Exam Title

: EC-Council EC0-349 : E-Commerce Architect

Version : R6.1

www.Prepking.com

Prepking - King of Computer Certification Important Information, Please Read Carefully

Other Prepking products A) Offline Testing engine Use the offline Testing engine product to practice the questions in an exam environment. B) Study Guide (not available for all exams) Build a foundation of knowledge which will be useful also after passing the exam. Latest Version We are constantly reviewing our products. New material is added and old material is updated. Free updates are available for 90 days after the purchase. You should check your member zone at Prepking and update 3-4 days before the scheduled exam date. Here is the procedure to get the latest version: 1.Go towww.Prepking.com 2.Click on Member zone/Log in (right side) 3. Then click My Account 4.The latest versions of all purchased products are downloadable from here. Just click the links. For most updates,it is enough just to print the new questions at the end of the new version, not the whole document. Feedback If you spot a possible improvement then please let us know. We always interested in improving product quality. Feedback should be send to feedback@Prepking.com. You should include the following: Exam number, version, page number, question number, and your login ID. Our experts will answer your mail promptly. Copyright Each PDF file contains a unique serial number associated with your particular name and contact information for security purposes. So if we find out that a particular PDF file is being distributed by you, Prepking reserves the right to take legal action against you according to the International Copyright Laws. Explanations This product does not include explanations at the moment. If you are interested in providing explanations for this exam, please contact feedback@Prepking.com.

www.Prepking.com

 1. What is the last bit of each pixel byte in an image called? A.Last significant bit B.Least significant bit C.Least important bit D.Null bit Answer: B 2. Which forensic investigating concept trails the whole incident from how the attack began to how the victim was affected? A.Point-to-point B.End-to-end C.Thorough D.Complete event analysis Answer: B 3. When a router receives an update for its routing table, what is the metric value change to that path? A.Increased by 2 B.Decreased by 1 C.Increased by 1 D.Decreased by 2 Answer: C 4. Which legal document allows law enforcement to search an office, place of business, or other locale for evidence relating to an alleged crime? A.Search warrant B.Subpoena C.Wire tap D.Bench warrant Answer: A 5. What hashing method is used to password protect Blackberry devices? A.AES B.RC5 C.MD5 D.SHA-1 Answer: D 6. You are working as an independent computer forensics investigator and receive a call from a systems administrator for a local school system requesting

www.Prepking.com

 your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer Lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a simple backup copy of the hard drive in the PC and put it on this drive and requests that you examine the drive for evidence of the suspected images. You inform him that a simple backup copy will not provide deleted files or recover file fragments. What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceedings? A.Bit-stream copy B.Robust copy C.Full backup copy D.Incremental backup copy Answer: A 7. In conducting a computer abuse investigation you become aware that the suspect of the investigation is using ABC Company as his Internet Service Provider (ISP). You contact the ISP and request that they provide you assistance with your investigation. What assistance can the ISP provide? A.The ISP can investigate anyone using their service and can provide you with assistance B.The ISP can investigate computer abuse committed by their employees, but must preserve the privacy of their customers and therefore cannot assist you without a warrant C.The ISP cannot conduct any type of investigations on anyone and therefore cannot assist you D.ISPs never maintain log files so they would be of no use to your investigation Answer: B 8. The efforts to obtain information before a trial by demanding documents, depositions, questions and Answers written under oath, written requests for admissions of fact, and examination of the scene is a description of what legal term? A.Detection B.Hearsay C.Spoliation D.Discovery Answer: D 9. What information do you need to recover when searching a victims computer for a crime committed with specific e-mail message?
www.Prepking.com

