Http://www.passcert.com
The safer , easier way to help you pass any IT exams.
1 / 6
Exam
: EC0-349
Title
:
Version : DEMO
Computer Hacking Forensic
Investigator
The safer , easier way to help you pass any IT exams.
2 / 6
1. What is the last bit of each pixel byte in an image called?
A.Last significant bit
B.Least significant bit
C.Least important bit
D.Null bit
Answer: B
2. Which forensic investigating concept trails the whole incident from how the attack began to how the
victim was
affected?
A.Point-to-point
B.End-to-end
C.Thorough
D.Complete event analysis
Answer: B
3. When a router receives an update for its routing table, what is the metric value change to that path?
A.Increased by 2
B.Decreased by 1
C.Increased by 1
D.Decreased by 2
Answer: C
4. Which legal document allows law enforcement to search an office, place of business, or other locale for
evidence relating to an alleged crime?
A.Search warrant
B.Subpoena
C.Wire tap
D.Bench warrant
Answer: A
5. What hashing method is used to password protect Blackberry devices?
A.AES
B.RC5
C.MD5
D.SHA-1
Answer: D
6. You are working as an independent computer forensics investigator and receive a call from a systems
administrator for a local school system requesting
your assistance. One of the students at the local high school is suspected of downloading inappropriate
images from the Internet to a PC in the Computer Lab.
When you arrive at the school, the systems administrator hands you a hard drive and tells you that he
made a simple backup copy of the hard drive in the PC
The safer , easier way to help you pass any IT exams.
3 / 6
and put it on this drive and requests that you examine the drive for evidence of the suspected images. You
inform him that a simple backup copy will not provide deleted files or recover file fragments. What type of
copy do you need to make to ensure that the evidence found is complete and admissible in futur