EC1-349 Online Practice Questions and Answers

John is working on his company policies and guidelines. The section he is currently working on covers company documents; how they shouldJohn is working on his company? policies and guidelines. The section he is currently working on covers company documents; how they should be handled, stored, and eventually destroyed. John is concerned about the process whereby outdated documents are destroyed. What type of shredder should John write in the guidelines to be used when destroying documents?

A. Strip-cut shredder

B. Cross-cut shredder

C. Cross-hatch shredder

D. Cris-cross shredder

Using Internet logging software to investigate a case of malicious use of computers, the investigator comes across some entries that appear odd.

From the log, the investigator can see where the person in question went on the Internet. From the log, it

appears that the user was manually typing in different user ID numbers. What technique this user was trying?

A. Parameter tampering

B. Cross site scripting

C. SQL injection

D. Cookie Poisoning Cookie Poisoning

You are working as an independent computer forensics investigator and receive a call from a systems administrator for a local school system requesting your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer Lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a implePC in the Computer Lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a ?imple backup copy?of the hard drive in the PC and put it on this drive and requests that you examine the drive for evidence of the suspected images. You inform him that a imple backup copy?will not provide deleted files or recover file fragments. What type of copy do you need to make toYou inform him that a ?imple backup copy?will not provide deleted files or recover file fragments. What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceedings?

A. Bit-stream copy

B. Robust copy

C. Full backup copy

D. Incremental backup copy

Ron. a computer forensics expert, Is Investigating a case involving corporate espionage. He has recovered several mobile computing devices from the crime scene. One of the evidence that Ron possesses is a mobile phone from Nokia that was left in on condition. Ron needs to recover the IMEI number of the device to establish the identity of the device owner. Which of the following key combinations he can use to recover the IMEI number?

A. #*06*#

B. *#06#

C. #06r

D. *1MEI#

You can interact with the Registry through intermediate programs. Graphical user interface (GUI) Registry editors such as Regedit.exe or Regedt32 exe are commonly used as intermediate programs in Windows 7. Which of the following is a root folder of the registry editor?

A. HKEY_USERS

B. HKEY_LOCAL_ADMIN

C. HKEY_CLASSES_ADMIN

D. HKEY_CLASSES_SYSTEM

Web applications provide an Interface between end users and web servers through a set of web pages that are generated at the server-end or contain script code to be executed dynamically within the client Web browser.

A. True

B. False

Windows Security Event Log contains records of login/logout activity or other security-related events specified by the system's audit policy. What does event ID 531 in Windows Security Event Log indicates?

A. A user successfully logged on to a computer

B. The logon attempt was made with an unknown user name or a known user name with a bad password

C. An attempt was made to log on with the user account outside of the allowed time

D. A logon attempt was made using a disabled account

Email spoofing refers to:

A. The forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source

B. The criminal act of sending an illegitimate email, falsely claiming to be from a legitimate site in an attempt to acquire the user's personal or account information

C. Sending huge volumes of email to an address in an attempt to overflow the mailbox or overwhelm the server where the email address Is hosted to cause a denial-of-service attack

D. A sudden spike of "Reply All" messages on an email distribution list, caused by one misdirected message

Graphics Interchange Format (GIF) is a ___________RGB bitmap Image format for Images with up to 256 distinct colors per frame.

A. 8-bit

B. 16-bit

C. 24-bit

D. 32-bit

Smith, as a part his forensic investigation assignment, has seized a mobile device. He was asked to recover the Subscriber Identity Module (SIM card) data the mobile device. Smith found that the SIM was protected by a Personal identification Number (PIN) code but he was also aware that people generally leave the PIN numbers to the defaults or use easily guessable numbers such as 1234. He unsuccessfully tried three PIN numbers that blocked the SIM card. What Jason can do in this scenario to reset the PIN and access SIM data?

A. He should contact the device manufacturer for a Temporary Unlock Code (TUK) to gain access to the SIM

B. He cannot access the SIM data in this scenario as the network operators or device manufacturers have no idea about a device PIN

C. He should again attempt PIN guesses after a time of 24 hours

D. He should ask the network operator for Personal Unlock Number (PUK) to gain access to the SIM