 A.Internet service provider information B.E-mail header C.Username and password D.Firewall log Answer: B 10. A forensics investigator needs to copy data from a computer to some type of removable media so he can examine the information at another location. The problem is that the data is around 42GB in size. What type of removable media could the investigator use? A.Blu-Ray single-layer B.HD-DVD C.Blu-Ray dual-layer D.DVD-18 Answer: C 11. Sectors in hard disks typically contain how many bytes? A.256 B.512 C.1024 D.2048 Answer: B 12. A suspect is accused of violating the acceptable use of computing resources, as he has visited adult websites and downloaded images. The investigator wants to demonstrate that the suspect did indeed visit these sites. However, the suspect has cleared the search history and emptied the cookie cache. Moreover, he has removed any images he might have downloaded. What can the investigator do to prove the violation? Choose the most feasible option. A.Image the disk and try to recover deleted files B.Seek the help of co-workers who are eye-witnesses C.Check the Windows registry for connection data (You may or may not recover) D.Approach the websites for evidence Answer: A 13. In the following Linux command, what is the outfile? dd if=/usr/bin/personal/file.txt of=/var/bin/files/file.txt A./usr/bin/personal/file.txt B./var/bin/files/file.txt C./bin/files/file.txt
www.Prepking.com

 D.There is not outfile specified Answer: B 14. What will the following Linux command accomplish? dd if=/dev/mem of=/home/sam/mem.bin bs=1024 A.Copy the master boot record to a file B.Copy the contents of the system folder mem to a file C.Copy the running memory to a file D.Copy the memory dump file to an image file Answer: C 15. Madison is on trial for allegedly breaking into her universitys internal network. The police raided her dorm room and seized all of her computer equipment. Madisons lawyer is trying to convince the judge that the seizure was unfounded and baseless. Under which US Amendment is Madisons lawyer trying to prove the police violated? A.The 10th Amendment B.The 5th Amendment C.The 1st Amendment D.The 4th Amendment Answer: D 16. While searching through a computer under investigation, you discover numerous files that appear to have had the first letter of the file name replaced by the hex code byte E5h. What does this indicate on the computer? A.The files have been marked as hidden B.The files have been marked for deletion C.The files are corrupt and cannot be recovered D.The files have been marked as read-only Answer: B 17. Why is it still possible to recover files that have been emptied from the Recycle Bin on a Windows computer? A.The data is still present until the original location of the file is used B.The data is moved to the Restore directory and is kept there indefinitely C.The data will reside in the L2 cache on a Windows computer until it is manually deleted D.It is not possible to recover data that has been emptied from the Recycle Bin Answer: A 18. A forensics investigator is searching the hard drive of a computer for files that were recently moved to
www.Prepking.com

 the Recycle Bin. He searches for files in C:\RECYCLED using a command line tool but does not find anything. What is the reason for this? A.He should search in C:\Windows\System32\RECYCLED folder B.The Recycle Bin does not exist on the hard drive C.The files are hidden and he must use a switch to view them D.Only FAT system contains RECYCLED folder and not NTFS Answer: C 19. When carrying out a forensics investigation, why should you never delete a partition on a dynamic disk? A.All virtual memory will be deleted B.The wrong partition may be set to active C.This action can corrupt the disk D.The computer will be set in a constant reboot state Answer: C 20. A picture file is recovered from a computer under investigation. During the investigation process, the file is enlarged 500% to get a better view of its contents. The pictures quality is not degraded at all from this process. What kind of picture is this file? A.Raster image B.Vector image C.Metafile image D.Catalog image Answer: B 21. If you are concerned about a high level of compression but not concerned about any possible data loss, what type of compression would you use? A.Lossful compression B.Lossy compression C.Lossless compression D.Time-loss compression Answer: B 22. When searching through file headers for picture file formats, what should be searched to find a JPEG file in hexadecimal format? A.FF D8 FF E0 00 10 B.FF FF FF FF FF FF C.FF 00 FF 00 FF 00 D.EF 00 EF 00 EF 00 Answer: A
www.Prepking.com

