Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
EC1-349 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Dumpsleader ECCouncil EC1-349 Dumps with VCE and PDF 171-180

September 23, 2017

EnsurePass
2017 Sep ECCouncil Official New Released EC1-349
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/EC1-349.html

ECCouncil Computer Hacking Forensic Investigator

Question No: 171 – (Topic 2)

You are working for a large clothing manufacturer as a computer forensics investigator and are called in to investigate an unusual case of an employee possibly stealing clothing designs from the company and selling them under a different brand name for a different

company. What you discover during the course of the investigation is that the clothing designs are actually original products of the employee and the company has no policy against an employee selling his own designs on his own time. The only thing that you can find that the employee is doing wrong is that his clothing design incorporates the same graphic symbol as that of the company with only the wording in the graphic being different. What area of the law is the employee violating?

  1. Copyright law

  2. Brandmark law

  3. Trademark law

  4. Printright law

Answer: C

Question No: 172 – (Topic 2)

You have compromised a lower-level administrator account on an Active Directory network of a small company in Dallas, Texas. You discover Domain Controllers through enumeration. You connect to one of the Domain Controllers on port 389 using ldp.exe.

What are you trying to accomplish here?

  1. Enumerate domain user accounts and built-in groups

  2. Enumerate MX and A records from DNS

  3. Establish a remote connection to the Domain Controller

  4. Poison the DNS records with false records

Answer: A

Question No: 173 – (Topic 2)

Printing under a Windows Computer normally requires which one of the following files types to be created?

  1. EME

  2. MEM

  3. EMF

  4. CME

Answer: C

Question No: 174 – (Topic 2)

A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker . Given below is an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by studying the log. Please note that you are required to infer only what is explicit in the excerpt.

(Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.)

03/15-20:21:24.107053 211.185.125.124:3500 -gt; 172.16.1.108:111

TCP TTL:43 TOS:0x0 ID:29726 IpLen:20 DgmLen:52 DF

***A**** Seq: 0x9B6338C5 Ack: 0x5820ADD0 Win: 0x7D78 TcpLen: 32 TCP Options (3) =gt; NOP NOP TS: 23678634 2878772

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

=

03/15-20:21:24.452051 211.185.125.124:789 -gt; 172.16.1.103:111

UDP TTL:43 TOS:0x0 ID:29733 IpLen:20 DgmLen:84

Len: 64

01 0A 8A 0A 00 00 00 00 00 00 00 02 00 01 86 A0 …………….

00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 00 …………….

00 00 00 00 00 00 00 00 00 01 86 B8 00 00 00 01 …………….

00 00 00 11 00 00 00 00 ……..

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

=

03/15-20:21:24.730436 211.185.125.124:790 -gt; 172.16.1.103:32773

UDP TTL:43 TOS:0x0 ID:29781 IpLen:20 DgmLen:1104 Len: 1084

47 F7 9F 63 00 00 00 00 00 00 00 02 00 01 86 B8 G..c…………

00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 20 ……………

3A B1 5E E5 00 00 00 09 6C 6F 63 61 6C 68 6F 73 :.^…..localhost

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

= =

03/15-20:21:36.539731 211.185.125.124:4450 -gt; 172.16.1.108:39168

TCP TTL:43 TOS:0x0 ID:31660 IpLen:20 DgmLen:71 DF

***AP*** Seq: 0x9C6D2BFF Ack: 0x59606333 Win: 0x7D78 TcpLen: 32 TCP Options (3) =gt; NOP NOP TS: 23679878 2880015

63 64 20 2F 3B 20 75 6E 61 6D 65 20 2D 61 3B 20 cd /; uname -a;

69 64 3B id;

  1. The attacker has conducted a network sweep on port 111

  2. The attacker has scanned and exploited the system using Buffer Overflow

  3. The attacker has used a Trojan on port 32773

  4. The attacker has installed a backdoor

Answer: A

Question No: 175 – (Topic 2)

When obtaining a warrant it is important to:

  1. particularly describe the place to be searched and particularly describe the items to be seized

  2. generally describe the place to be searched and particularly describe the items to be seized

  3. generally describe the place to be searched and generally describe the items to be seized

  4. particularly describe the place to be searched and generally describe the items to be seized

Answer: A

Question No: 176 – (Topic 2)

Harold is finishing up a report on a case of network intrusion, corporate spying, and embezzlement that he has been working on for over six months. He is trying to find the right term to use in his report to describe network-enabled spying. What term should Harold use?

  1. Spycrack

  2. Spynet

  3. Netspionage

  4. Hackspionage

Answer: C

Question No: 177 – (Topic 2)

You have been asked to investigate after a user has reported a threatening e-mail they have received from an external source. Which of the following are you most interested in when trying to trace the source of the message?

  1. The X509 Address

  2. The SMTP reply Address

  3. The E-mail Header

  4. The Host Domain Name

Answer: C

Question No: 178 – (Topic 2)

Jones had been trying to penetrate a remote production system for the past two weeks. This time however, he is able to get into the system. He was able to use the system for a period of three weeks. However law enforcement agencies were recording his every activity and this was later presented as evidence. The organization had used a virtual environment to trap Jones. What is a virtual environment?

  1. A system using Trojaned commands

  2. A honeypot that traps hackers

  3. An environment set up after the user logs in

  4. An environment set up before an user logs in

Answer: B

Question No: 179 – (Topic 2)

Windows identifies which application to open a file with by examining which of the following?

  1. The File extension

  2. The file attributes

  3. The file Signature at the end of the file

  4. The file signature at the beginning of the file

Answer: A

Question No: 180 – (Topic 2)

In what way do the procedures for dealing with evidence in a criminal case differ from the procedures for dealing with evidence in a civil case?

  1. evidence must be handled in the same way regardless of the type of case

  2. evidence procedures are not important unless you work for a law enforcement agency

  3. evidence in a criminal case must be secured more tightly than in a civil case

  4. evidence in a civil case must be secured more tightly than in a criminal case

Answer: C

100% Free Download!
Download Free Demo:EC1-349 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass EC1-349 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE