EC0-349試験無料問題集（490題）「EC-COUNCIL Computer Hacking Forensic Investigator 認定」

出題：1

What header field in the TCP/IP protocol stack involves the hacker exploit known as the Ping of Death?

A. TCP header field

B. UDP header field

C. IP header field

D. ICMP header field

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

What file is processed at the end of a Windows XP boot to initialize the logon dialog box?

A. LSASS.EXE

B. NTOSKRNL.EXE

C. NTDETECT.COM

D. NTLDR

正解：A 解答を投票する

出題：3

When using Windows acquisitions tools to acquire digital evidence, it is important to use a well- tested hardware write-blocking device to _________

A. Prevent contamination to the evidence drive

B. Automate collection from image files

C. Acquire data from the host-protected area on a disk

D. Avoiding copying data from the boot partition

正解：A 解答を投票する

出題：4

The objective of this act was to protect consumers personal financial information held by financial institutions and their service providers.

A. Gramm-Leach-Bliley Act

B. California SB 1386

C. HIPAA

D. Sarbanes-Oxley 2002

正解：A 解答を投票する

出題：5

The rule of thumb when shutting down a system is to pull the power plug. However, it has certain drawbacks. Which of the following would that be?

A. Any data not yet flushed to the system will be lost

B. All running processes will be lost

C. The /tmp directory will be flushed

D. Power interruption will corrupt the pagefile

正解：A,B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

You are assisting a Department of Defense contract company to become compliant with the stringent security policies set by the DoD. One such strict rule is that firewalls must only allow incoming connections that were first initiated by internal computers. What type of firewall must you implement to abide by this policy?

A. Statefull firewall

B. Packet filtering firewall

C. Application-level proxy firewall

D. Circuit-level proxy firewall

正解：A 解答を投票する

出題：7

What will the following Linux command accomplish? dd if=/dev/mem of=/home/sam/mem.bin bs=1024

A. Copy the memory dump file to an image file

B. Copy the contents of the system folder em?to a fileCopy the contents of the system folder ?em?to a file

C. Copy the running memory to a file

D. Copy the master boot record to a file

正解：C 解答を投票する

出題：8

Attackers can manipulate variables that reference files with "dot-dot-slash (./)" sequences and their variations such as
http://www.juggyDoy.corn/GET/process.php./././././././././etc/passwd.
Identify the attack referred.

A. SQL Injection

B. XSS attack

C. File injection

D. Directory traversal

正解：D 解答を投票する

出題：9

Which of the following network attacks refers to sending huge volumes of email to an address in an attempt to overflow the mailbox, or overwhelm the server where the email address is hosted, to cause a denial-of-service attack?

A. Mail bombing

B. Email spoofing

C. Email spamming

D. Phishing

正解：A 解答を投票する

出題：10

Windows Security Event Log contains records of login/logout activity or other security- related events specified by the system's audit policy. What does event ID 531 in Windows Security Event Log indicates?

A. A logon attempt was made using a disabled account

B. An attempt was made to log on with the user account outside of the allowed time

C. A user successfully logged on to a computer

D. The logon attempt was made with an unknown user name or a known user name with a bad password

正解：A 解答を投票する

出題：11

In what circumstances would you conduct searches without a warrant?

A. Agents may search a place or object without a warrant if he suspect the crime was committed

B. A search warrant is not required if the crime involves Denial-Of-Service attack over the Internet

C. When destruction of evidence is imminent, a warrantless seizure of that evidence is justified if there is probable cause to believe that the item seized constitutes evidence of criminal activity

D. Law enforcement agencies located in California under section SB 567 are authorized to seize computers without warrant under all circumstances

正解：C 解答を投票する

出題：12

When examining a file with a Hex Editor, what space does the file header occupy?

A. One byte at the beginning of the file

B. None, file headers are contained in the FAT

C. The last several bytes of the file

D. The first several bytes of the file

正解：D 解答を投票する

出題：13

First responder is a person who arrives first at the crime scene and accesses the victim's computer system after the incident. He or She is responsible for protecting, integrating, and preserving the evidence obtained from the crime scene. Which of the following is not a role of first responder?

A. Protect and secure the crime scene

B. Package and transport the electronic evidence to forensics lab

C. Prosecute the suspect in court of law

D. Identify and analyze the crime scene

正解：C 解答を投票する

出題：14

How many times can data be written to a DVD+R disk?

A. Twice

B. Once

C. Zero

D. Infinite

正解：B 解答を投票する

出題：15

Which Intrusion Detection System (IDS) usually produces the most false alarms due to the unpredictable behaviors of users and networks?

A. network-based IDS systems (NIDS)

B. signature recognition

C. anomaly detection

D. host-based IDS systems (HIDS)

正解：C,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

EC0-349試験無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator 認定」