 23. A state department site was recently attacked and all the servers had their hard disks erased. The incident response team sealed the area and commenced investigation. During evidence collection, they came across a zip disk that did not have the standard labeling on it. The incident team ran the disk on an isolated system and found that the system disk was accidently erased. They decided to call in the FBI for further investigation. Meanwhile, they short listed possible suspects including three summer interns. Where did the incident team go wrong? A.They examined the actual evidence on an unrelated system B.They attempted to implicate personnel without proof C.They tampered with the evidence by using it D.They called in the FBI without correlating with the fingerprint data Answer: C 24. Under confession, an accused criminal admitted to encrypting child pornography pictures and then hiding them within other pictures. What technique did the accused criminal employ? A.Typography B.Steganalysis C.Picture encoding D.Steganography Answer: D 25. What is considered a grant of a property right given to an individual who discovers or invents a new machine, process, useful composition of matter or manufacture? A.Copyright B.Design patent C.Trademark D.Utility patent Answer: D 26. Heather, a computer forensics investigator, is assisting a group of investigators working on a large computer fraud case involving over 20 people. These 20 people, working in different offices, allegedly siphoned off money from many different client accounts. Heathers responsibility is to find out how the accused people communicated between each other. She has searched their email and their computers and has not found any useful evidence. Heather then finds some possibly useful evidence under the desk of one of the accused. In an envelope
www.Prepking.com

 she finds a piece of plastic with numerous holes cut out of it. Heather then finds the same exact piece of plastic with holes at many of the other accused peoples desks. Heather believes that the 20 people involved in the case were using a cipher to send secret messages in between each other. What type of cipher was used by the accused in this case? A.Grill cipher B.Null cipher C.Text semagram D.Visual semagram Answer: A 27. What technique is used by JPEGs for compression? A.ZIP B.TCD C.DCT D.TIFF-8 Answer: C 28. If a PDA is seized in an investigation while the device is turned on, what would be the proper procedure? A.Keep the device powered on B.Turn off the device immediately C.Remove the battery immediately D.Remove any memory cards immediately Answer: A 29. George was recently fired from his job as an IT analyst at Pitts and Company in Dallas Texas. His main duties as an analyst were to support the companys Active Directory structure and to create network polices. George now wants to break into the companys network by cracking some of the service accounts he knows about. Which password cracking technique should George use in this situation? A.Brute force attack B.Syllable attack C.Rule-based attack D.Dictionary attack Answer: C 30. What is one method of bypassing a system BIOS password? A.Removing the processor
www.Prepking.com

 B.Removing the CMOS battery C.Remove all the systems memory D.Login to Windows and disable the BIOS password Answer: B 31. On an Active Directory network using NTLM authentication, where on the domain controllers are the passwords stored? A.SAM B.AMS C.Shadow file D.Password.conf Answer: A 32. Why would an investigator use Visual TimeAnalyzer when investigating a computer used by numerous users? A.To see if the Kerberos ticket time is in sync with the rest of the domain B.To see if any of the users changed the system time on the computer C.To see how long each user utilized different programs D.To see if any of the users were able to change their local permission Answer: C 33. Jones had been trying to penetrate a remote production system for the past two weeks. This time however, he is able to get into the system. He was able to use the system for a period of three weeks. However law enforcement agencies were recording his every activity and this was later presented as evidence. The organization had used a virtual environment to trap Jones. What is a virtual environment? A.A system using Trojaned commands B.A honeypot that traps hackers C.An environment set up after the user logs in D.An environment set up before an user logs in Answer: B 34. What advantage does the tool Evidor have over the built-in Windows search? A.It can find deleted files even after they have been physically removed B.It can find bad sectors on the hard drive C.It can search slack space D.It can find files hidden within ADS Answer: C 35. When compared to similar tools, why is the tool Forensic Sorter considered faster at processing files
www.Prepking.com

100% Pass Guaranteed or Full Refund Word to Word Real Exam Questions from Real Test Buy full version of exam from this link below http://www.prepking.com/EC0-349.htm