EC0-349 Online Practice Questions and Answers

In Linux, what is the smallest possible shellcode?

A. 24 bytes

B. 8 bytes

C. 800 bytes

D. 80 bytes

When should an MD5 hash check be performed when processing evidence?

A. After the evidence examination has been completed

B. On an hourly basis during the evidence examination

C. Before and after evidence examination

D. Before the evidence examination has been completed

Cylie is investigating a network breach at a state organization in Florida. She discovers that the intruders were able to gain access into the company firewalls by overloading them with IP packets. Cylie then

discovers through her investigation that the intruders hacked into the company phone system and used the hard drives on their PBX system to store shared music files. What would this attack on the company PBX system be called?

A. Phreaking

B. Squatting

C. Crunching

D. Pretexting

In the following email header, where did the email first originate from?

A. Somedomain.com

B. Smtp1.somedomain.com

C. Simon1.state.ok.gov.us

D. David1.state.ok.gov.us

When investigating a wireless attack, what information can be obtained from the DHCP logs?

A. The operating system of the attacker and victim computers

B. IP traffic between the attacker and the victim

C. MAC address of the attacker

D. If any computers on the network are running in promiscuous mode

Which legal document allows law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime?

A. bench warrant

B. wire tap

C. subpoena

D. search warrant

What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever the course of its lifetime?

A. forensic duplication of hard drive

B. analysis of volatile data

C. comparison of MD5 checksums

D. review of SIDs in the Registry

This is original file structure database that Microsoft originally designed for floppy disks. It is written to the outermost track of a disk and contains information about each file stored on the drive.

A. Master Boot Record (MBR)

B. Master File Table (MFT)

C. File Allocation Table (FAT)

D. Disk Operating System (DOS)

Chris has been called upon to investigate a hacking incident reported by one of his clients. The company suspects the involvement of an insider accomplice in the attack. Upon reaching the incident scene, Chris secures the physical area, records the scene using visual media. He shuts the system down by pulling the power plug so that he does not disturb the system in any way. He labels all cables and connectors prior to disconnecting any. What do you think would be the next sequence of events?

A. Connect the target media; prepare the system for acquisition; Secure the evidence; Copy the media

B. Prepare the system for acquisition; Connect the target media; copy the media; Secure the evidence

C. Connect the target media; Prepare the system for acquisition; Secure the evidence; Copy the media

D. Secure the evidence; prepare the system for acquisition; Connect the target media; copy the media

When cataloging digital evidence, the primary goal is to

A. Make bit-stream images of all hard drives

B. Preserve evidence integrity

C. Not remove the evidence from the scene

D. Not allow the computer to be turned off