EC0-349試験無料問題集（359題）「EC-COUNCIL Computer Hacking Forensic Investigator 認定」

出題：1

Kyle is performing the final testing of an application he developed for the accounting department.
His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following command. What is he testing at this point?
#include #include int main(int argc, char
*argv[]) { char buffer[10]; if (argc < 2) { fprintf (stderr, "USAGE: %s string\n", argv[0]); return 1; } strcpy(buffer, argv[1]); return 0; }

A. SQL injection

B. Buffer overflow

C. Kernal injection

D. Format string bug

正解：B 解答を投票する

出題：2

What stage of the incident handling process involves reporting events?

A. Recovery

B. Containment

C. Identification

D. Follow-up

正解：C 解答を投票する

出題：3

The newer Macintosh Operating System (MacOS X) is based on:

A. Linux

B. OS/2

C. BSD Unix

D. Microsoft Windows

正解：C 解答を投票する

出題：4

In a FAT32 system, a 123 KB file will use how many sectors?

A. 11

B. 34

C. 25

D. 56

正解：C 解答を投票する

出題：5

James is testing the ability of his routers to withstand DoS attacks. James sends ICMP ECHO requests to the broadcast address of his network. What type of DoS attack is James testing against his network?

A. Fraggle

B. SYN flood

C. Smurf

D. Trinoo

正解：C 解答を投票する

出題：6

E-mail logs contain which of the following information to help you in your investigation? (Choose four.)

A. user account that was used to send the account

B. contents of the e-mail message

C. attachments sent with the e-mail message

D. date and time the message was sent

E. unique message identifier

正解：A,B,D,E 解答を投票する

出題：7

You have been called in to help with an investigation of an alleged network intrusion. After questioning the members of the company ITYou have been called in to help with an investigation of an alleged network intrusion. After questioning the members of the company? IT department, you search through the server log files to find any trace of the intrusion. After that you decide to telnet into one of the company routers to see if there is any evidence to be found. While connected to the router, you see some unusual activity and believe that the attackers are currently connected to that router. You start up an ethereal session to begin capturing traffic on the router that could be used in the investigation. At what layer of the OSI model are you monitoring while watching traffic to and from the router?

A. Session

B. Data Link

C. Transport

D. Network

正解：D 解答を投票する

出題：8

Why would a company issue a dongle with the software they sell?

A. To provide source code protection

B. To provide copyright protection

C. To provide wireless functionality with the software

D. To ensure that keyloggers cannot be used

正解：B 解答を投票する

出題：9

Before you are called to testify as an expert, what must an attorney do first?

A. engage in damage control

B. read your curriculum vitae to the jury

C. prove that the tools you used to conduct your examination are perfect

D. qualify you as an expert witness

正解：D 解答を投票する

出題：10

To preserve digital evidence, an investigator should ____________

A. Only store the original evidence item

B. Make two copies of each evidence item using different imaging tools

C. Make two copies of each evidence item using a single imaging tool

D. Make a single copy of each evidence item using an approved imaging tool

正解：B 解答を投票する

出題：11

The police believe that Mevin Matthew has been obtaining unauthorized access to computers belonging to numerous computer software and computer operating systems manufacturers, cellular telephone manufacturers, Internet Service Providers, and educational institutions. They also suspect that he has been stealing, copying, and misappropriating proprietary computer software belonging to the several victim companies.
What is preventing the police from breaking down the suspect door and searching his home and seizing all of his computer equipment if they haveis preventing the police from breaking down the suspect? door and searching his home and seizing all of his computer equipment if they have not yet obtained a warrant?

A. The USA Patriot Act

B. The Federal Rules of Evidence

C. The Fourth Amendment

D. The Good Samaritan Laws

正解：C 解答を投票する

出題：12

What advantage does the tool Evidor have over the built-in Windows search?

A. It can find files hidden within ADS

B. It can search slack space

C. It can find deleted files even after they have been physically removed

D. It can find bad sectors on the hard drive

正解：B 解答を投票する

出題：13

In General, __________________ Involves the investigation of data that can be retrieved from the hard disk or other disks of a computer by applying scientific methods to retrieve the data.

A. Network Forensics

B. Computer Forensics

C. Data Recovery

D. Disaster Recovery

正解：B 解答を投票する

出題：14

Hackers can gain access to Windows Registry and manipulate user passwords, DNS settings, access rights or others features that they may need in order to accomplish their objectives. One simple method for loading an application at startup is to add an entry (Key) to the following Registry Hive:

A. HKEY_LOCAL_MACHINE\Software\Microsoft\CurrentVersion\Run

B. HKEY_LOCAL_USERS\Software\Microsoft\old\Version\Load

C. HKEY_LOCAL_MACHINE\hardware\windows\start

D. HKEY_CURRENT_USER\Microsoft\Default

正解：A 解答を投票する

出題：15

Davidson Trucking is a small transportation company that has three local offices in Detroit Michigan. Ten female employees that work for the company have gone to an attorney reporting that male employees repeatedly harassed them and that management did nothing to stop the problem. Davidson has employee policies that outline all company guidelines, including awareness on harassment and how it will not be tolerated. When the case is brought to court, whom should the prosecuting attorney call upon for not upholding company policy?

A. IT personnel

B. Employees themselves

C. Administrative assistant in charge of writing policies

D. Supervisors

正解：D 解答を投票する

出題：16

You are working for a local police department that services a population of 1,000,000 people and you have been given the task of building a computer forensics lab. How many law-enforcement computer investigators should you request to staff the lab?

A. 8

B. 2

C. 1

D. 4

正解：D 解答を投票する

出題：17

Profiling is a forensics technique for analyzing evidence with the goal of identifying the perpetrator from their various activity. After a computer has been compromised by a hacker, which of the following would be most important in forming a profile of the incident?

A. The nature of the attack

B. The vulnerability exploited in the incident

C. The manufacturer of the system compromised

D. The logic, formatting and elegance of the code used in the attack

正解：D 解答を投票する

出題：18

During an investigation, an employee was found to have deleted harassing emails that were sent to someone else. The company was using Microsoft Exchange and had message tracking enabled. Where could the investigator search to find the message tracking log file on the Exchange server?

A. D:\Exchsrvr\Message Tracking\servername.log

B. C:\Program Files\Microsoft Exchange\srvr\servername.log

C. C:\Program Files\Exchsrvr\servername.log

D. C:\Exchsrvr\Message Tracking\servername.log

正解：C 解答を投票する

出題：19

A law enforcement officer may only search for and seize criminal evidence with _______________________, which are facts or circumstances that would lead a reasonable person to believe a crime has been committed or is about to be committed, evidence of the specific crime exists and the evidence of the specific crime exists at the place to be searched.

A. Beyond a reasonable doubt

B. Mere Suspicion

C. A preponderance of the evidence

D. Probable cause

正解：D 解答を投票する

EC0-349試験無料問題集「EC-COUNCIL Computer Hacking Forensic Investigator 認定」