the Registry

Under which Federal Statutes does FBI investigate for computer crimes involving e-mail scams and mail fraud?

A. 18 U.S.C. 1029 Possession of Access Devices

B. 18 U.S.C. 1030 Fraud and related activity in connection with computers

C. 18 U.S.C. 1343 Fraud by wire, radio or television

D. 18 U.S.C. 1361 Injury to Government Property

E. 18 U.S.C. 1362 Government communication systems

F. 18 U.S.C. 1831 Economic Espionage Act

G. 18 U.S.C. 1832 Trade Secrets Act

In General, __________________ Involves the investigation of data that can be retrieved from the hard disk or other disks of a computer by applying scientific methods to retrieve the data.

A. Network Forensics

B. Data Recovery

C. Disaster Recovery

D. Computer Forensics

A law enforcement officer may only search for and seize criminal evidence with _______________________, which are facts or circumstances that would lead a reasonable person to believe a crime has been committed or is about to be committed, evidence of the specific crime exists and the evidence of the specific crime exists at the place to be searched.

A. Mere Suspicion

B. A preponderance of the evidence

C. Probable cause D. Beyond a reasonable doubt

What will the following command produce on a website login page? SELECT email, passwd, login_id, full_name FROM members WHERE email = '[email protected]'; DROP TABLE members; --'

A. Deletes the entire members table

B. Inserts the Error! Reference source not found.email address into the members table

C. Retrieves the password for the first user in the members table

D. This command will not produce anything since the syntax is incorrect

If an attacker's computer sends an IPID of 31400 to a zombie computer on an open port in IDLE scanning, what will be the response?

A. The zombie will not send a response

B. 31402

C. 31399

D. 31401