EC0-349 Online Practice Questions and Answers

In Linux, what is the smallest possible shellcode?

A. 24 bytes

B. 8 bytes

C. 800 bytes

D. 80 bytes

If a PDA is seized in an investigation while the device is turned on, what would be the proper procedure?

A. Keep the device powered on

B. Turn off the device immediately

C. Remove the battery immediately

D. Remove any memory cards immediately

What hashing method is used to password protect Blackberry devices?

A. AES

B. RC5

C. MD5

D. SHA-1

The following is a log file screenshot from a default installation of IIS 6.0.

What time standard is used by IIS as seen in the screenshot?

A. UTC

B. GMT

C. TAI

D. UT

A small law firm located in the Midwest has possibly been breached by a computer hacker looking to obtain information on their clientele. The law firm does not have any on-site IT employees, but wants to search for evidence of the breach themselves to prevent any possible media attention. Why would this not be recommended?

A. Searching for evidence themselves would not have any ill effects

B. Searching could possibly crash the machine or device

C. Searching creates cache files, which would hinder the investigation D. Searching can change date/time stamps

On an Active Directory network using NTLM authentication, where on the domain controllers are the passwords stored?

A. SAM

B. AMS

C. Shadow file

D. Password.conf

Which legal document allows law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime?

A. bench warrant

B. wire tap

C. subpoena

D. search warrant

Diskcopy is:

A. a utility by AccessData

B. a standard MS-DOS command

C. Digital Intelligence utility

D. dd copying tool

An Employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the Employees Computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekend. You detain the Employee before he leaves the building and recover the floppy disks and secure his computer. Will you be able to break the encryption so that you can verify that that the employee was in possession of the proprietary information?

A. EFS uses a 128-bit key that can't be cracked, so you will not be able to recover the information

B. When the encrypted file was copied to the floppy disk, it was automatically unencrypted, so you can recover the information.

C. The EFS Revoked Key Agent can be used on the Computer to recover the information

D. When the Encrypted file was copied to the floppy disk, the EFS private key was also copied to the floppy disk, so you can recover the information.

Jessica works as systems administrator for a large electronics firm. She wants to scan her network quickly to detect live hosts by using ICMP ECHO Requests. What type of scan is Jessica going to perform?

A. Tracert

B. Smurf scan

C. Ping trace

D. ICMP ping sweep