EC1-349 Online Practice Questions and Answers

If a PDA is seized in an investigation while the device is turned on, what would be the proper procedure?

A. Keep the device powered on

B. Turn off the device immediately

C. Remove the battery immediately

D. Remove any memory cards immediately

What type of equipment would a forensics investigator store in a StrongHold bag?

A. PDAPDA?

B. Backup tapes

C. Hard drives

D. Wireless cards

What happens when a file is deleted by a Microsoft operating system using the FAT file system?

A. The file is erased and cannot be recovered

B. The file is erased but can be recovered partially

C. A copy of the file is stored and the original file is erased

D. Only the reference to the file is removed from the FAT and can be recovered

What file is processed at the end of a Windows XP boot to initialize the logon dialog box?

A. NTOSKRNL.EXE

B. NTLDR

C. LSASS.EXE

D. NTDETECT.COM

Why are Linux/Unix based computers better to use than Windows computers for idle scanning?

A. Windows computers will not respond to idle scans

B. Linux/Unix computers are easier to compromise

C. Windows computers are constantly talking

D. Linux/Unix computers are constantly talking

If you discover a criminal act while investigating a corporate policy abuse, it becomes a public-sector investigation and should be referred to law enforcement?

A. True

B. False

Which of the following commands shows you the NetBIOS name table each?

A. Option A

B. Option B

C. Option C

D. Option D

What is cold boot (hard boot)?

A. It is the process of starting a computer from a powered-down or off state

B. It is the process of restarting a computer that is already turned on through the operating system

C. It is the process of shutting down a computer from a powered-on or on state

D. It is the process of restarting a computer that is already in sleep mode

The ARP table of a router comes in handy for Investigating network attacks, as the table contains IP addresses associated with the respective MAC addresses.

The ARP table can be accessed using the __________command in Windows 7.

A. Option A

B. Option B

C. Option C

D. Option D

P0P3 (Post Office Protocol 3) is a standard protocol for receiving email that deletes mail on the server as soon as the user downloads it. When a message arrives, the POP3 server appends it to the bottom of the recipient's account file, which can be retrieved by the email client at any preferred time. Email client connects to the POP3 server at _______________by default to fetch emails.

A. Port 109

B. Port 110

C. Port 115

D. Port 123

If a file (readme.txt) on a hard disk has a size of 2600 bytes, how many sectors are normally allocated to this file?

A. 4 Sectors

B. 5 Sectors

C. 6 Sectors

D. 7 Sectors

In Windows 7 system files, which file reads the Boot.ini file and loads Ntoskrnl.exe. Bootvid.dll. Hal.dll, and boot-start device drivers?

A. Ntldr

B. Gdi32.dll

C. Kernel32.dll

D. Boot.in

Which of the following reports are delivered under oath to a board of directors/managers/panel of jury?

A. Written informal Report

B. Verbal Formal Report

C. Written Formal Report

D. Verbal Informal Report

Which of the following is not an example of a cyber-crime?

A. Fraud achieved by the manipulation of the computer records

B. Firing an employee for misconduct

C. Deliberate circumvention of the computer security systems

D. Intellectual property theft, including software piracy

What is static executable file analysis?

A. It is a process that consists of collecting information about and from an executable file without actually launching the file under any circumstances

B. It is a process that consists of collecting information about and from an executable file by launching the file under any circumstances

C. It is a process that consists of collecting information about and from an executable file without actually launching an executable file in a controlled and monitored environment

D. It is a process that consists of collecting information about and from an executable file by launching an executable file in a controlled and monitored environment