EC1-349 Online Practice Questions and Answers

You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud by printing cheques that have not been authorized. You have exhaustively searched all data files on a bitmap image of the target computer, but have found no evidence. You suspect the files may not have been saved. What should you examine next in this case?

A. The registry

B. The swapfile

C. The recycle bin

D. The metadata

Paul is a computer forensics investigator working for Tyler and Company Consultants. Paul has been called upon to help investigate a computer hacking ring broken up by the local police. Paul begins to inventory the PCs found in the hackers?hideout. Paul then comes across a PDA left by them that is attached to a number of different peripheral devices. What is the first step that Paul must take with the PDA to ensure the integrity of the investigation?

A. Place PDA, including all devices, in an antistatic bag

B. Unplug all connected devices

C. Power off all devices if currently on

D. Photograph and document the peripheral devices

You are carrying out the last round of testing for your new website before it goes live. The website has

many dynamic pages and connects to a SQL backend that accesses your product inventory in a database.

You come across a web security site that recommends inputting the following code into a search field on

web pages to check for vulnerabilities:

When you type this and click on search, you receive a pop-up window that says:

"This is a test." What is the result of this test?

A. Your website is vulnerable to SQL injection

B. Your website is vulnerable to CSS

C. Your website is vulnerable to web bugs

D. Your website is not vulnerable

Under which Federal Statutes does FBI investigate for computer crimes involving e- mail scams and mail fraud?

A. 18 U.S.C. 1029 Possession of Access Devices

B. 18 U.S.C. 1030 Fraud and related activity in connection with computers

C. 18 U.S.C. 1343 Fraud by wire, radio or television

D. 18 U.S.C. 1361 Injury to Government Property

E. 18 U.S.C. 1362 Government communication systems

F. 18 U.S.C. 1831 Economic Espionage Act

G. 18 U.S.C. 1832 Trade Secrets Act

Click on the Exhibit Button Paulette works for an IT security consulting company that is currently performing an audit for the firm ACE Unlimited. Paulette's duties include logging on to all the company's network equipment to ensure IOS versions are up-to-date and all the other security settings are as stringent as possible. Paulette presents the following screenshot to her boss so he can inform the client about necessary changes need to be made. From the screenshot, what changes should the client company make?

A. The banner should include the Cisco tech support contact information as well

B. The banner should have more detail on the version numbers for the networkeQuipment

C. The banner should not state "only authorized IT personnel may proceed"

D. Remove any identifying numbers, names, or version information

At what layer of the OSI model do routers function on?

A. 4

B. 3

C. 1

D. 5

What does ICMP Type 3/Code 13 mean?

A. Administratively Blocked

B. Host Unreachable

C. Protocol Unreachable

D. Port Unreachable

If a suspect computer is located in an area that may have toxic chemicals, you must:

A. coordinate with the HAZMAT team

B. determine a way to obtain the suspect computer

C. assume the suspect machine is contaminated

D. do not enter alone

You are assigned to work in the computer forensics lab of a state police agency. While working on a high profile criminal case, you have followed every applicable procedure, however your boss is still concerned that the defense attorney might question wheather evidence has been changed while at the lab. What can you do to prove that the evidence is the same as it was when it first entered the lab?

A. Sign a statement attesting that the evidence is the same as it was when it entered the lab

B. There is no reason to worry about this possible claim because state labs are certified

C. Make MD5 hashes of the evidence and compare it to the standard database developed by NIST

D. Make MD5 hashes of the evidence and compare it with the original MD5 hash that was taken when the evidence first entered the lab

File deletion is a way of removing a file from a computer's file system. What happens when a file is deleted in windows7?

A. The last letter of a file name is replaced by a hex byte code E5h

B. The operating system marks the file's name in the MFT with a special character that indicates that the file has been deleted

C. Corresponding clusters in FAT are marked as used

D. The computer looks at the clusters occupied by that file and does not avails space to store a new file