EC-COUNCIL EC1-349 問題集

質問 1：
Data is striped at a byte level across multiple drives and parity information is distributed among all member drives.

What RAID level is represented here?
A. RAID Level 1
B. RAID Level 3
C. RAID Level 5
D. RAID Level0
正解：C

質問 2：
What is the First Step required in preparing a computer for forensics investigation?
A. Suspend automated document destruction and recycling policies that may pertain to any relevant media or users at Issue
B. Secure any relevant media
C. Do not turn the computer off or on, run any programs, or attempt to access data on a computer
D. Identify the type of data you are seeking, the Information you are looking for, and the urgency level of the examination
正解：C

質問 3：
How do you define forensic computing?
A. It is the science of capturing, processing, and investigating data security incidents and making it acceptable to a court of law.
B. It is the administrative and legal proceeding in the process of forensic investigation
C. It is a methodology of guidelines that deals with the process of cyber investigation
D. It Is a preliminary and mandatory course necessary to pursue and understand fundamental principles of ethical hacking
正解：A

質問 4：
Attackers can manipulate variables that reference files with "dot-dot-slash (./)" sequences and their variations such as http://www.juggyDoy.corn/GET/process.php./././././././././etc/passwd.
Identify the attack referred.
A. Directory traversal
B. XSS attack
C. File injection
D. SQL Injection
正解：A

質問 5：
Task list command displays a list of applications and services with their Process ID (PID) for all tasks running on either a local or a remote computer.
Which of the following task list commands provides information about the listed processes, including the image name, PID, name, and number of the session for the process?
A. tasklist/p
B. tasklist/s
C. tasklist/u
D. tasklist/v
正解：D

質問 6：
Smith, as a part his forensic investigation assignment, has seized a mobile device. He was asked to recover the Subscriber Identity Module (SIM card) data the mobile device. Smith found that the SIM was protected by a Personal identification Number (PIN) code but he was also aware that people generally leave the PIN numbers to the defaults or use easily guessable numbers such as 1234. He unsuccessfully tried three PIN numbers that blocked the SIM card. What Jason can do in this scenario to reset the PIN and access SIM data?
A. He should contact the device manufacturer for a Temporary Unlock Code (TUK) to gain access to the SIM
B. He should again attempt PIN guesses after a time of 24 hours
C. He should ask the network operator for Personal Unlock Number (PUK) to gain access to the SIM
D. He cannot access the SIM data in this scenario as the network operators or device manufacturers have no idea about a device PIN
正解：C

質問 7：
What document does the screenshot represent?

A. Chain of custody form
B. Search warrant form
C. Expert witness form
D. Evidence collection form
正解：A

質問 8：
Which wireless standard has bandwidth up to 54 Mbps and signals in a regulated frequency spectrum around 5 GHz?
A. 802.11a
B. 802.11i
C. 802.11b
D. 802.11g
正解：A