1. Home
  2. EC-COUNCIL
  3. EC0-349

Computer Hacking Forensic Investigator

Exam Details

  • Exam Code
    :EC0-349
  • Exam Name
    :Computer Hacking Forensic Investigator
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :304 Q&As
  • Last Updated
    :Mar 26, 2025

EC-COUNCIL EC-COUNCIL Certifications EC0-349 Questions & Answers

  • Question 241:

    An investigator is searching through the firewall logs of a company and notices ICMP packets that are larger than 65,536 bytes. What type of activity is the investigator seeing?

    A. Smurf

    B. Ping of death

    C. Fraggle

    D. Nmap scan

  • Question 242:

    When carrying out a forensics investigation, why should you never delete a partition on a dynamic disk?

    A. All virtual memory will be deleted

    B. The wrong partition may be set to active

    C. This action can corrupt the disk

    D. The computer will be set in a constant reboot state

  • Question 243:

    When using an iPod and the host computer is running Windows, what file system will be used?

    A. iPod+

    B. HFS

    C. FAT16

    D. FAT32

  • Question 244:

    What is one method of bypassing a system BIOS password?

    A. Removing the processor

    B. Removing the CMOS battery

    C. Remove all the system memory

    D. Login to Windows and disable the BIOS password

  • Question 245:

    What technique used by Encase makes it virtually impossible to tamper with evidence once it has been acquired?

    A. Every byte of the file(s) is given an MD5 hash to match against a master file

    B. Every byte of the file(s) is verified using 32-bit CRC

    C. Every byte of the file(s) is copied to three different hard drives

    D. Every byte of the file(s) is encrypted using three different methods

  • Question 246:

    What must an investigator do before disconnecting an iPod from any type of computer?

    A. Unmount the iPod

    B. Mount the iPod

    C. Disjoin the iPod

    D. Join the iPod

  • Question 247:

    The following is a log file screenshot from a default installation of IIS 6.0.

    What time standard is used by IIS as seen in the screenshot?

    A. UTC

    B. GMT

    C. TAI

    D. UT

  • Question 248:

    A small law firm located in the Midwest has possibly been breached by a computer hacker looking to obtain information on their clientele. The law firm does not have any on-site IT employees, but wants to search for evidence of the breach themselves to prevent any possible media attention. Why would this not be recommended?

    A. Searching for evidence themselves would not have any ill effects

    B. Searching could possibly crash the machine or device

    C. Searching creates cache files, which would hinder the investigation D. Searching can change date/time stamps

  • Question 249:

    If a PDA is seized in an investigation while the device is turned on, what would be the proper procedure?

    A. Keep the device powered on

    B. Turn off the device immediately

    C. Remove the battery immediately

    D. Remove any memory cards immediately

  • Question 250:

    Your company's network just finished going through a SAS 70 audit. This audit reported that overall, your network is secure, but there are some areas that needs improvement. The major area was SNMP security. The audit company recommended turning off SNMP, but that is not an option since you have so many remote nodes to keep track of. What step could you take to help secure SNMP on your network?

    A. Block all internal MAC address from using SNMP

    B. Block access to UDP port 171

    C. Block access to TCP port 171

    D. Change the default community string names

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your EC0-349 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.